From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lawrence MacIntyre Date: Fri, 17 Oct 2003 12:38:41 +0000 Subject: Re: [LARTC] Forwarded traffic bypassing filter MIME-Version: 1 Content-Type: multipart/mixed; boundary="=-4kGLDei8ndPyL3KV9j8Q" Message-Id: List-Id: References: In-Reply-To: To: lartc@vger.kernel.org --=-4kGLDei8ndPyL3KV9j8Q Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Is the netmask actually /24 instead of /8 or are you bridging the traffic with Machine1? On Thu, 2003-10-16 at 17:26, Amit Gandhi wrote: > Please consider the following scenario & corresponding question..... >=20 >=20 > Machine1 Machine2 > _________________ _________________ > MachineX | | | | > HTTP(1) | | | HTTP Server | > ------>-------->| -----|------------------| | > eth0| / |eth1 |eth0 | > 10.20.253.242/8| / |10.20.255.238/8 |10.20.246.247/8| > | HTTP(2) | | | > |_______________| |_______________| >=20 > 10.20.246.247 dev eth1 > 10.20.246.247 dev eth1 lladdr xx:xx:xx:xx:xx:xx > proxy_arp =3D1 > ip_forward=3D1 >=20 > Here are my shaping rules (primary goal is to send the web traffic > through a seperate queue) >=20 > tc qdisc add dev eth1 root handle 1: htb default 20 >=20 > tc class add dev eth1 parent 1: classid 1:1 htb rate 2mbit burst 15k >=20 > tc class add dev eth1 parnet 1:1 classid 1:10 htb rate 1mbit ceil 2mbit > burst 15k > tc class add dev eth1 parnet 1:1 classid 1:20 htb rate 1mbit burst 15k >=20 > tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 > tc qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10 >=20 > tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dport > 0x50 0xffff flowid 1:10 >=20 >=20 > Now, after all of this configuration I've observed that: >=20 > a) All the web requests comming from "MachineX" go thru the default > queue 20 > b) Web traffic generated from "Machine1" does gets send thru queue 10 >=20 >=20 > Why, is the forwarded traffic bypassing the filter? >=20 > I inserted debug messages in the 'u32_classify' function > inside the kernel, just to make sure that the filter is not > failing, but the function never gets called for HTTP(1) > traffic!!! >=20 >=20 > Regards, > +Amit > email: subscribeamit@yahoo.com >=20 > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ --=20 Lawrence MacIntyre 865.574.8696 lpz@ornl.gov Oak Ridge National Laboratory High Performance Information Infrastructure Technology Group --=-4kGLDei8ndPyL3KV9j8Q Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA/j+LQCNjP8rawCW4RAudqAJwKmAqiMSGlG6p03omJNNTwWTMovQCfe937 oA/ndxu7i+m6NhkLcQ3YNRQ= =Yt4a -----END PGP SIGNATURE----- --=-4kGLDei8ndPyL3KV9j8Q-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/