From mboxrd@z Thu Jan 1 00:00:00 1970 From: Erik Hensema Date: Tue, 18 Feb 2003 12:46:08 +0000 Subject: [LARTC] [Patch 2.4.21-pre4]: promote netfilter MARK value to sit packets MIME-Version: 1 Content-Type: multipart/mixed; boundary="GvXjxJ+pjyke8COw" Message-Id: List-Id: To: lartc@vger.kernel.org --GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The attached patch enables the kernel to copy the netfilter MARK values from IPv6 packets to sit (IPv6-in-IPv4 tunnel) packets. It enables you to provide QoS on tunneled IPv6 packets. I haven't yet completed my scripts yet, but I'll post a link to the list as soon as it's ready for testing. For now, you can use something like this: ip6tables -t mangle -A POSTROUTING -o sitX -j MARK --set-mark and on your real outgoing interface to your provider: tc filter add dev parent 1:0 protocol ip handle fw classid or: iptables [...] -p ipv6 -m mark --mark [...] Please note that this could interfere with existing firewall rules. Please help me test this before I submit it to the linux kernel mailing list for inclusion in the mainstream kernel. -- Erik Hensema (erik@hensema.net) --GvXjxJ+pjyke8COw Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="sit-promote-mark-2.4.21-pre4.diff" diff -ur linux-2.4.21-pre4/Documentation/Configure.help linux-2.4.21-pre4.patched/Documentation/Configure.help --- linux-2.4.21-pre4/Documentation/Configure.help Tue Feb 18 12:54:18 2003 +++ linux-2.4.21-pre4.patched/Documentation/Configure.help Tue Feb 18 12:52:16 2003 @@ -5627,6 +5627,18 @@ It is safe to say N here for now. +IPv6: Promote netfilter MARK value to sit packets +CONFIG_IPV6_SIT_PROMOTE_MARK + If you use IPv6-in-IPv4 tunnels, you can use this option to mark + packets using ip6tables, and then match the sit (tunnel) packets + using iptables on the IPv4 level, or a tc fw match on the physical + outgoing interface. + + You need this if you want to provide QoS on a tunnelled IPv6 + connection. + + If unsure, say N. + Kernel httpd acceleration CONFIG_KHTTPD The kernel httpd acceleration daemon (kHTTPd) is a (limited) web diff -ur linux-2.4.21-pre4/net/ipv6/Config.in linux-2.4.21-pre4.patched/net/ipv6/Config.in --- linux-2.4.21-pre4/net/ipv6/Config.in Fri Dec 21 18:42:05 2001 +++ linux-2.4.21-pre4.patched/net/ipv6/Config.in Tue Feb 18 12:48:50 2003 @@ -7,4 +7,8 @@ if [ "$CONFIG_NETFILTER" != "n" ]; then source net/ipv6/netfilter/Config.in + + if [ "$CONFIG_IP6_NF_IPTABLES" != "n" ] ; then + bool ' IPv6: Promote netfilter MARK value to sit packets' CONFIG_IPV6_SIT_PROMOTE_MARK + fi fi diff -ur linux-2.4.21-pre4/net/ipv6/sit.c linux-2.4.21-pre4.patched/net/ipv6/sit.c --- linux-2.4.21-pre4/net/ipv6/sit.c Fri Nov 29 00:53:15 2002 +++ linux-2.4.21-pre4.patched/net/ipv6/sit.c Tue Feb 18 12:48:23 2003 @@ -571,6 +571,9 @@ } if (skb->sk) skb_set_owner_w(new_skb, skb->sk); +#ifdef CONFIG_IPV6_SIT_PROMOTE_MARK + new_skb->nfmark = skb->nfmark; +#endif dev_kfree_skb(skb); skb = new_skb; } --GvXjxJ+pjyke8COw-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/