[LARTC] fwmark on bridge+htb

[LARTC] fwmark on bridge+htb

[Rajesh Srivastava]

[-- Attachment #1: Type: text/plain, Size: 1561 bytes --]

Hi,

Fw marking using IP Tables does not work on an Ethernet bridge. Is it
possible to set up the mark using iptables so that the packet can be
directly routed to a predefined class using a mark value?

The advantage of this would be the one can use conntrack etc. to track
connections and forward the packets to the correct class.

Example:

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1: htb default 10

tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit
tc class add dev eth0 parent 1:1 classid 1:22 htb rate 64kbit ceil 256kbit
prio 3
tc class add dev eth0 parent 1:1 classid 1:80 htb rate 64kbit ceil 128kbit
prio 3

# traditional method of classifying traffic into flowids

tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip sport 22
0xffff flowid 1:22
tc filter add dev eth0 parent 1:3 protocol ip prio 3 u32 match ip sport 80
0xffff flowid 1:80

-------

What I want to achieve is as follows

#set predefined marks
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 22 -m state --state
ESTABLISHED -j MARK --set-mark 22
iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 80  -m state --state
ESTABLISHED -j MARK --set-mark 80

Now I want to be able to forward packets marked 22 to class 1:22 and those
marked 80 sent to class 1:80 without using the tc fw filter ( as it does not
work on bridges ).

Any help or pointers shall be highly appreciated.

Thanks

Rajesh

[-- Attachment #2: Type: text/html, Size: 2060 bytes --]

Re: [LARTC] fwmark on bridge+htb

[Stef Coene]

On Monday 02 June 2003 17:59, Rajesh Srivastava wrote:
	> Hi,
>
> Fw marking using IP Tables does not work on an Ethernet bridge. Is it
> possible to set up the mark using iptables so that the packet can be
> directly routed to a predefined class using a mark value?
>
> The advantage of this would be the one can use conntrack etc. to track
> connections and forward the packets to the correct class.
>
> Example:
>
> tc qdisc del dev eth0 root
> tc qdisc add dev eth0 root handle 1: htb default 10
>
> tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit
> tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit
> tc class add dev eth0 parent 1:1 classid 1:22 htb rate 64kbit ceil 256kbit
> prio 3
> tc class add dev eth0 parent 1:1 classid 1:80 htb rate 64kbit ceil 128kbit
> prio 3
>
> # traditional method of classifying traffic into flowids
>
> tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip sport 22
> 0xffff flowid 1:22
> tc filter add dev eth0 parent 1:3 protocol ip prio 3 u32 match ip sport 80
> 0xffff flowid 1:80
>
> -------
>
> What I want to achieve is as follows
>
> #set predefined marks
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 22 -m state --state
> ESTABLISHED -j MARK --set-mark 22
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 80  -m state
> --state ESTABLISHED -j MARK --set-mark 80
>
> Now I want to be able to forward packets marked 22 to class 1:22 and those
> marked 80 sent to class 1:80 without using the tc fw filter ( as it does
> not work on bridges ).
>
> Any help or pointers shall be highly appreciated.
You can use ebtales on a bridge.  I think it has the same syntax/features as 
iptables.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/