The problem: # tc qdisc add dev ppp0 handle ffff: ingress RTNETLINK answers: No such file or directory which is an example in the 2.4 routing howto, and according to tc's cmdline help, should be valid. I've seen this problem mentioned elsewhere, and the only response that I've seen is regarding compile-time kernel options... but I haven't seen any responses explicitely saying which ones, nor whether the people who had the problem originally succeeded in making it work. I did also see mention of # tc qdisc add dev $INDEV handle ffff: root ingress which doesn't complain, but blocks all incoming traffic. It does seem like a common problem, so a full explanation on this list (and hopefully in an FAQ somewhere eventually) might also be helpful to others besides myself. For the record, I'm using 2.4.0-test11pre7. # # IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_FTP=m # CONFIG_IP_NF_QUEUE is not set CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_LIMIT=m # CONFIG_IP_NF_MATCH_MAC is not set CONFIG_IP_NF_MATCH_MARK=m CONFIG_IP_NF_MATCH_MULTIPORT=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_STATE=m # CONFIG_IP_NF_MATCH_UNCLEAN is not set # CONFIG_IP_NF_MATCH_OWNER is not set CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y # CONFIG_IP_NF_TARGET_MIRROR is not set CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_MARK=m CONFIG_IP_NF_TARGET_LOG=m # CONFIG_IPV6 is not set # CONFIG_KHTTPD is not set # CONFIG_ATM is not set # # QoS and/or fair queueing # CONFIG_NET_SCHED=y CONFIG_NETLINK=y CONFIG_RTNETLINK=y CONFIG_NET_SCH_CBQ=m CONFIG_NET_SCH_CSZ=m CONFIG_NET_SCH_PRIO=m CONFIG_NET_SCH_RED=m CONFIG_NET_SCH_SFQ=m CONFIG_NET_SCH_TEQL=m CONFIG_NET_SCH_TBF=m CONFIG_NET_SCH_GRED=m CONFIG_NET_SCH_DSMARK=m CONFIG_NET_SCH_INGRESS=m CONFIG_NET_QOS=y CONFIG_NET_ESTIMATOR=y CONFIG_NET_CLS=y CONFIG_NET_CLS_TCINDEX=m CONFIG_NET_CLS_ROUTE4=m CONFIG_NET_CLS_ROUTE=y CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m CONFIG_NET_CLS_RSVP=m CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_POLICE=y # lsmod Module Size Used by sch_red 2384 0 (autoclean) ipt_TOS 1056 7 (autoclean) sch_ingress 1488 0 lp 4640 0 (autoclean) cls_fw 2144 1 (autoclean) ipt_mark 672 0 (autoclean) ipt_MARK 896 1 iptable_mangle 1888 0 (autoclean) (unused) sch_sfq 3408 1 (autoclean) sch_cbq 11088 1 (autoclean) es1371 24528 0 ac97_codec 7632 0 [es1371] dummy 1104 0 (unused) Nb. The main reason I want ingress is to "rate-limit" incoming data from a specific set of web-sites, which come from ppp0 to my squid, and out of eth0. I could rate-limit outgoing eth0 traffic, from squid, but unfortunately it seems that squid will still pull at maximum speed, at least over 33.6k. Regards, rmt. -- I've had a perfectly wonderful evening. But this wasn't it. Groucho Marx
