From: "SŽébastien Cramatte" <scramatte@zensoluciones.com>
To: netfilter@vger.kernel.org
Subject: CLASSIFY vs MARK ?
Date: Thu, 28 Aug 2008 09:41:22 +0200 [thread overview]
Message-ID: <48B656A2.8060904@zensoluciones.com> (raw)
Hello,
I would like to know how what is the diference between MARK and CLASSIFY
target ? ¿ Whichone give better performance with lot's of traffic / rules ?
Seems that the LARTC doesn't works anymore ? ...
I understand that MARK + Connmark module is able set a connection state
to "related" and put the mark automaticaly on each packet ... isn't it ?
As I can test use CLASSIFY target is fare easy ...
My twice example works, traffic is matched/shaped properly (I'm using a
bridge).
Do CLASSIFY target use CONNTRACK module ?
Does it exists a way to use CLASSIFY in the same way as MARK ... I mean
CLASSIFY the first packet and set the connection state to "related" to
automaticaly put
other packets in the proper tc class ?
CLASSIFY is a feature of 2.6.x kernel and most of QoS scripts I've
found are for 2.4.x
I need to filter lot of P2P with Ipp2p and l7filter this is why I'm
searching to optimize my rules for better performance.
Seems that with Ipp2p you must use MARK but for other kind of traffic
like VoIP, Ftp or Web ?
Any comments, tips or help is welcome :)
Regards
--- Connmark / MARK version ---
#!/bin/sh
TC=/sbin/tc
IPT=/sbin/iptables
${IPT} -t mangle -F
${IPT} -t mangle -X
${TC} qdisc del dev eth0 root
${TC} qdisc add dev eth0 handle 1: root htb default 1
${IPT} -t mangle -N postrouting_eth0
${IPT} -t mangle -A POSTROUTING -m physdev --physdev-out eth0 -j
postrouting_eth0
${TC} class add dev eth0 parent 1: classid 1:1 htb rate 2048Kbit ceil
2048Kbit
${TC} class add dev eth0 parent 1:1 classid 1:10 htb rate 64Kbit ceil
2048Kbit prio 0
${TC} filter add dev eth0 protocol ip pref 2 parent 1: handle 10 fw
classid 1:10
${IPT} -A postrouting_eth0 -t mangle -j CONNMARK --restore-mark
${IPT} -A postrouting_eth0 -t mangle -m mark ! --mark 0 -j RETURN
${IPT} -A postrouting_eth0 -t mangle -p tcp --sport 80 -j MARK
--set-mark 0xa
${IPT} -A postrouting_eth0 -t mangle -j CONNMARK --save-mark
${IPT} -A postrouting_eth0 -t mangle -j RETURN
--- CLASSIFY version ---
#!/bin/sh
TC=/sbin/tc
IPT=/sbin/iptables
${IPT} -t mangle -F
${IPT} -t mangle -X
${TC} qdisc del dev eth0 root
${TC} qdisc add dev eth0 handle 1: root htb default 1
${IPT} -t mangle -N postrouting_eth0
${IPT} -t mangle -A POSTROUTING -m physdev --physdev-out eth0 -j
postrouting_eth0
${TC} class add dev eth0 parent 1: classid 1:1 htb rate 2048Kbit ceil
2048Kbit
${TC} class add dev eth0 parent 1:1 classid 1:10 htb rate 64Kbit ceil
2048Kbit prio 0
${IPT} -A postrouting_eth0 -t mangle -p tcp --sport 80 -j CLASSIFY
--set-class 1:10
reply other threads:[~2008-08-28 7:41 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48B656A2.8060904@zensoluciones.com \
--to=scramatte@zensoluciones.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox