[LARTC] icmp bandwidth restriction !!

[LARTC] icmp bandwidth restriction !!

[Arindam Haldar]

hi all

i want help in managing icmp traffic. this is what i tried -->
iptables -t mangle -A PREROUTING -d 10.0.0.0/8 -p 1 -j MARK --set-mark 4001

tc filter add dev eth4 parent 5:0 match protocol ip 1 prio 2 handle 4001 
fw classid 5:105

i tried permutaion of >> match protocol ip 1 << but always getting 
different errors.

i want to know whats the syntax for tc when i mark packets with iptables 
of icmp type !
iptables -nvL PREROUTING -t mangle does shows figures indicating icmp 
packets r inded being marked !

thanx in advance
A.H

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] icmp bandwidth restriction !!

[Arindam Haldar]

eth wrote:

> Arindam Haldar wrote:
> 
>> i want help in managing icmp traffic. this is what i tried -->
>> iptables -t mangle -A PREROUTING -d 10.0.0.0/8 -p 1 -j MARK --set-mark 
>> 4001
>>
>> tc filter add dev eth4 parent 5:0 match protocol ip 1 prio 2 handle 
>> 4001 fw classid 5:105
>>
>> i tried permutaion of >> match protocol ip 1 << but always getting 
>> different errors.
>> i want to know whats the syntax for tc when i mark packets with 
>> iptables of icmp type !
>> iptables -nvL PREROUTING -t mangle does shows figures indicating icmp 
>> packets r inded being marked ! 
> 
> If only ICMP is the criterion why bother with iptables? Afterwall the 
> u32 filter of tc can match pretty anything in terms of tcp/ip...
> 
> If I'm not wrong for example
> 
> tc filter add dev eth1 protocol ip parent 5:0 prio 2 match ip dst 
> 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105
> 
> ... would create a filter to match all ICMP traffic destined to 10.0.0.0
> 

# tc filter add dev eth4 parent 5:0 protocol ip prio 2 match ip dst 
10.0.0.0/8 match ip protocol 1 0xff flowid 5:105
Unknown filter "match", hence "ip" is unparsable

A.H

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] icmp bandwidth restriction !!

[Arindam Haldar]

Arindam Haldar wrote:

> eth wrote:
> 
>> Arindam Haldar wrote:
>>
>>> i want help in managing icmp traffic. this is what i tried -->
>>> iptables -t mangle -A PREROUTING -d 10.0.0.0/8 -p 1 -j MARK 
>>> --set-mark 4001
>>>
>>> tc filter add dev eth4 parent 5:0 match protocol ip 1 prio 2 handle 
>>> 4001 fw classid 5:105
>>>
>>> i tried permutaion of >> match protocol ip 1 << but always getting 
>>> different errors.
>>> i want to know whats the syntax for tc when i mark packets with 
>>> iptables of icmp type !
>>> iptables -nvL PREROUTING -t mangle does shows figures indicating icmp 
>>> packets r inded being marked ! 
>>
>>
>> If only ICMP is the criterion why bother with iptables? Afterwall the 
>> u32 filter of tc can match pretty anything in terms of tcp/ip...
>>
>> If I'm not wrong for example
>>
>> tc filter add dev eth1 protocol ip parent 5:0 prio 2 match ip dst 
>> 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105
>>
>> ... would create a filter to match all ICMP traffic destined to 10.0.0.0
>>
> 
> # tc filter add dev eth4 parent 5:0 protocol ip prio 2 match ip dst 
> 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105
> Unknown filter "match", hence "ip" is unparsable
> 
> A.H
> 
I AM EXTREMLY SORRY !! ... didnt add u32 to the above !.. :-(

thanx 4 ur help !




_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/