Re: iproute2 action/policer question

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Paweł Staszewski" <pstaszewski@itcare.pl>
To: Jarek Poplawski <jarkao2@gmail.com>
Cc: jamal <hadi@cyberus.ca>,
	Linux Network Development list <netdev@vger.kernel.org>
Subject: Re: iproute2 action/policer question
Date: Mon, 15 Jun 2009 18:09:57 +0200	[thread overview]
Message-ID: <4A367255.5050604@itcare.pl> (raw)
In-Reply-To: <20090615145222.GA2767@ami.dom.local>

Jarek Poplawski pisze:
> On Mon, Jun 15, 2009 at 09:32:08AM -0400, jamal wrote:
>   
>> On Mon, 2009-06-15 at 11:19 +0000, Jarek Poplawski wrote:
>>
>>     
>>>> This is only a sample but is not working
>>>>         
>> It does seem to be working!
>> How did you reach conclusion it wasnt working?
>>
>>     
>>>>         Action statistics:
>>>>         Sent 42351 bytes 110 pkt (dropped 0, overlimits 32 requeues 0)
>>>>         rate 0bit 0pps backlog 0b 0p requeues 0
>>>>         
>> 32 packets hit the policer - double check your parameters please to make
>> sure they are correct.
>>     
>
>   
Yes. packets hits policer but second action dont drop packets.

Second is that in policer there is action to "-j MARK" mark packet but 
where i can catch this mark ? in iptables mangle i make some rules to 
match mark and make LOG target like this:
but iptables rules catch nothing.

Chain PREROUTING (policy ACCEPT 19M packets, 19G bytes)
 pkts bytes target     prot opt in     out     source               
 destination
     0     0 LOG        all  --  *      *       0.0.0.0/0            
 0.0.0.0/0           mark match 0x1 LOG flags 0 level 4

Chain POSTROUTING (policy ACCEPT 11M packets, 17G bytes)
  pkts bytes target     prot opt in     out     source               
 destination
     0     0 LOG        all  --  *      *       0.0.0.0/0            
 0.0.0.0/0           mark match 0x1 LOG flags 0 level 4


version of tools:
iptables -V
iptables v1.4.2
tc -V
tc utility, iproute2-ss090324



> Actually, I wonder if these "dropped 0" are OK here if we expect
> dropping.
>
>   
>>> According to iproute2/doc/actions/actions_general mangle targets
>>> should work; and you could also try (if it doesn't work then probably
>>> it can't be used...;-)
>>>       
>> They should all be usable. If something crashes, there is a bug
>> somewhere.
>>
>>     
>>> But... I'm neither able to configure/compile it with the current
>>> iproute2/iptables, nor test it with distro's builds (Debian testing).
>>> After some checking I found iproute2 needs updating, because iptables
>>> changes API (xtables.h) virtually with every new version, so I don't
>>> even blame the ipt author or distro maintainer.
>>>
>>>       
>> We are hopefully getting stable there. Anything on debian lenny
>> should be working with iptables 1.4.3; i expect at most "one last
>> change" (famous last words) to break backward compat as iptables 
>> moves from version 1.4.3.
>>     
>
> I've tried debian squeeze (testing) with: iptables v1.4.3.2, iproute2
> -ss090324, and action ipt -j MARK doesn't work. AFAIK debian lenny
> (stable) uses 1.4.2. I've also tried debian rescue probably based on
> lenny (with iptables 1.4.2), and it seemed it didn't work yet (I'll
> re-check this). When you have something new I'd be glad for Cc.
>
> Thanks more than always Jamal,
> Jarek P.
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>
>

next prev parent reply	other threads:[~2009-06-15 16:09 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-06-09 20:10 iproute2 action/policer question Paweł Staszewski
2009-06-15 11:19 ` Jarek Poplawski
2009-06-15 13:32   ` jamal
2009-06-15 14:52     ` Jarek Poplawski
2009-06-15 16:09       ` Paweł Staszewski [this message]
2009-06-15 16:37         ` Jarek Poplawski
2009-06-15 16:44           ` Jarek Poplawski
2009-06-15 17:08             ` Paweł Staszewski
2009-06-15 20:07               ` Jarek Poplawski
2009-06-16 12:04       ` jamal
2009-06-17  6:14         ` Jarek Poplawski
2009-06-17  6:28           ` Jarek Poplawski
2009-06-17  6:45             ` Jarek Poplawski
2009-06-17  9:01             ` Denys Fedoryschenko
2009-06-17  9:26               ` Jarek Poplawski
2009-06-17 13:09                 ` jamal
2009-06-17 13:30                   ` Andreas Henriksson
2009-06-17 19:43                   ` Jarek Poplawski
2009-06-18 13:19                     ` jamal
2009-06-18 18:39                       ` Jarek Poplawski
2009-06-15 21:47     ` [PATCH] " Jarek Poplawski
2009-06-16 12:07       ` jamal
2009-06-16 18:33     ` [PATCH v2] " Jarek Poplawski
2009-06-17  9:33       ` Paweł Staszewski
2009-06-18  1:57       ` David Miller
2009-06-15 16:13   ` Paweł Staszewski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A367255.5050604@itcare.pl \
    --to=pstaszewski@itcare.pl \
    --cc=hadi@cyberus.ca \
    --cc=jarkao2@gmail.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.