Re: [LARTC] can I use tos and fwmark at the same time?

[psihozefir <sorin.panca@gmail.com>]

Andy Furniss <andy.furniss@dsl.pipex.com> wrote:

    I only skimmed through - the lack of CRs make it a bit difficult to read.

    One thing to note is that unlike htb, prio 1 is the top prio for filters
    - and you use prio 0 for the metro so this filter won't see traffic that
    has already been fclassified by the prio 1 tos filter.

    Also when using tos be aware that some apps set it - so there could be
    other traffic than that set by the iptables rules.

    Andy.

I pasted the script from kwrite to Mozilla suite composer. I don't
know why there are no CRs. :(
I know that applications set the tos field (and I hope programmers
know if they are supposed to set it or not, and that they don't
cheat). I rely on this.
I will correct the prio error. My question still remains: is it
possible to use tos AND fwmark in the same rule (and the effect be an
AND - like in iptables, not an OR)?

My script:

#!/bin/bash
tc=/sbin/tc
u=kbit;U=Mbit
RATE%6
metro=1
for dev in ` echo eth0 eth1 `; do
    $tc qdisc del dev $dev root &>/dev/null
    $tc qdisc add dev $dev root handle 1: htb default FF

    # class default - non-priorized traffic
    $tc class add dev $dev parent 1: classid 1:1 \
         htb rate $RATE$u ceil $[$RATE-16]$u
    $tc class add dev $dev parent 1:1 classid 1:FF \
         htb rate 1$u ceil $[$RATE-16]$u prio 1
    $tc qdisc add dev $dev parent 1:FF handle FF: sfq perturb 10

    # priorized traffic - Internet (TOS = Minimize-Delay)
    $tc class add dev $dev parent 1:1 classid 1:2\
         htb rate $[$RATE-16]$u ceil $[$RATE-16]$u burst 16k prio 0
    $tc filter add dev $dev parent 1: protocol ip prio 1\
         u32 match ip tos 0x10 0xff flowid 1:2
    $tc qdisc add dev $dev parent 1:2 handle 2: sfq perturb 10

    # metropolitan (MARK = 1)
    $tc class add dev $dev parent 1: classid 1:3 htb rate 100$U ceil 99$U
    $tc class add dev $dev parent 1:3 classid 1:FE htb rate 99$U ceil 99$U
    $tc qdisc add dev $dev parent 1:FE handle FE: sfq perturb 10
    $tc filter add dev $dev parent 1: protocol ip prio 0\
         handle $metro fw flowid 1:FE
done
EOF

The output of iptables-save (mangle PREROUTING):
 -A PREROUTING -p tcp -m tcp --sport 21:22 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --dport 21:22 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --sport 80 -j TS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --dport 80 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --dport 443 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --sport 443 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --sport 5050 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --dport 5050 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --dport 6667:7000 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --sport 6667:7000 -j TOS --set-tos 0x10
 -A PREROUTING -p tcp -m tcp --tcp-flags SYN ACK -j TOS --set-tos 0x10
 -A PREROUTING -s 82.77.124.128/255.255.255.224\
         -d 82.77.124.128/255.255.255.224 -j MARK --set-mark 0x1
 -A PREROUTING -s 82.77.124.128/255.255.255.224 -d 193.226.0.0/255.255.0.0\
         -j MARK --set-mark 0x1
 -A PREROUTING -s 193.226.0.0/255.255.0.0 -d 82.77.124.128/255.255.255.224\
         -j MARK --set-mark 0x1
 -A PREROUTING -s 192.129.0.0/255.255.0.0 -d 82.77.124.128/255.255.255.224\
         -j MARK --set-mark 0x1
 -A PREROUTING -s 82.77.124.128/255.255.255.224 -d 192.129.0.0/255.255.0.0\
         -j MARK --set-mark 0x1

Thank you!
Sorin.

P.S. I changed my registered e-mail address and I think I cannot post
from the old one, from which I received the message I now reply.
Please BCC my new address. Thank you!
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc