From: GGounot <g.gounot@laposte.net>
To: lartc@vger.kernel.org
Subject: Re: Hook location of IMQ
Date: Thu, 23 Oct 2014 20:25:00 +0000 [thread overview]
Message-ID: <5449641C.3040301@laposte.net> (raw)
In-Reply-To: <3b7201cfd204$1e118300$5a348900$@telsatbb.vu>
Hi.
If you want to limit bandwidth to clients, I suppose the Linux box
you're working on forwards packets to the clients. So Why do you shape
traffic on ingress (that what I understand because you use IMQ) ? Why
don't you use classical egress shaping ?
You must note that you cannot use iptables/mangle to mark packets going
to IFB (I've never used IMQ) :
http://www.mail-archive.com/lartc@mailman.ds9a.nl/msg15545.html
Le 21/10/2014 13:15, Steve (Telsat Broadband) a écrit :
> Hi All/GGounot,
>
> I've had a good review of the IFB, but it doesn't seem to have very good
> documentation on its usage/implementation (that I've found anyway).
>
> IMQ has worked very well for my purpose, but the only issue I have is where
> it is hooking. I need a place (after PRE-ROUTING NAT) to be able to mark
> packets and then count the ones successfully delivered after they've passed
> through IMQ.
>
> The best place I could find would be to have IMQ hook in 'before' the mangle
> table in POSTROUTING.
>
> I'm not that familiar with NF hooks, but would it be possible to modify this
> in some way to have IMQ hook in before the mangle table in PostRouting?
>
> /* imq_egress_ipv4 */
> .hook = imq_nf_hook,
> .owner = THIS_MODULE,
> .pf = PF_INET,
> .hooknum = NF_INET_POST_ROUTING,
> #if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA)
> .priority = NF_IP_PRI_LAST,
> #else
> .priority = NF_IP_PRI_NAT_SRC - 1,
> #endif
> },
>
>
> Thanks.
> Steve.
>
>
>
> -----Original Message-----
> From: Steve (Telsat Broadband) [mailto:steve@telsatbb.vu]
> Sent: Wednesday, 17 September 2014 8:43 PM
> To: 'GGounot'; 'lartc@vger.kernel.org'
> Subject: RE: Hook location of IMQ
>
> Hi GGounot,
>
> No, to be honest, I'd never even heard of IFB. I'm reviewing all the info
> now.
>
> Thanks very much for your reply.
>
> Thanks
> Steve
>
>
>
>
> -----Original Message-----
> From: GGounot [mailto:g.gounot@laposte.net]
> Sent: Wednesday, 17 September 2014 6:10 PM
> To: Steve (Telsat Broadband); lartc@vger.kernel.org
> Subject: Re: Hook location of IMQ
>
> Hi.
>
> Did you try IFB instead of IMQ ?
>
> "The Intermediate Functional Block device is the successor to the IMQ
> iptables module that was never integrated."
> http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb
>
>
> Le 17/09/2014 01:15, Steve (Telsat Broadband) a écrit :
>> Hi All,
>>
>> I've posted a couple of questions over on linuximq.net but the
>> discussion there seems quiet, so I'll try here to see if anyone here
>> can point me in the right direction.
>>
>> Currently I use IMQ devices and TC to limit bandwidth to clients; this
>> is all working very well, except that the byte counters I'm relying on
>> for counting the clients data seems to be 'before' IMQ does its work.
>>
>> For example; I've got rules in the 'mangle/forward' table for
>> assigning the clients data to the IMQ device and rules in the
>> 'filter/forward' table which matches the client's data and I'm counting
> their traffic from here.
>> However, according to this packet flow show on linuximq.net
>> (http://www.docum.org/docum.org/kptd/) the IMQ hook is after 'POSTROUTING'
>> which means that even though I'm using '-j IMQ' in the 'mangle/forward'
>> table to limit the bandwidth before counting; the counters are still
>> counting all packets; including dropped ones by IMQ.
>>
>> There doesn't seem to be any more 'chains' after the IMQ hook which I
>> could rely upon to 'count' the data after IMQ has done its job.
>>
>> I realise that when compiling the kernel, I can choose where IMQ hooks
>> in (before or after NAT); currently I have selected as 'AB'.
>>
>> What I'd like to know is;
>>
>> a) Is there something I'm missing; is there somewhere I can count the
>> packets after IMQ's work is done?
>> b) If not, is there some way I can modify the IMQ hook to be
>> in-between the 'mangle/forward' and 'filter/forward' chains.
>>
>> Any help/comments are greatly appreciated.
>>
>> Thanks
>> Steve.
>>
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>> the body of a message to majordomo@vger.kernel.org More majordomo info
>> at http://vger.kernel.org/majordomo-info.html
>>
>
>
>
next prev parent reply other threads:[~2014-10-23 20:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-16 23:15 Hook location of IMQ Steve (Telsat Broadband)
2014-09-17 7:09 ` GGounot
2014-09-17 9:42 ` Steve (Telsat Broadband)
2014-10-21 11:15 ` Steve (Telsat Broadband)
2014-10-23 20:25 ` GGounot [this message]
2014-10-23 21:04 ` Steve (Telsat Broadband)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5449641C.3040301@laposte.net \
--to=g.gounot@laposte.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.