Linux Netfilter discussions
 help / color / mirror / Atom feed
* CLASSIFY vs MARK ?
@ 2008-08-28  7:41 SŽébastien Cramatte
  0 siblings, 0 replies; only message in thread
From: SŽébastien Cramatte @ 2008-08-28  7:41 UTC (permalink / raw)
  To: netfilter

Hello,

I would like to know how what is the diference between MARK and CLASSIFY 
target ? ¿ Whichone give better performance with lot's of traffic / rules ?
Seems that the LARTC doesn't works anymore ? ...

I understand that MARK + Connmark module is able set  a connection state 
to  "related" and put the mark automaticaly on each packet ... isn't it ?
As I can test use CLASSIFY target is fare easy ...
My twice example works,  traffic is matched/shaped properly (I'm using a 
bridge).

Do CLASSIFY target use CONNTRACK  module ?
Does it exists a way to use CLASSIFY in the same way as MARK ... I mean 
CLASSIFY the first packet and set the connection state to "related"  to 
automaticaly put
other packets in the proper tc class ?

CLASSIFY is a feature of 2.6.x kernel  and most of QoS scripts I've 
found are for 2.4.x

I need to filter lot of P2P with Ipp2p  and l7filter this is why I'm 
searching  to optimize my rules for better performance.
Seems that with Ipp2p you must use MARK  but for other kind of traffic 
like VoIP, Ftp  or Web ?

Any comments, tips or help is welcome :)

Regards


--- Connmark / MARK version ---
#!/bin/sh

TC=/sbin/tc
IPT=/sbin/iptables


${IPT} -t mangle -F
${IPT} -t mangle -X

${TC} qdisc del dev eth0 root

${TC} qdisc add dev eth0 handle 1: root htb default 1
${IPT} -t mangle -N postrouting_eth0

${IPT} -t mangle -A POSTROUTING -m physdev --physdev-out eth0 -j 
postrouting_eth0

${TC} class add dev eth0 parent 1: classid 1:1 htb rate 2048Kbit ceil 
2048Kbit
${TC} class add dev eth0 parent 1:1 classid 1:10 htb rate 64Kbit ceil 
2048Kbit prio 0
${TC} filter add dev eth0 protocol ip pref 2 parent 1: handle 10 fw 
classid 1:10

${IPT} -A postrouting_eth0 -t mangle -j CONNMARK --restore-mark
${IPT} -A postrouting_eth0 -t mangle -m mark ! --mark 0 -j RETURN
${IPT} -A postrouting_eth0 -t mangle -p tcp --sport 80 -j MARK 
--set-mark 0xa

${IPT} -A postrouting_eth0 -t mangle -j CONNMARK --save-mark
${IPT} -A postrouting_eth0 -t mangle -j RETURN


--- CLASSIFY version ---
#!/bin/sh

TC=/sbin/tc
IPT=/sbin/iptables

${IPT} -t mangle -F
${IPT} -t mangle -X

${TC} qdisc del dev eth0 root

${TC} qdisc add dev eth0 handle 1: root htb default 1
${IPT} -t mangle -N postrouting_eth0

${IPT} -t mangle -A POSTROUTING -m physdev --physdev-out eth0 -j 
postrouting_eth0

${TC} class add dev eth0 parent 1: classid 1:1 htb rate 2048Kbit ceil 
2048Kbit
${TC} class add dev eth0 parent 1:1 classid 1:10 htb rate 64Kbit ceil 
2048Kbit prio 0

${IPT} -A postrouting_eth0 -t mangle -p tcp --sport 80 -j CLASSIFY 
--set-class 1:10



^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2008-08-28  7:41 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-08-28  7:41 CLASSIFY vs MARK ? SŽébastien Cramatte

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox