* Re: [LARTC] HTB: Filtering flat out not working :(g
@ 2002-02-28 8:35 bert hubert
2002-02-28 15:31 ` Tim Carr
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: bert hubert @ 2002-02-28 8:35 UTC (permalink / raw)
To: lartc
On Thu, Feb 28, 2002 at 09:31:14AM +0100, EGAL Vincent wrote:
> Tim Carr wrote:
>
> I guess that's because your router does masquerading so source addresses
> are changed , and filters don't match.
Exactly - queueing disciplines and their attached filters come *way* after
iptables or ipchains have doen their work.
If you need information from before mangling, you should use fwmark to tag
packets, and then filter based on that fwmark. How to do this is in the
HOWTO.
Regards,
bert
--
http://www.PowerDNS.com Versatile DNS Software & Services
http://www.tk the dot in .tk
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] HTB: Filtering flat out not working :(g
2002-02-28 8:35 [LARTC] HTB: Filtering flat out not working :(g bert hubert
@ 2002-02-28 15:31 ` Tim Carr
2002-03-01 7:50 ` Stef Coene
2002-03-01 10:06 ` bert hubert
2 siblings, 0 replies; 4+ messages in thread
From: Tim Carr @ 2002-02-28 15:31 UTC (permalink / raw)
To: lartc
>From: bert hubert <ahu@ds9a.nl>
>To: EGAL Vincent <egal@ipanematech.com>
>CC: Tim Carr <cygnusx__1@hotmail.com>, lartc@mailman.ds9a.nl
>Subject: Re: [LARTC] HTB: Filtering flat out not working :(g
>
>Exactly - queueing disciplines and their attached filters come *way* after
>iptables or ipchains have doen their work.
>
>If you need information from before mangling, you should use fwmark to tag
>packets, and then filter based on that fwmark. How to do this is in the
>HOWTO.
As i mentioned in the email, i've already tried this. No, the HOWTO does not
tell you how to do QoS with MARKing. It tells you how to MARK the packets,
and it tells you how to route the packets, but that's not what I want: I
want QoS, not policy-based routing etc. (I'm talking about this specific
part of the FAQ:
http://www.lartc.org/HOWTO//cvs/2.4routing/output/2.4routing-11.html )
So lets say I get MARKing set up succesfully (I have enough faith in myself,
I think i've got iptables down ok :) ).. with 'tc', how do I get packets
with the MARK of 11 to flowid 1:11, mark of 12 to 1:12, and so on? What's
the tc-cmd syntax?
Perhaps i'm supposed to use this complicated route classifier of tc? Eg.
have all packets assigned a realm thru ip route, then use tc to catch these
packets? This is more complicated, and I don't wish to mess with my routing
(i'm using "route", not "ip route", are these even compatible?). Ideally i'd
like to be able to simply grab the MARKed packets with tc, let me know if
this is possible.
One additional question from my previous email that didn't get answered,
that i'd like to know about: after adding the SFQ classes to the leafs of
the HTB (see first post with the script in it), am I supposed to be
attaching the filters to the 10: handles of the SFQs, or stay the way it is,
using the HTB children eg. 1:10 ?
Many thanks!
Tim Carr
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] HTB: Filtering flat out not working :(g
2002-02-28 8:35 [LARTC] HTB: Filtering flat out not working :(g bert hubert
2002-02-28 15:31 ` Tim Carr
@ 2002-03-01 7:50 ` Stef Coene
2002-03-01 10:06 ` bert hubert
2 siblings, 0 replies; 4+ messages in thread
From: Stef Coene @ 2002-03-01 7:50 UTC (permalink / raw)
To: lartc
> Perhaps i'm supposed to use this complicated route classifier of tc? Eg.
> have all packets assigned a realm thru ip route, then use tc to catch these
> packets? This is more complicated, and I don't wish to mess with my routing
> (i'm using "route", not "ip route", are these even compatible?). Ideally
> i'd like to be able to simply grab the MARKed packets with tc, let me know
> if this is possible.
>
> One additional question from my previous email that didn't get answered,
> that i'd like to know about: after adding the SFQ classes to the leafs of
> the HTB (see first post with the script in it), am I supposed to be
> attaching the filters to the 10: handles of the SFQs, or stay the way it
> is, using the HTB children eg. 1:10 ?
If a packet is outted in a class with a filter, the packet is also queued in
the qdisc that belongs to that class. This is normally a FIFO qdisc. But
you can replace it with a SFQ qdisc. So you don't need extra filter to put
the traffic in the SFQ qdisc. All packets of the class will also enter the
qdisc.
Stef
--
stef.coene@docum.org
More QOS info : http://www.docum.org/
Title : "Using Linux as bandwidth manager"
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] HTB: Filtering flat out not working :(g
2002-02-28 8:35 [LARTC] HTB: Filtering flat out not working :(g bert hubert
2002-02-28 15:31 ` Tim Carr
2002-03-01 7:50 ` Stef Coene
@ 2002-03-01 10:06 ` bert hubert
2 siblings, 0 replies; 4+ messages in thread
From: bert hubert @ 2002-03-01 10:06 UTC (permalink / raw)
To: lartc
On Thu, Feb 28, 2002 at 03:31:02PM +0000, Tim Carr wrote:
> >From: bert hubert <ahu@ds9a.nl>
> >To: EGAL Vincent <egal@ipanematech.com>
> >CC: Tim Carr <cygnusx__1@hotmail.com>, lartc@mailman.ds9a.nl
> >Subject: Re: [LARTC] HTB: Filtering flat out not working :(g
> >
> >Exactly - queueing disciplines and their attached filters come *way* after
> >iptables or ipchains have doen their work.
> >
> >If you need information from before mangling, you should use fwmark to tag
> >packets, and then filter based on that fwmark. How to do this is in the
> >HOWTO.
>
> As i mentioned in the email, i've already tried this. No, the HOWTO does not
> tell you how to do QoS with MARKing. It tells you how to MARK the packets,
> and it tells you how to route the packets, but that's not what I want: I
> want QoS, not policy-based routing etc. (I'm talking about this specific
> part of the FAQ:
> http://www.lartc.org/HOWTO//cvs/2.4routing/output/2.4routing-11.html )
Down below on:
http://www.lartc.org/HOWTO//cvs/2.4routing/output/2.4routing-9.html#ss9.2
On fwmark
You can mark packets with either ipchains and have that mark survive
routing across interfaces. This is really useful to for example only shape
traffic on eth1 that came in on eth0. Syntax: # tc filter add dev eth1
protocol ip parent 1:0 prio 1 handle 6 fw flowid 1:1 Note that this is not a
u32 match!
You can place a mark like this:
# iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 6
The number 6 is arbitrary.
If you don't want to understand the full tc filter syntax, just use
iptables, and only learn to select on fwmark.
--
http://www.PowerDNS.com Versatile DNS Software & Services
http://www.tk the dot in .tk
http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-03-01 10:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-02-28 8:35 [LARTC] HTB: Filtering flat out not working :(g bert hubert
2002-02-28 15:31 ` Tim Carr
2002-03-01 7:50 ` Stef Coene
2002-03-01 10:06 ` bert hubert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.