the "wondershaper" by one of the authors of the LARTC-HOWTO: http://lartc.org/HOWTO//cvs/2.4routing/output/2.4routing-15.html at the very end of this html-page simply copy/paste the ingress-line and the next line which is the u32 filter for the ingress-qdisc. that worked perfect for me :) > Thank you Tobias, > > > For me ingress works great. > > ok, i more or less copy/pasted from the "wondershaper" :) > > Eh? > > > I guess it's not good to have a rate of 8000bps AND a burst of 10k > > I have set burst to 3k, and this has not helped, I still see the "not > nice" sharing at the input. > Maybe I should increase burst ?? > > well, what do you want? i guess i want to "test" the ingress-qdisc, and as far i understand the whole thing it's no good idea to set a specific rate but at the same time allow a burst that's x*specific-rate. i always set my burst to something like specific-rate/10 or so in your example with 8000bps rate, i'd test a burst of 800 or even less > > I'm also not shure, if the iptables-marks get noticed, but it seems so, > > as you said there is a shaping effect. > > You say the if I use u32 maybe this effect would disappear ? > > like i said: i dont' know exactly :) i'm not in this c / hardcore-kernelprogramming stuff, so i don't know for shure which code comes first in case of ingress: the qdisc-stuff or the iptables stuff. if the iptables stuff comes first (and it seems so) then everything's ok. let it be. the "effect" has nothing to do with your filter, more with your qdisc (i guess :) > > but as your iptable-rule is so > > generally i'd say there's no reason not to use the appropriate u32 > > filter instead of fw. > > The problem is that u32 is not well documented :-( > I had to install all the ipchains and after iptables, because was unable > to do anything "coherent" with u32... > > like mentioned above: the last line of code in the html-page is the u32-filter line you need (and which does the same as your iptables-mark-rule) good luck tobias
