From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Rajesh Srivastava" Date: Mon, 02 Jun 2003 08:03:27 +0000 Subject: [LARTC] fw mark on Ethernet bridge + HTB MIME-Version: 1 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0012_01C328A2.C6B0E2C0" Message-Id: List-Id: To: lartc@vger.kernel.org This is a multi-part message in MIME format. ------=_NextPart_000_0012_01C328A2.C6B0E2C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, Fw marking using IP Tables does not work on an Ethernet bridge. Is it = possible to set up the mark using iptables so that the packet can be = directly routed to a predefined class using a mark value?=20 The advantage of this would be the one can use conntrack etc. to track = connections and forward the packets to the correct class. Example: tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil = 512kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit ceil = 256kbit tc class add dev eth0 parent 1:1 classid 1:22 htb rate 64kbit ceil = 256kbit prio 3 tc class add dev eth0 parent 1:1 classid 1:80 htb rate 64kbit ceil = 128kbit prio 3 # traditional method of classifying traffic into flowids tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip sport = 22 0xffff flowid 1:22 tc filter add dev eth0 parent 1:3 protocol ip prio 3 u32 match ip sport = 80 0xffff flowid 1:80 ------- What I want to achieve is as follows #set predefined marks iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 22 -m state = --state ESTABLISHED -j MARK --set-mark 22 iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 80 -m state = --state ESTABLISHED -j MARK --set-mark 80 Now I want to be able to forward packets marked 22 to class 1:22 and = those marked 80 sent to class 1:80 without using the tc fw filter ( as = it does not work on bridges ). Any help or pointers shall be highly appreciated. Thanks Rajesh ------=_NextPart_000_0012_01C328A2.C6B0E2C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi,

Fw marking using IP Tables does not = work on an=20 Ethernet bridge. Is it possible to set up the mark using iptables so = that the=20 packet can be directly routed to a predefined class using a = mark=20 value?

The advantage of this would be the one = can use=20 conntrack etc. to track connections and forward the packets to the = correct=20 class.

Example:

tc qdisc del dev eth0 = root

tc qdisc add dev eth0 root handle 1: = htb default=20 10

tc class add dev eth0 parent 1: = classid 1:1=20 htb rate 512kbit ceil 512kbit

tc class add dev eth0 parent 1:1 = classid 1:10=20 htb rate 128kbit ceil 256kbit

tc class add dev eth0 parent 1:1 = classid 1:22=20 htb rate 64kbit ceil 256kbit prio 3

tc class add dev eth0 parent 1:1 = classid 1:80 htb=20 rate 64kbit ceil 128kbit prio 3

# traditional method of classifying = traffic into=20 flowids

tc filter add dev eth0 parent 1:1 = protocol ip=20 prio 3 u32 match ip sport 22 0xffff flowid 1:22

tc filter add dev eth0 parent 1:3 = protocol ip=20 prio 3 u32 match ip sport 80 0xffff flowid 1:80

-------

What I want to achieve is as follows

#set predefined marks
iptables -t mangle -A PREROUTING = -i eth0 -p=20 tcp --sport 22 -m state --state ESTABLISHED -j MARK=20 --set-mark 22
iptables -t mangle -A PREROUTING -i eth0 -p = tcp=20 --sport 80 -m state --state ESTABLISHED -j MARK --set-mark = 80

Now I want to be able to forward packets marked 22 to class 1:22 = and those=20 marked 80 sent to class 1:80 without using the tc fw filter ( as it does = not=20 work on bridges ).

Any help or pointers shall be highly appreciated.

Thanks

Rajesh

------=_NextPart_000_0012_01C328A2.C6B0E2C0-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/