* [LARTC] [tcng] and iptables
@ 2002-09-26 14:52 raptor
2002-09-27 5:52 ` Werner Almesberger
0 siblings, 1 reply; 2+ messages in thread
From: raptor @ 2002-09-26 14:52 UTC (permalink / raw)
To: lartc
As we discused earlier in the list tcng still doesn't support ipchains/iptable/ip route marking and classifing based on this.
So my question is how can I do this manualy i.e. find the desired class-ID ... and add additional tc-commands so that marked packets goes to the desired class.
I need this for this :")
eth0 ----> class X:Y
eht1 ----> class Z:W
f.e. everything coming from eth0 goes to 100kbps class and everything from eth1 to 50kbps.
In fact it a litle bit harder :
3 frame realy channels (1 upstream/pvc0 and 2 downstream/pvc1,pvc2) and 2 eth.
Example :
if from pvc1 --> eth0 and ip_dst = 192.168.0.55 then 10kbps
if from pvc2 --> eth0 and ip_dst = 192.168.0.55 then 15kbps
if ip_src = 192.168.0.55 then 10kbps (dest is always pvc0 until i setup proxy)
thanx
raptor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] [tcng] and iptables
2002-09-26 14:52 [LARTC] [tcng] and iptables raptor
@ 2002-09-27 5:52 ` Werner Almesberger
0 siblings, 0 replies; 2+ messages in thread
From: Werner Almesberger @ 2002-09-27 5:52 UTC (permalink / raw)
To: lartc
raptor wrote:
> As we discused earlier in the list tcng still doesn't support
> ipchains/iptable/ip route marking and classifing based on this.
Well, you can just use the MARK target to set skb->nfmark with
iptables, and you can then use this for classification with the
"fw" classifier, e.g.
prio {
fw {
class (1) on (13);
class (2) on (42);
}
}
13 and 42 are the MARK values.
> In fact it a litle bit harder :
> 3 frame realy channels (1 upstream/pvc0 and 2 downstream/pvc1,pvc2) and 2
> eth.
Combining classifiers is rather tricky, and it's also quite
limited by the way how classifiers are chained. You can build
interesting things with that, as shown e.g. in the section
"Dump actions" of tcc/if_u32.c, but it's quite messy.
tcc doesn't support any combined classifiers (when using tc),
because the limitations imposed by the kernel traffic control
are just too narrow.
Example: let's assume, you could select "nfmark = X" in an
"if" construct, and tcc would build a classifier combining
"fw" and "u32". Then, the following expressions could be
converted:
class (<$class_1>) if nfmark = VALUE_1 && $condition_1;
class (<$class_2>) if nfmark = VALUE_1 && $condition_2;
class (<$class_3>) if 1;
and
class (<$class_1>) if nfmark = VALUE_1 && $condition_1;
class (<$class_2>) if nfmark = VALUE_2 && $condition_1;
class (<$class_3>) if 1;
but not
class (<$class_1>) if nfmark = VALUE_1 && $condition_1;
class (<$class_2>) if nfmark = VALUE_2 && $condition_2;
class (<$class_3>) if 1;
I don't even want to think about how to combine this with
policing :-)
So in your case, the correct solution is to do the whole
classification process in iptables, and only use "fw" in
the tcng part. In a future version of tcc, you'll also be
able to usw "if" instead of "fw".
- Werner
--
_________________________________________________________________________
/ Werner Almesberger, Buenos Aires, Argentina wa@almesberger.net /
/_http://www.almesberger.net/____________________________________________/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-09-27 5:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-26 14:52 [LARTC] [tcng] and iptables raptor
2002-09-27 5:52 ` Werner Almesberger
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.