Dies ist eine mehrteilige Nachricht im MIME-Format. --------------3B62B4388E04887E67394F06 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Martin Devera schrieb: > > > I understand what you mean... but i thought there has to be a way from what I > > read on the IMQ-site (http://luxik.cdi.cz/~devik/qos/imq.htm): > > > > --- snipp --- > > > > Each non-marked skb is intercepted in dev_queue_xmit and queued to IMQ if it is > > up. Immediately it tries to dequeue it (software pump). > > > > --- snapp --- > > > > "Each non-marked skb" <-- Thats what made me think that there is a way to "mark" > > a device... > > this is only internal mark to know whether the skb was > already in IMQ. You could use it but you would have to > add new user parameter to the interface structure. > I didn't want to do it as I want the pach to be as simple > as possible. > devik Hi. The same problem was bugging me a couple of days ago so i wrote an iptables target which allows you to exclude packets from beeing enqueued to the imq device. The patch is tested with iptables-1.2.6a but should work with almost any recent version. After applying it you have to execute a "chmod +x extensions/.IMQX-test", then make patch-o-matic as usual. Martin, maybe you want to put it on your imq page ? Bye, Patrick --------------3B62B4388E04887E67394F06 Content-Type: text/plain; charset=us-ascii; name="IMQX_iptables-1.2.6a.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="IMQX_iptables-1.2.6a.patch" diff -urN iptables-1.2.6a-clean/extensions/.IMQX-test iptables-1.2.6a/extensions/.IMQX-test --- iptables-1.2.6a-clean/extensions/.IMQX-test Thu Jan 1 01:00:00 1970 +++ iptables-1.2.6a/extensions/.IMQX-test Sat Mar 23 02:37:20 2002 @@ -0,0 +1,3 @@ +#!/bin/sh +# True if IMQX target patch is applied. +[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_IMQX.c ] && echo IMQX diff -urN iptables-1.2.6a-clean/extensions/libipt_IMQX.c iptables-1.2.6a/extensions/libipt_IMQX.c --- iptables-1.2.6a-clean/extensions/libipt_IMQX.c Thu Jan 1 01:00:00 1970 +++ iptables-1.2.6a/extensions/libipt_IMQX.c Sat Mar 23 02:37:49 2002 @@ -0,0 +1,81 @@ +/* Shared library add-on to iptables to add IMQX target support. */ +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <getopt.h> + +#include <iptables.h> +#include <linux/netfilter_ipv4/ip_tables.h> + +/* Function which prints out usage message. */ +static void +help(void) +{ + printf( +"IMQX target v%s has no options\n", +NETFILTER_VERSION); +} + +static struct option opts[] = { + { 0 } +}; + +/* Initialize the target. */ +static void +init(struct ipt_entry_target *t, unsigned int *nfcache) +{ +} + +/* Function which parses command options; returns true if it + ate an option */ +static int +parse(int c, char **argv, int invert, unsigned int *flags, + const struct ipt_entry *entry, + struct ipt_entry_target **target) +{ + if (c) + return 0; + + return 1; +} + +static void +final_check(unsigned int flags) +{ +} + +/* Prints out the targinfo. */ +static void +print(const struct ipt_ip *ip, + const struct ipt_entry_target *target, + int numeric) +{ + printf("IMQX"); +} + +/* Saves the union ipt_targinfo in parsable form to stdout. */ +static void +save(const struct ipt_ip *ip, const struct ipt_entry_target *target) +{ +} + +static +struct iptables_target mark += { NULL, + "IMQX", + NETFILTER_VERSION, + 0, + 0, + &help, + &init, + &parse, + &final_check, + &print, + &save, + opts +}; + +void _init(void) +{ + register_target(&mark); +} diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch iptables-1.2.6a/patch-o-matic/extra/IMQX.patch --- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch Thu Jan 1 01:00:00 1970 +++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch Sat Mar 23 02:37:20 