From: Werner Almesberger <wa@almesberger.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] [tcng] and iptables
Date: Fri, 27 Sep 2002 05:52:33 +0000 [thread overview]
Message-ID: <marc-lartc-103310603427459@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103305197508043@msgid-missing>
raptor wrote:
> As we discused earlier in the list tcng still doesn't support
> ipchains/iptable/ip route marking and classifing based on this.
Well, you can just use the MARK target to set skb->nfmark with
iptables, and you can then use this for classification with the
"fw" classifier, e.g.
prio {
fw {
class (1) on (13);
class (2) on (42);
}
}
13 and 42 are the MARK values.
> In fact it a litle bit harder :
> 3 frame realy channels (1 upstream/pvc0 and 2 downstream/pvc1,pvc2) and 2
> eth.
Combining classifiers is rather tricky, and it's also quite
limited by the way how classifiers are chained. You can build
interesting things with that, as shown e.g. in the section
"Dump actions" of tcc/if_u32.c, but it's quite messy.
tcc doesn't support any combined classifiers (when using tc),
because the limitations imposed by the kernel traffic control
are just too narrow.
Example: let's assume, you could select "nfmark = X" in an
"if" construct, and tcc would build a classifier combining
"fw" and "u32". Then, the following expressions could be
converted:
class (<$class_1>) if nfmark = VALUE_1 && $condition_1;
class (<$class_2>) if nfmark = VALUE_1 && $condition_2;
class (<$class_3>) if 1;
and
class (<$class_1>) if nfmark = VALUE_1 && $condition_1;
class (<$class_2>) if nfmark = VALUE_2 && $condition_1;
class (<$class_3>) if 1;
but not
class (<$class_1>) if nfmark = VALUE_1 && $condition_1;
class (<$class_2>) if nfmark = VALUE_2 && $condition_2;
class (<$class_3>) if 1;
I don't even want to think about how to combine this with
policing :-)
So in your case, the correct solution is to do the whole
classification process in iptables, and only use "fw" in
the tcng part. In a future version of tcc, you'll also be
able to usw "if" instead of "fw".
- Werner
--
_________________________________________________________________________
/ Werner Almesberger, Buenos Aires, Argentina wa@almesberger.net /
/_http://www.almesberger.net/____________________________________________/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2002-09-27 5:52 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-26 14:52 [LARTC] [tcng] and iptables raptor
2002-09-27 5:52 ` Werner Almesberger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103310603427459@msgid-missing \
--to=wa@almesberger.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.