On Tue, Mar 25, 2008 at 04:29:18 -0400, Sunil Ghai <sunilkrghai@xxxxxxxxx> wrote: > > For traffic accepted on an interface, the *ingress* qdisc is traversed. It > means all inbound data is traversed through it. So how do we differentiate > as which inbound packet is for which application? port numbers? and who > does it..operating system of *filters* attached with *ingress qdisc*? I believe it is possible to do this using netfilter (iptables) to mark packets. And then you can classify the marked packets. I haven't tried this though. There are some limits on what you can do with traffic in an ingress qdisc. That is why you might want to forward the inbound traffic to an IFB where you can apply normal egress rules. (Though in the end the rules will be enforced by packets being dropped when the queue fills up.) > If we want to implement policing on a particular connection, it's inbound > packets may be dropped. But as *ingress qdisc* is common to an interface so > how do we implement it? You want traffic to be seen together so that you can properly manage it. So seeing all of the inbound traffic is a good thing. (You'd prefer to see all of the local network traffic as well, but that isn't going to be the case unless you are using the Fedora box as your local gateway. And that is something you'd more likely want to do on a $50 router box running DDWRT or OpenWRT. If you continue down this route, keep in mind the possibility of generalizing this at a later time as a traffic shaping utility. People do have need of something that will prioritize their ssh or voip traffic over background downloads (of any kind, not just updates) and your project could potentially morph into such a tool. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list