[LARTC] Proper filter syntax for matching Netfilter packet marks

[LARTC] Proper filter syntax for matching Netfilter packet marks

[Lance Dryden]

Howdy.  Sorry if I make a mistake; this is my first list posting.

I'm running into ... somewhat conflicting and incomplete documentation 
when working out what exactly I'm to do in order to tc-filter match 
against packet MARKs set by NetFilter.

The syntax I'm trying looks like this:
   tc filter add dev eth1 \
   protocol ip \
   parent 1:0 \
   prio 1 \
   handle 0x66 \
   fw classid 1:102

But it apparently isn't working right; this is the only filter in an 
egress HTB queue discipline, and all my traffic goes through the default 
class instead of my special class.  This is as per "tc -s -d class show ..."

   Thanks for your time,
   Lance Dryden

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Proper filter syntax for matching Netfilter packet marks

[Stef Coene]

On Thursday 25 September 2003 04:14, Lance Dryden wrote:
> Howdy.  Sorry if I make a mistake; this is my first list posting.
>
> I'm running into ... somewhat conflicting and incomplete documentation
> when working out what exactly I'm to do in order to tc-filter match
> against packet MARKs set by NetFilter.
>
> The syntax I'm trying looks like this:
>    tc filter add dev eth1 \
>    protocol ip \
>    parent 1:0 \
>    prio 1 \
>    handle 0x66 \
>    fw classid 1:102
>
> But it apparently isn't working right; this is the only filter in an
> egress HTB queue discipline, and all my traffic goes through the default
> class instead of my special class.  This is as per "tc -s -d class show
> ..."
Can you check your iptables ruls so you are sure the mark gets placed?

Stef

-- 
stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] Proper filter syntax for matching Netfilter packet marks

[jeremie le-hen]

> > But it apparently isn't working right; this is the only filter in an
> > egress HTB queue discipline, and all my traffic goes through the default
> > class instead of my special class.  This is as per "tc -s -d class show
> > ..."
> Can you check your iptables ruls so you are sure the mark gets placed?

In case your NetFilter rules really match and packet are marked, then you
should try using hexadecimal for marks. I know ip(8) interprets marks as
hexadecimal, although it's not documented AFAIK. I don't have time to look
at it in tc(8), but there are good chances it runs in the same way.

I have posted a mail on this inconsistency one week ago, but no one replied.
http://mailman.ds9a.nl/pipermail/lartc/2003q3/010074.html

Regards,
-- 
Jeremie aka TtZ/TataZ
jeremie.le-hen@epita.fr
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/