From mboxrd@z Thu Jan 1 00:00:00 1970 From: GGounot Date: Thu, 23 Oct 2014 20:25:00 +0000 Subject: Re: Hook location of IMQ Message-Id: <5449641C.3040301@laposte.net> List-Id: References: <3b7201cfd204$1e118300$5a348900$@telsatbb.vu> In-Reply-To: <3b7201cfd204$1e118300$5a348900$@telsatbb.vu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org Hi. If you want to limit bandwidth to clients, I suppose the Linux box=20 you're working on forwards packets to the clients. So Why do you shape=20 traffic on ingress (that what I understand because you use IMQ) ? Why=20 don't you use classical egress shaping ? You must note that you cannot use iptables/mangle to mark packets going=20 to IFB (I've never used IMQ) :=20 http://www.mail-archive.com/lartc@mailman.ds9a.nl/msg15545.html Le 21/10/2014 13:15, Steve (Telsat Broadband) a =E9crit : > Hi All/GGounot, > > I've had a good review of the IFB, but it doesn't seem to have very good > documentation on its usage/implementation (that I've found anyway). > > IMQ has worked very well for my purpose, but the only issue I have is whe= re > it is hooking. I need a place (after PRE-ROUTING NAT) to be able to mark > packets and then count the ones successfully delivered after they've pass= ed > through IMQ. > > The best place I could find would be to have IMQ hook in 'before' the man= gle > table in POSTROUTING. > > I'm not that familiar with NF hooks, but would it be possible to modify t= his > in some way to have IMQ hook in before the mangle table in PostRouting? > > /* imq_egress_ipv4 */ > .hook =3D imq_nf_hook, > .owner =3D THIS_MODULE, > .pf =3D PF_INET, > .hooknum =3D NF_INET_POST_ROUTING, > #if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) > .priority =3D NF_IP_PRI_LAST, > #else > .priority =3D NF_IP_PRI_NAT_SRC - 1, > #endif > }, > > > Thanks. > Steve. > > > > -----Original Message----- > From: Steve (Telsat Broadband) [mailto:steve@telsatbb.vu] > Sent: Wednesday, 17 September 2014 8:43 PM > To: 'GGounot'; 'lartc@vger.kernel.org' > Subject: RE: Hook location of IMQ > > Hi GGounot, > > No, to be honest, I'd never even heard of IFB. I'm reviewing all the info > now. > > Thanks very much for your reply. > > Thanks > Steve > > > > > -----Original Message----- > From: GGounot [mailto:g.gounot@laposte.net] > Sent: Wednesday, 17 September 2014 6:10 PM > To: Steve (Telsat Broadband); lartc@vger.kernel.org > Subject: Re: Hook location of IMQ > > Hi. > > Did you try IFB instead of IMQ ? > > "The Intermediate Functional Block device is the successor to the IMQ > iptables module that was never integrated." > http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb > > > Le 17/09/2014 01:15, Steve (Telsat Broadband) a =E9crit : >> Hi All, >> >> I've posted a couple of questions over on linuximq.net but the >> discussion there seems quiet, so I'll try here to see if anyone here >> can point me in the right direction. >> >> Currently I use IMQ devices and TC to limit bandwidth to clients; this >> is all working very well, except that the byte counters I'm relying on >> for counting the clients data seems to be 'before' IMQ does its work. >> >> For example; I've got rules in the 'mangle/forward' table for >> assigning the clients data to the IMQ device and rules in the >> 'filter/forward' table which matches the client's data and I'm counting > their traffic from here. >> However, according to this packet flow show on linuximq.net >> (http://www.docum.org/docum.org/kptd/) the IMQ hook is after 'POSTROUTIN= G' >> which means that even though I'm using '-j IMQ' in the 'mangle/forward' >> table to limit the bandwidth before counting; the counters are still >> counting all packets; including dropped ones by IMQ. >> >> There doesn't seem to be any more 'chains' after the IMQ hook which I >> could rely upon to 'count' the data after IMQ has done its job. >> >> I realise that when compiling the kernel, I can choose where IMQ hooks >> in (before or after NAT); currently I have selected as 'AB'. >> >> What I'd like to know is; >> >> a) Is there something I'm missing; is there somewhere I can count the >> packets after IMQ's work is done? >> b) If not, is there some way I can modify the IMQ hook to be >> in-between the 'mangle/forward' and 'filter/forward' chains. >> >> Any help/comments are greatly appreciated. >> >> Thanks >> Steve. >> >> >> -- >> To unsubscribe from this list: send the line "unsubscribe lartc" in >> the body of a message to majordomo@vger.kernel.org More majordomo info >> at http://vger.kernel.org/majordomo-info.html >> > > >