Filter not listed for firewall filter - and not running!

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello all,

I am having some trouble getting a firewall filter to work with TC.   I am
actually setting the mark via EBTables (which is working as far as I can
tell, I am also logging the packet and my syslog reports lots of marks):

ebtables -t broute -A BROUTING -p ipv4 -i eth1 -s 08:00:46:60:B3:57 -j mark
--set-mark 7 --mark-target CONTINUE --log --log-level debug --log-prefix
"EBFW Mark 7"

Now, with the marked packet, I want to rate shape it on ETH0 on its way out.

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1 cbq bandwidth 100Mbit avpkt 1000 cell 8
tc class change dev eth0 root cbq weight 10Mbit allot 1514
tc class add dev eth0 parent 1: classid 1:2500 cbq bandwidth 100Mbit rate
1512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded
tc qdisc add dev eth0 parent 1:2500 handle 2500 sfq perturb 10
tc class add dev eth0 parent 1:2500 classid 1:3500 cbq bandwidth 100Mbit
rate 256Kbit weight 26Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
bounded
tc qdisc add dev eth0 parent 1:3500 handle 3500 sfq perturb 10
tc filter add dev eth0 parent 1:2500 protocol ip prio 100 handle 7 fw flowid
1:3500

But the problem is, when I look at stats, my 3500 queue has no traffic and
my filters are blank, I run a " tc filter show dev eth0" and its empty.  I
have various u32 filters on eth1 and they show up.  If add:

tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dst
0.0.0.0/0 classid 1:2500

I can now see that I have filters on eth0

[root@cbq]# tc filter show dev eth0
[root@cbq]# tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match
ip dst 0.0.0.0/0 classid 1:2500
[root@cbq]# tc filter show dev eth0
filter parent 1: protocol ip pref 100 u32
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800
bkt 0 flowid 1:2500
  match 00000000/00000000 at 16
[root@cbq]#


What am I missing here???

Thanks,

Mike

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux