From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stef Coene Date: Wed, 07 May 2003 16:58:56 +0000 Subject: Re: [LARTC] problem with tc filter Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org On Wednesday 07 May 2003 11:39, miller69@gmx.net wrote: > Hi, > > > I'm just wondering. You use connmark to mark the whole connection, but > > isn't > > that only working in 1 direction? > > Ok, first I was not sure about this question but I took a look at > /proc/net/ip_conntrack : > > tcp 6 379813 ESTABLISHED src3.19.72.215 dst9.18.38.96 sport40 > dport14 src9.18.38.96 dst3.19.72.215 sport14 dport40 > [ASSURED] use=1 mark" > > This is a single entry, so I believe it puts a mark at the wohle connection > in both directions. And quick test approved this. I used the following > commands to count marked packets in the POSTROUTING chain. > iptables -A POSTROUTING -t mangle -o eth0 -m mark --mark 12 -j ACCEPT > iptables -A POSTROUTING -t mangle -o eth1 -m mark --mark 12 -j ACCEPT > > That gave the followig output: > > 648K 703M ACCEPT all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 MARK match 0xc > 520K 103M ACCEPT all -- * eth1 0.0.0.0/0 > 0.0.0.0/0 MARK match 0xc > > As you can see there are packets leaving the bridge at eth0 and at eth1 as > well marked with the same handle. Ok. So the mark is in both directions. > > You want to mark on eth0 and use that mark also to shape on eth1. > > Exactly, so as the connmark part seems to be working is there a chance to > get tc filter working in the same way to? Any comments would be very much > appreciated! I have no idea. It should work. If iptables can see the mark, the fw filter can. So the fw filter should be able to use the mark. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/