by the way I just found that if you attach fw filter without rules it will simply select class with classid == fwmark (nfmark in 2.4). devik On Sun, 9 Dec 2001, yangrunhua wrote: > If I can modifiy skb->prio, > How can I use it to distribute packets directly to a class? > > -----Original Message----- > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] On Behalf Of devik > Sent: 2001ĺš´12ć??8ć?Ľ 23:12 > To: yangrunhua > Cc: lartc@xxxxxxxxxxxxxxx > Subject: RE: [LARTC] How could I do this? > > I only wanted to mention it as interesting possibility > but it can't be done in O(1). However it can be simply done > in O(N^(1/M)) where M is integer > 1. You can do it by (untested): > > ipchains -N sub > ipchains -A sub -s 0.0.0.1/0.0.0.255 -m +1 > ipchains -A sub -s 0.0.0.2/0.0.0.255 -m +2 > .. > .. > ipchains -A input 192.168.1.0/24 -m 0x10000 -j sub > ipchains -A input 192.168.2.0/24 -m 0x10100 -j sub > .. > .. > > you would need 512 lines to handle 65536 adresses > in 256 lookups on average. By creating another '-j subsub' > level then you will end up with 96 rules for 65536 > addresses with 60 lookups on average. > > I didn't tested it, it is only idea. But should work. > > hth, devik > > On Sat, 8 Dec 2001, yangrunhua wrote: > > > But how I design a filter( O(1) ) to classify based on fwmark(hash on fwmark)? > > > > -----Original Message----- > > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] On Behalf Of devik > > Sent: 2001ĺť´12Ä?Ĺ?Â?8Ä?â??Ä˝ 18:18 > > To: yangrunhua > > Cc: lartc@xxxxxxxxxxxxxxx > > Subject: RE: [LARTC] How could I do this? > > > > Ehh sorry it is a lot of writting. Look at LARTC HOWTO > > 12.4 section. Basicaly if you have ip A.B.C.D then you > > can base hash source on D for several fixed A.B.C. > > Then you will end with at most N/256+1 lookups for N > > ip addresses. > > > > devik > > > > On Sat, 8 Dec 2001, yangrunhua wrote: > > > > > Can you give me an example? > > > Thanks. > > > > > > -----Original Message----- > > > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] > > > On Behalf Of Martin Devera > > > Sent: 2001Ä?â??Ă?â?˘12Ä?â??Ä?â??8Ă?Ĺ?ÄšÂ? 15:58 > > > To: yangrunhua > > > Cc: lartc@xxxxxxxxxxxxxxx > > > Subject: Re: [LARTC] How could I do this? > > > > > > IMHO u32 with hashes could be used for this. Other interesting > > > way is that CBQ & HTB allows you to set packet's class from > > > priority. When priority is 0x10003 then the packet is queued > > > directly into 1:3 queue. > > > You can simly modify classifier (in fact I will do it for > > > HTB) to allow such selection thru fwmark. > > > You can then mark flows by iptables .... --set-mark 0x10003 to > > > assign packet into 1:3 class .. > > > > > > HTH, devik > > > > > > On Sat, 8 Dec 2001, yangrunhua wrote: > > > > > > > If I want to limit bandwidth from a lot of ip addresses( every ip has > > > a > > > > limit), > > > > How could I improve performance( If I could use netfilter to mark the > > > > ip packet with the bandwidth assigned to > > > > the src ip of packet), normally, this could only be done only by: one > > > > qdisc per ip, then there will be too many > > > > filters to classify them based on fwmark(and u32 + hash can't satisfy > > > my > > > > demand that limit bandwidth for every ip, not for ip group), > > > > but it try to match line by line, then if many, the performance will > > > go > > > > down. > > > > Many thanks > > > > > > > > > > > > > _______________________________________________ > > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > > > http://ds9a.nl/2.4Routing/ > > > > > > > > > > > > _______________________________________________ > > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/ > > > > > > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/ > >