From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Manfred Bartz" <md-lartc@logi.cc>
Date: Tue, 22 May 2001 01:27:24 +0000
Subject: Re: Antwort: Re: [LARTC] tc and masquerading probs
Message-Id: <marc-lartc-99049501309711@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-99045859130110@msgid-missing>
In-Reply-To: <marc-lartc-99045859130110@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

m.dages@avk.net writes:

> wningtung.leung wrote:

> > The solution I propose (haven't tested it though):
> > 
> > Don't use firewall marks, but use the u32 filter instead.
> > 
> > Look at the source and target IP and redirect the pakket to the
> > correct class.
> > 
> > (source != router && dest = low_prio_host)  ->  slow_class
> > (source != router && dest = hi_prio_host)  ->  no_limit
> > (source = router)  ->  no_limit
> > 
> > This is only an idea for the downstream, I haven't been thinking
> > about limitimg the upstream.

> ... looking also at the source ip with the u32 filter works very
> well.

I would like to do just that, but I can't figure out how to specify
multiple conditions for u32 filtering.  Could you give an example?

Currently I have specified filters like:

tc filter add dev eth2 parent 2:0 protocol ip prio 20 u32 \
     match ip dst 192.168.2.12 flowid 2:212

Also, I assume lower ``prio'' values mean the rule takes preference
over rules with higher values?

-- 
Manfred


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/