From: Stef Coene <stef.coene@docum.org>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] problem with tc filter
Date: Wed, 07 May 2003 16:58:56 +0000 [thread overview]
Message-ID: <marc-lartc-105232678213497@msgid-missing> (raw)
In-Reply-To: <marc-lartc-105215831420329@msgid-missing>
On Wednesday 07 May 2003 11:39, miller69@gmx.net wrote:
> Hi,
>
> > I'm just wondering. You use connmark to mark the whole connection, but
> > isn't
> > that only working in 1 direction?
>
> Ok, first I was not sure about this question but I took a look at
> /proc/net/ip_conntrack :
>
> tcp 6 379813 ESTABLISHED src\x153.19.72.215 dst\x139.18.38.96 sport\x1240
> dport\x1214 src\x139.18.38.96 dst\x153.19.72.215 sport\x1214 dport\x1240
> [ASSURED] use=1 mark"
>
> This is a single entry, so I believe it puts a mark at the wohle connection
> in both directions. And quick test approved this. I used the following
> commands to count marked packets in the POSTROUTING chain.
> iptables -A POSTROUTING -t mangle -o eth0 -m mark --mark 12 -j ACCEPT
> iptables -A POSTROUTING -t mangle -o eth1 -m mark --mark 12 -j ACCEPT
>
> That gave the followig output:
>
> 648K 703M ACCEPT all -- * eth0 0.0.0.0/0
> 0.0.0.0/0 MARK match 0xc
> 520K 103M ACCEPT all -- * eth1 0.0.0.0/0
> 0.0.0.0/0 MARK match 0xc
>
> As you can see there are packets leaving the bridge at eth0 and at eth1 as
> well marked with the same handle.
Ok. So the mark is in both directions.
> > You want to mark on eth0 and use that mark also to shape on eth1.
>
> Exactly, so as the connmark part seems to be working is there a chance to
> get tc filter working in the same way to? Any comments would be very much
> appreciated!
I have no idea. It should work. If iptables can see the mark, the fw filter
can. So the fw filter should be able to use the mark.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-05-07 16:58 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-05 18:10 [LARTC] problem with tc filter miller69
2003-05-05 18:39 ` Stef Coene
2003-05-05 19:15 ` miller69
2003-05-05 19:20 ` Stef Coene
2003-05-05 21:04 ` miller69
2003-05-06 18:35 ` Stef Coene
2003-05-07 9:39 ` miller69
2003-05-07 16:58 ` Stef Coene [this message]
2003-11-23 2:38 ` raz
2003-11-23 10:19 ` Stef Coene
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-105232678213497@msgid-missing \
--to=stef.coene@docum.org \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox