From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stef Coene <stef.coene@docum.org>
Date: Mon, 02 Jun 2003 16:53:50 +0000
Subject: Re: [LARTC] fwmark on bridge+htb
Message-Id: <marc-lartc-105457294511345@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-105456966807290@msgid-missing>
In-Reply-To: <marc-lartc-105456966807290@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Monday 02 June 2003 17:59, Rajesh Srivastava wrote:
	> Hi,
>
> Fw marking using IP Tables does not work on an Ethernet bridge. Is it
> possible to set up the mark using iptables so that the packet can be
> directly routed to a predefined class using a mark value?
>
> The advantage of this would be the one can use conntrack etc. to track
> connections and forward the packets to the correct class.
>
> Example:
>
> tc qdisc del dev eth0 root
> tc qdisc add dev eth0 root handle 1: htb default 10
>
> tc class add dev eth0 parent 1: classid 1:1 htb rate 512kbit ceil 512kbit
> tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit
> tc class add dev eth0 parent 1:1 classid 1:22 htb rate 64kbit ceil 256kbit
> prio 3
> tc class add dev eth0 parent 1:1 classid 1:80 htb rate 64kbit ceil 128kbit
> prio 3
>
> # traditional method of classifying traffic into flowids
>
> tc filter add dev eth0 parent 1:1 protocol ip prio 3 u32 match ip sport 22
> 0xffff flowid 1:22
> tc filter add dev eth0 parent 1:3 protocol ip prio 3 u32 match ip sport 80
> 0xffff flowid 1:80
>
> -------
>
> What I want to achieve is as follows
>
> #set predefined marks
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 22 -m state --state
> ESTABLISHED -j MARK --set-mark 22
> iptables -t mangle -A PREROUTING -i eth0 -p tcp --sport 80  -m state
> --state ESTABLISHED -j MARK --set-mark 80
>
> Now I want to be able to forward packets marked 22 to class 1:22 and those
> marked 80 sent to class 1:80 without using the tc fw filter ( as it does
> not work on bridges ).
>
> Any help or pointers shall be highly appreciated.
You can use ebtales on a bridge.  I think it has the same syntax/features as 
iptables.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.oftc.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/