hi > Date: Thu, 17 Jan 2002 15:19:50 -0800 > From: "Scott Kaplan" <scott@libritas.com> > To: <lartc@mailman.ds9a.nl> > Subject: [LARTC] Marks are ignored by classes > > Here is how I'm setting up my PRIO: > > # iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 22 -j > MARK --set-mark 1 > # iptables -A PREROUTING -i eth0 -t mangle -p tcp --sport 22 -j > MARK --set-mark 1 > # iptables -A PREROUTING -i eth0 -t mangle -p tcp '!' --dport 22 > -j MARK --set-mark 2 > # iptables -A PREROUTING -i eth0 -t mangle -p tcp '!' --sport 22 > -j MARK --set-mark 2 > # tc qdisc del dev eth0 root handle 1: > # tc qdisc add dev eth0 root handle 1: prio bands 4 priomap 0 1 > 2 3 3 3 3 3 3 3 3 3 3 3 3 3 im not sure what this is inted to as have never tried this... iahve have tried marking & it does shapes--pls c at bottom ... > # tc qdisc add dev eth0 parent 1:1 handle 10: sfq > # tc qdisc add dev eth0 parent 1:2 handle 20: sfq > # tc qdisc add dev eth0 parent 1:3 handle 30: sfq > # tc qdisc add dev eth0 parent 1:4 handle 40: sfq > # tc filter add dev eth0 parent 1: protocol ip prio 3 handle 4 > fw classid 1:4 > # tc filter add dev eth0 parent 1: protocol ip prio 3 handle 3 > fw classid 1:3 > # tc filter add dev eth0 parent 1: protocol ip prio 3 handle 2 > fw classid 1:2 > # tc filter add dev eth0 parent 1: protocol ip prio 3 handle 1 > fw classid 1:1 > > Then I send a few SSH packets. The packets are marked in PREROUTING. > But why is everything winding up in 1:4? Also, if anyone knows why I am > marking 4 packets, but only 3 packets wind up in the qdisc, that would > be appreciated: > > [root@boss root]# ./qos status > LAN Queues: > qdisc sfq 40: quantum 1514b > Sent 246 bytes 3 pkts (dropped 0, overlimits 0) > > qdisc sfq 30: quantum 1514b > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc sfq 20: quantum 1514b > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc sfq 10: quantum 1514b > Sent 0 bytes 0 pkts (dropped 0, overlimits 0) > > qdisc prio 1: bands 4 priomap 0 1 2 3 3 3 3 3 3 3 3 3 3 3 3 3 > Sent 246 bytes 3 pkts (dropped 0, overlimits 0) > > IPTables: > Chain PREROUTING (policy ACCEPT 1050K packets, 257M bytes) > pkts bytes target prot opt in out source > destination > 0 0 MARK tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:22 MARK set 0x1 > 2 216 MARK tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:22 MARK set 0x1 > 2 216 MARK tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:!22 MARK set 0x2 > 0 0 MARK tcp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:!22 MARK set 0x2 > > Chain OUTPUT (policy ACCEPT 50963 packets, 9269K bytes) > pkts bytes target prot opt in out source > destination > > Scott Kaplan > Libritas > Suite 1300 > 180 Grand Avenue > Oakland, CA 94612 > (510) 740-7701 tc qdisc add dev eth1 root handle 2: cbq bandwidth 1000Kbit svpkt 1000 tc class add dev eth1 parent 2:0 classid 2:1 cbq bandwidth 1000Kbit rate 512Kbit allot 1514 weight 10Kbit prio 5 maxbrust 20 avpkt 1500 bounded tc qdisc add dev eth1 parent 2:1 classid 2:105 est 2sec 10sec cbq bandwidth 512Kbit rate 64Kbit allot 1514 weight 6 Kbit prio 5 maxbrust 10 avpkt 1500 bounded tc qdisc add dev eth1 parent 2:105 sfq quantum 1514b perturb 10 tc filter add dev eth1 parent 2:0 protocol ip prio 1 handlw 91 fw classid 2:105 . . similar for eth0 then.. iptables -t mangle -A PREROUTING -i eth1 -s <clients ips> -d < my lan> -j MARK --set-mark 90 iptables -t mangle -A PREROUTING -i eth0 -s <mylan> -d <clientsips> -j MARK --set-mark 91 & it works... hope that will be some information for u !! arindam
