[LARTC] fw mark on Ethernet bridge + HTB

[LARTC] fw mark on Ethernet bridge + HTB

[Rajesh Srivastava]

[-- Attachment #1: Type: text/plain, Size: 1551 bytes --]

Hi,

Fw marking using IP Tables does not work on an Ethernet bridge. Is it possible to set up the mark using iptables so that the packet can be directly routed to a predefined class using a mark value? 

The advantage of this would be the one can use conntrack etc. to track connections and forward the packets to the correct class.

Example:

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: htb default 10

tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit
tc class add dev eth0 parent 1:1 classid 1:22 htb rate 64kbit ceil 256kbit prio 3
tc class add dev eth0 parent 1:1 classid 1:80 htb rate 64kbit ceil 128kbit prio 3

# traditional method of classifying traffic into flowids

tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip sport 22 0xffff flowid 1:22
tc filter add dev eth0 parent 1:3 protocol ip prio 3 u32 match ip sport 80 0xffff flowid 1:80

-------

What I want to achieve is as follows

#set predefined marks
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j MARK --set-mark 22
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 80  -m state --state ESTABLISHED -j MARK --set-mark 80

Now I want to be able to forward packets marked 22 to class 1:22 and those marked 80 sent to class 1:80 without using the tc fw filter ( as it does not work on bridges ).

Any help or pointers shall be highly appreciated.

Thanks

Rajesh

[-- Attachment #2: Type: text/html, Size: 3128 bytes --]