Andrea Rossato wrote:
4. How can I set up a filter for shaping (in ppp0) encapsulated traffic? for istance, if I want ssh to vpn0 to have maximum priority either within the tunnel and also within the traffic passing trough ppp0, how can achivie that? I cannot find documentation on u32 that I can use to work that out...
I did it the hard way: dumped packets to find out...
I post this with the hope tha it can be useful to others.
I need to shape internally encapsulated traffic (a gre tunnel) in order to give interactivity maximum priority in my adsl uplink connection but treating bulk vpn traffic as usual bulk traffic.
To achieve that I need to match encapsulated packets. Following you will find some tested examples that can help you understand how to do - I needed something like this last night. :)
Question: I cannot match anything with nexthdr (neither assuming ip herders are 24 bytes long). Way? I'm using linux-2.4.20-rc4 and tc binary from htb3.6-020525
Regards,
Andrea
A gre encapsulated ip packet:
|<20 bytes ip header>||<4 bytes gre header >||<20 bytes ip header>||<ip protocol header and the rest>|
Matching exsamples:
#match tos 0x10 Minimum Delay
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
match ip protocol 47 0xff \
match u16 0x10 00ff at 24 \
flowid 1:50
#match ICMP (ip protocol 1)
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
match ip protocol 47 0xff \
match u16 0x01 00ff at 32 \
flowid 1:50
#match dport 22 (ssh)
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
match ip protocol 47 0xff \
match u16 0x06 00ff at 32 \ # match ip protocol 6 (tcp)
match u16 0x0016 ffff at 46 \ # match dport 22 (ssh)
flowid 1:50
#match dest address
tc filter add dev ppp0 parent 1:0 prio 10 u32 \
match ip protocol 47 0xff \
match u16 0x01 00ff at 32 \ # match ip protocol 1 (icmp)
match u32 0xac100201 ffffffff at 40 \ # match ip addr 172.16.02.01
flowid 1:50
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
