On Monday 20 January 2003 16:56, ray-nger wrote:
> Hello lartc,
> Q1:
>
> If I want select subhet, I wrote
> ...u32 match ip dst a.d.r.es/net police ...
> How I can say "all except z.x.y" ?
> Both src/dest addr/port - I foundn't this info in HOWTO :(((
Use 2 filters :
1. all z.x.y to a class
2. all to an other class
so the second filter matches all except x.y.z
> Q2:
> Why I can't (or not allowed) to create more then one class into
> !ingress! queue? I know, it's incoming trafic? but why?
> it's look simply: (yes, i may be wrong:)
> If first incomng packet owerlimit own filtered class - then drop, else
> pass...
>
> Why it's hardly then outgoing (drop only!!)?
> or, if it's possible - give a sample, please.
It's not possible. The ingress qdisc is not a real qdisc. All egress qdiscs
like htb/cbq/sfq are changing the queue of packets that leaves a nic. But
for incoming there is no queue that you can change.
So you can add a ingress qdisc and you can use filters+policers to manage
incoming traffic, but it will not so powerfull as you can with outgoing
packets. You can't delay a packet with the ingress qdisc.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
