From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Rajesh Srivastava" Date: Mon, 02 Jun 2003 15:59:47 +0000 Subject: [LARTC] fwmark on bridge+htb MIME-Version: 1 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0011_01C328E5.5164FAE0" Message-Id: List-Id: To: lartc@vger.kernel.org This is a multi-part message in MIME format. ------=_NextPart_000_0011_01C328E5.5164FAE0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, Fw marking using IP Tables does not work on an Ethernet bridge. Is it possible to set up the mark using iptables so that the packet can be directly routed to a predefined class using a mark value? The advantage of this would be the one can use conntrack etc. to track connections and forward the packets to the correct class. Example: tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil = 512kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit ceil = 256kbit tc class add dev eth0 parent 1:1 classid 1:22 htb rate 64kbit ceil = 256kbit prio 3 tc class add dev eth0 parent 1:1 classid 1:80 htb rate 64kbit ceil = 128kbit prio 3 # traditional method of classifying traffic into flowids tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip sport = 22 0xffff flowid 1:22 tc filter add dev eth0 parent 1:3 protocol ip prio 3 u32 match ip sport = 80 0xffff flowid 1:80 ------- What I want to achieve is as follows #set predefined marks iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 22 -m state = --state ESTABLISHED -j MARK --set-mark 22 iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 80 -m state = --state ESTABLISHED -j MARK --set-mark 80 Now I want to be able to forward packets marked 22 to class 1:22 and = those marked 80 sent to class 1:80 without using the tc fw filter ( as it does = not work on bridges ). Any help or pointers shall be highly appreciated. Thanks Rajesh ------=_NextPart_000_0011_01C328E5.5164FAE0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Hi,

Fw=20 marking using IP Tables does not work on an Ethernet bridge. Is = it
possible=20 to set up the mark using iptables so that the packet can be
directly = routed=20 to a predefined class using a mark value?

The advantage of this = would be=20 the one can use conntrack etc. to track
connections and forward the = packets=20 to the correct class.

Example:

tc qdisc del dev eth0 = root
tc=20 qdisc add dev eth0 root handle 1: htb default 10

tc class add dev = eth0=20 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit
tc class add dev = eth0=20 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit
tc class add = dev eth0=20 parent 1:1 classid 1:22 htb rate 64kbit ceil 256kbit
prio 3
tc = class add=20 dev eth0 parent 1:1 classid 1:80 htb rate 64kbit ceil 128kbit
prio = 3

#=20 traditional method of classifying traffic into flowids

tc filter = add dev=20 eth0 parent 1:1 protocol ip prio 3 u32 match ip sport 22
0xffff = flowid=20 1:22
tc filter add dev eth0 parent 1:3 protocol ip prio 3 u32 match = ip sport=20 80
0xffff flowid 1:80

-------

What I want to achieve is = as=20 follows

#set predefined marks
iptables -t mangle -A PREROUTING = -i eth0=20 -p tcp --sport 22 -m state --state
ESTABLISHED -j MARK --set-mark=20 22
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 80 = -m state=20 --state
ESTABLISHED -j MARK --set-mark 80

Now I want to be = able to=20 forward packets marked 22 to class 1:22 and those
marked 80 sent to = class=20 1:80 without using the tc fw filter ( as it does not
work on bridges=20 ).

Any help or pointers shall be highly=20 appreciated.

Thanks

Rajesh

------=_NextPart_000_0011_01C328E5.5164FAE0-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/