I've just recently setup a linux bridge that is doing some traffic
shaping/policing using HTB/SFQ for a small college network. Everything
is working great!!! but I've recently discovered something that seems to
break my filter/shaping scheme.
I have 4 classes one for unrestricted bandwidth usage (web/ssh/ftp/etc..),
slightly restricted (mail/internet games/etc...), a class for the NNTP,
and a class for "all the rest." Most of the classifiers are based
on tcp/udp ports and/or on a specific machine or local subnet...
For some of my machines Kazaa or the GNUTELLA protocol is running itself
on port 80. Is there any way to filter the GNUTELLA traffic into my bulk
traffic class ("all the rest") even if GNUTELLA is running on port 80?
>From reading the archives... it seems there is a iptables type solution (I
built the iptables/nat+bridging patch into the kernel) but I haven't had
any luck in finding it let alone another solution using tc/match filters.
--
David DeLauro
Computer Systems Analyst
Saint Joseph's College
Rensselaer, IN 47978
Education is the progressive realization of our ignorance. - Dot, Animaniacs
When secrecy becomes a certain protection in whose shadow embryonic ideas are born and nurtured then it becomes indeed a sacred silence. For every form of life, from flower to very man himself, requires this fostering period of protected germination. - Rollin Malbone Pease
There is no greater tyranny, than that which is perpetrated under the shield of law and in the name of justice. - Montesquieu
