From: Andrea Rossato <mailing_list@istitutocolli.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] traffic shaping and gre tunnels
Date: Fri, 29 Nov 2002 18:46:30 +0000 [thread overview]
Message-ID: <marc-lartc-103859571607028@msgid-missing> (raw)
In-Reply-To: <marc-lartc-103852138920319@msgid-missing>
Andrea Rossato wrote:
> 4. How can I set up a filter for shaping (in ppp0) encapsulated traffic?
> for istance, if I want ssh to vpn0 to have maximum priority either
> within the tunnel and also within the traffic passing trough ppp0, how
> can achivie that? I cannot find documentation on u32 that I can use to
> work that out...
I did it the hard way: dumped packets to find out...
I post this with the hope tha it can be useful to others.
I need to shape internally encapsulated traffic (a gre tunnel) in order
to give interactivity maximum priority in my adsl uplink connection but
treating bulk vpn traffic as usual bulk traffic.
To achieve that I need to match encapsulated packets. Following you will
find some tested examples that can help you understand how to do - I
needed something like this last night. :)
Question: I cannot match anything with nexthdr (neither assuming ip
herders are 24 bytes long). Way? I'm using linux-2.4.20-rc4 and tc
binary from htb3.6-020525
Regards,
Andrea
A gre encapsulated ip packet:
|<20 bytes ip header>||<4 bytes gre header >||<20 bytes ip header>||<ip
protocol header and the rest>|
Matching exsamples:
#match tos 0x10 Minimum Delay
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
match ip protocol 47 0xff \
match u16 0x10 00ff at 24 \
flowid 1:50
#match ICMP (ip protocol 1)
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
match ip protocol 47 0xff \
match u16 0x01 00ff at 32 \
flowid 1:50
#match dport 22 (ssh)
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
match ip protocol 47 0xff \
match u16 0x06 00ff at 32 \ # match ip protocol 6 (tcp)
match u16 0x0016 ffff at 46 \ # match dport 22 (ssh)
flowid 1:50
#match dest address
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
match ip protocol 47 0xff \
match u16 0x01 00ff at 32 \ # match ip protocol 1 (icmp)
match u32 0xac100201 ffffffff at 40 \ # match ip addr 172.16.02.01
flowid 1:50
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
prev parent reply other threads:[~2002-11-29 18:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-28 22:07 [LARTC] traffic shaping and gre tunnels Andrea Rossato
2002-11-29 18:46 ` Andrea Rossato [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-103859571607028@msgid-missing \
--to=mailing_list@istitutocolli.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.