I only wanted to mention it as interesting possibility but it can't be done in O(1). However it can be simply done in O(N^(1/M)) where M is integer > 1. You can do it by (untested): ipchains -N sub ipchains -A sub -s 0.0.0.1/0.0.0.255 -m +1 ipchains -A sub -s 0.0.0.2/0.0.0.255 -m +2 .. .. ipchains -A input 192.168.1.0/24 -m 0x10000 -j sub ipchains -A input 192.168.2.0/24 -m 0x10100 -j sub .. .. you would need 512 lines to handle 65536 adresses in 256 lookups on average. By creating another '-j subsub' level then you will end up with 96 rules for 65536 addresses with 60 lookups on average. I didn't tested it, it is only idea. But should work. hth, devik On Sat, 8 Dec 2001, yangrunhua wrote: > But how I design a filter( O(1) ) to classify based on fwmark(hash on fwmark)? > > -----Original Message----- > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] On Behalf Of devik > Sent: 2001ĺš´12ć??8ć?Ľ 18:18 > To: yangrunhua > Cc: lartc@xxxxxxxxxxxxxxx > Subject: RE: [LARTC] How could I do this? > > Ehh sorry it is a lot of writting. Look at LARTC HOWTO > 12.4 section. Basicaly if you have ip A.B.C.D then you > can base hash source on D for several fixed A.B.C. > Then you will end with at most N/256+1 lookups for N > ip addresses. > > devik > > On Sat, 8 Dec 2001, yangrunhua wrote: > > > Can you give me an example? > > Thanks. > > > > -----Original Message----- > > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] > > On Behalf Of Martin Devera > > Sent: 2001Ă?Ä?12Ă?Ă?8Ä?Ĺ? 15:58 > > To: yangrunhua > > Cc: lartc@xxxxxxxxxxxxxxx > > Subject: Re: [LARTC] How could I do this? > > > > IMHO u32 with hashes could be used for this. Other interesting > > way is that CBQ & HTB allows you to set packet's class from > > priority. When priority is 0x10003 then the packet is queued > > directly into 1:3 queue. > > You can simly modify classifier (in fact I will do it for > > HTB) to allow such selection thru fwmark. > > You can then mark flows by iptables .... --set-mark 0x10003 to > > assign packet into 1:3 class .. > > > > HTH, devik > > > > On Sat, 8 Dec 2001, yangrunhua wrote: > > > > > If I want to limit bandwidth from a lot of ip addresses( every ip has > > a > > > limit), > > > How could I improve performance( If I could use netfilter to mark the > > > ip packet with the bandwidth assigned to > > > the src ip of packet), normally, this could only be done only by: one > > > qdisc per ip, then there will be too many > > > filters to classify them based on fwmark(and u32 + hash can't satisfy > > my > > > demand that limit bandwidth for every ip, not for ip group), > > > but it try to match line by line, then if many, the performance will > > go > > > down. > > > Many thanks > > > > > > > > > _______________________________________________ > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > > http://ds9a.nl/2.4Routing/ > > > > > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/ > >
