Re: [tcng] and iptables

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

raptor wrote:
> As we discused earlier in the list tcng still doesn't support
> ipchains/iptable/ip route marking and classifing based on this.

Well, you can just use the MARK target to set skb->nfmark with
iptables, and you can then use this for classification with the
"fw" classifier, e.g.

prio {
    fw {
	class (1) on (13);
	class (2) on (42);
    }
}

13 and 42 are the MARK values.

> In fact it a litle bit harder :
> 3 frame realy channels (1 upstream/pvc0 and 2 downstream/pvc1,pvc2) and 2
> eth.


Combining classifiers is rather tricky, and it's also quite
limited by the way how classifiers are chained. You can build
interesting things with that, as shown e.g. in the section
"Dump actions" of tcc/if_u32.c, but it's quite messy.

tcc doesn't support any combined classifiers (when using tc),
because the limitations imposed by the kernel traffic control
are just too narrow.

Example: let's assume, you could select "nfmark == X" in an
"if" construct, and tcc would build a classifier combining
"fw" and "u32". Then, the following expressions could be
converted:

class (<$class_1>) if nfmark == VALUE_1 && $condition_1;
class (<$class_2>) if nfmark == VALUE_1 && $condition_2;
class (<$class_3>) if 1;

and

class (<$class_1>) if nfmark == VALUE_1 && $condition_1;
class (<$class_2>) if nfmark == VALUE_2 && $condition_1;
class (<$class_3>) if 1;

but not

class (<$class_1>) if nfmark == VALUE_1 && $condition_1;
class (<$class_2>) if nfmark == VALUE_2 && $condition_2;
class (<$class_3>) if 1;

I don't even want to think about how to combine this with
policing :-)

So in your case, the correct solution is to do the whole
classification process in iptables, and only use "fw" in
the tcng part. In a future version of tcc, you'll also be
able to usw "if" instead of "fw".

- Werner

-- 
  _________________________________________________________________________
 / Werner Almesberger, Buenos Aires, Argentina         wa@almesberger.net /
/_http://www.almesberger.net/____________________________________________/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux