From: Stef Coene <stef.coene@docum.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] problem with tc filter
Date: Wed, 07 May 2003 16:58:56 +0000 [thread overview]
Message-ID: <marc-lartc-105232678213497@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105215831420329@msgid-missing>
On Wednesday 07 May 2003 11:39, miller69@gmx.net wrote:
> Hi,
>
> > I'm just wondering. You use connmark to mark the whole connection, but
> > isn't
> > that only working in 1 direction?
>
> Ok, first I was not sure about this question but I took a look at
> /proc/net/ip_conntrack :
>
> tcp 6 379813 ESTABLISHED src\x153.19.72.215 dst\x139.18.38.96 sport\x1240
> dport\x1214 src\x139.18.38.96 dst\x153.19.72.215 sport\x1214 dport\x1240
> [ASSURED] use=1 mark"
>
> This is a single entry, so I believe it puts a mark at the wohle connection
> in both directions. And quick test approved this. I used the following
> commands to count marked packets in the POSTROUTING chain.
> iptables -A POSTROUTING -t mangle -o eth0 -m mark --mark 12 -j ACCEPT
> iptables -A POSTROUTING -t mangle -o eth1 -m mark --mark 12 -j ACCEPT
>
> That gave the followig output:
>
> 648K 703M ACCEPT all -- * eth0 0.0.0.0/0
> 0.0.0.0/0 MARK match 0xc
> 520K 103M ACCEPT all -- * eth1 0.0.0.0/0
> 0.0.0.0/0 MARK match 0xc
>
> As you can see there are packets leaving the bridge at eth0 and at eth1 as
> well marked with the same handle.
Ok. So the mark is in both directions.
> > You want to mark on eth0 and use that mark also to shape on eth1.
>
> Exactly, so as the connmark part seems to be working is there a chance to
> get tc filter working in the same way to? Any comments would be very much
> appreciated!
I have no idea. It should work. If iptables can see the mark, the fw filter
can. So the fw filter should be able to use the mark.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-05-07 16:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-05 18:10 [LARTC] problem with tc filter miller69
2003-05-05 18:39 ` Stef Coene
2003-05-05 19:15 ` miller69
2003-05-05 19:20 ` Stef Coene
2003-05-05 21:04 ` miller69
2003-05-06 18:35 ` Stef Coene
2003-05-07 9:39 ` miller69
2003-05-07 16:58 ` Stef Coene [this message]
2003-11-23 2:38 ` raz
2003-11-23 10:19 ` Stef Coene
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105232678213497@msgid-missing \
--to=stef.coene@docum.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.