-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. I don't know if this subject has been treated before. Anyway, this is my question: I have implemented a traffic control / advanced router server using iproute2 and tc (using htb). For all my outgoing tc policies, all it's ok (all the traffic goes out using eth0, and therefore I'm able to catch it using the corresponfing tc filter). However, the incoming traffic has to be treated in eth1, which has several virtual ifaces (eth1:0, eth1:1, eth1:2 and so on). Even I have introduced all the tc rules correctly, the kernel is not matching any filter rule and there is no way to match any destination into any queue discipline. Anyone knows some way to implement that ? Here are my tc rules: tc qdisc add dev eth0 root handle 1: htb default 99 # Root class tc class add dev eth0 parent 1: classid 1:1 htb rate 3256kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit ## tc class add dev eth0 parent 1:1 classid 1:11 htb rate 128kbit ceil 128kbit ## tc class add dev eth0 parent 1:1 classid 1:12 htb rate 90kbit ceil 128kbit ## ... an so on tc class add dev eth0 parent 1:1 classid 1:99 htb rate 1024kbit ceil 3256kbit # tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 213.???.???.??? flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 213.???.???.??? flowid 1:10 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 62..???.???.??? flowid 1:11 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 213..???.???.??? flowid 1:12 tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 213.229.188.143 flowid 1:13 ... and so on - --> this is tha part that works correctly :-) # Root class tc class add dev eth1 parent 1: classid 1:1 htb rate 3256kbit tc class add dev eth1 parent 1:1 classid 1:10 htb rate 128kbit ceil 256kbit ## tc class add dev eth1 parent 1:1 classid 1:11 htb rate 128kbit ceil 128kbit ## tc class add dev eth1 parent 1:1 classid 1:12 htb rate 90kbit ceil 128kbit ## ... an so on tc class add dev eth1 parent 1:1 classid 1:99 htb rate 1024kbit ceil 3256kbit # tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 213.???.???.??? flowid 1:10 tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 213.???.???.??? flowid 1:10 tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 62..???.???.??? flowid 1:11 tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 213..???.???.??? flowid 1:12 tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip dst 213.229.188.143 flowid 1:13 ... and so on - --> This part doesn't match any filter rule !!!!! I think the possible problems could be: tc doesn't match virtual interfaces, as the tc definition says eth1, not eth1:?. I have tried to define tc filter rules using eth1:?, but tc doen't likes that. Anyone has been implemented an scenario similar than this ? Any help will be appreciated !! Regards Enric Ramos enric@xxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPqmmLyu+yQzF8Lq8EQKZhwCg7xTocqm/RjEcaUScp2m4WX+k5HwAnjok NPzvrkoSIl4B4izx2p5T3yhp =P1Vy -----END PGP SIGNATURE-----