2002 @@ -0,0 +1,60 @@ +diff -urN linux-2.4.18-clean/net/ipv4/netfilter/ipt_IMQX.c linux-2.4.18/net/ipv4/netfilter/ipt_IMQX.c +--- linux-2.4.18-clean/net/ipv4/netfilter/ipt_IMQX.c Thu Jan 1 01:00:00 1970 ++++ linux-2.4.18/net/ipv4/netfilter/ipt_IMQX.c Sat Mar 23 01:48:23 2002 +@@ -0,0 +1,56 @@ ++/* This is a module which is used for setting the from_imq field of an skb. */ ++#include <linux/module.h> ++#include <linux/skbuff.h> ++#include <linux/ip.h> ++#include <net/checksum.h> ++ ++#include <linux/netfilter_ipv4/ip_tables.h> ++ ++static unsigned int ++target(struct sk_buff **pskb, ++ unsigned int hooknum, ++ const struct net_device *in, ++ const struct net_device *out, ++ const void *targinfo, ++ void *userinfo) ++{ ++ (*pskb)->from_imq = 1; ++ (*pskb)->nfcache |= NFC_ALTERED; ++ ++ return IPT_CONTINUE; ++} ++ ++static int ++checkentry(const char *tablename, ++ const struct ipt_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hook_mask) ++{ ++ if (strcmp(tablename, "mangle") != 0) { ++ printk(KERN_WARNING "IMQX: can only be called from \"mangle\" table, not \"%s\"\n", tablename); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct ipt_target ipt_imqx_reg ++= { { NULL, NULL }, "IMQX", target, checkentry, NULL, THIS_MODULE }; ++ ++static int __init init(void) ++{ ++ if (ipt_register_target(&ipt_imqx_reg)) ++ return -EINVAL; ++ ++ return 0; ++} ++ ++static void __exit fini(void) ++{ ++ ipt_unregister_target(&ipt_imqx_reg); ++} ++ ++module_init(init); ++module_exit(fini); ++MODULE_LICENSE("GPL"); diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.config.in iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.config.in --- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.config.in Thu Jan 1 01:00:00 1970 +++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.config.in Sat Mar 23 02:37:20 2002 @@ -0,0 +1,4 @@ + dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE + if [ "$CONFIG_IMQ" == "y" ]; then + dep_tristate ' IMQX target support' CONFIG_IP_NF_TARGET_IMQX $CONFIG_IP_NF_MANGLE + fi diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.configure.help iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.configure.help --- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.configure.help Thu Jan 1 01:00:00 1970 +++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.configure.help Sat Mar 23 02:37:20 2002 @@ -0,0 +1,8 @@ +CONFIG_IP_NF_TARGET_MARK +IMQX target support +CONFIG_IP_NF_TARGET_IMQX + IMQX allows you to exclude packets from beeing enqueued + to the IMQ device + + If you want to compile it as a module, say M here and read + Documentation/modules.txt. If unsure, say `N'. diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.help iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.help --- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.help Thu Jan 1 01:00:00 1970 +++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.help Sat Mar 23 02:37:20 2002 @@ -0,0 +1,14 @@ +Author: Patrick McHardy <kaber@trash.net> +Status: working + +This patch adds IMQX (IMQ eXclude) target for excluding +traffic from beeing enqueued to the IMQ device. + +Usage: + + IMQX + This target excludes traffic from beeing enqueued + to the IMQ device. + +Example: + iptables -t mangle -A POSTROUTING -o eth0 -j IMQX diff -urN iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.makefile iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.makefile --- iptables-1.2.6a-clean/patch-o-matic/extra/IMQX.patch.makefile Thu Jan 1 01:00:00 1970 +++ iptables-1.2.6a/patch-o-matic/extra/IMQX.patch.makefile Sat Mar 23 02:37:20 2002 @@ -0,0 +1,2 @@ +obj-$(CONFIG_IP_NF_TARGET_MARK) += ipt_MARK.o +obj-$(CONFIG_IP_NF_TARGET_IMQX) += ipt_IMQX.o --------------3B62B4388E04887E67394F06--
