IMQ and marking

IMQ and marking

[Fabio Marcone]

Hi!
I'm studying how to introduce traffic shaping in a linux router 
(debian). I mark packets in prerouting using mac source to forward 
packets on a selected WAN interface.
I need to use mangle in PREROUTING to send packects (in input) to a imqX 
interface.
Is there a conflict between mark and IMQ?
If so, how it can be solved?

Thanks in advance,
Fabio Marcone

Re: IMQ and marking

[Fabio Marcone]

In a post in a forum I see this:
iptables -t mangle -A PREROUTING -m owner --pid-owner <PID of process> - 
-j MARK --set-mark 2
iptables -t mangle -A PREROUTING -j IMQ --todev 0

the second rule is used? so, rule matching in mangle table is not blocking?

Fabio
> Hi!
> I'm studying how to introduce traffic shaping in a linux router 
> (debian). I mark packets in prerouting using mac source to forward 
> packets on a selected WAN interface.
> I need to use mangle in PREROUTING to send packects (in input) to a 
> imqX interface.
> Is there a conflict between mark and IMQ?
> If so, how it can be solved?
>
> Thanks in advance,
> Fabio Marcone
> -- 
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: IMQ and marking

[Pascal Hambourg]

Fabio Marcone a écrit :
> In a post in a forum I see this:
> iptables -t mangle -A PREROUTING -m owner --pid-owner <PID of process> - 
> -j MARK --set-mark 2
> iptables -t mangle -A PREROUTING -j IMQ --todev 0
> 
> the second rule is used? so, rule matching in mangle table is not blocking?

Whether a matching rule stops further rule examination, if this is what 
you mean, depends on the target. MARK is not a terminal target. It is 
not specific to the mangle table, although (most if not all) 
mangle-specific targets are non terminal whereas filter and nat-specific 
targets are terminal.

Re: IMQ and marking

[Покотиленко Костик]

В Вто, 21/07/2009 в 16:21 +0200, Fabio Marcone пишет:
> In a post in a forum I see this:
> iptables -t mangle -A PREROUTING -m owner --pid-owner <PID of process> - 
> -j MARK --set-mark 2


> iptables -t mangle -A PREROUTING -j IMQ --todev 0

This rule just tells the kernel to put this packet to imq0 device just
after the mangle table is processed, not immediatelly. So it is safe and
good practice to place those rules closer to the top.

> the second rule is used? so, rule matching in mangle table is not blocking?
> 
> Fabio
> > Hi!
> > I'm studying how to introduce traffic shaping in a linux router 
> > (debian). I mark packets in prerouting using mac source to forward 
> > packets on a selected WAN interface.
> > I need to use mangle in PREROUTING to send packects (in input) to a 
> > imqX interface.
> > Is there a conflict between mark and IMQ?
> > If so, how it can be solved?
> >
> > Thanks in advance,
> > Fabio Marcone
> > -- 
> > To unsubscribe from this list: send the line "unsubscribe netfilter" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
-- 
Покотиленко Костик <casper@meteor.dp.ua>