On Wed, Mar 24, 2004 at 09:01:49AM -0800, Corey Hickey wrote: > I haven't personally verified this, but I'm pretty sure that even if the > tc filters don't natively support ipv6 matches, you can still use > iptables/ip6tables to mark packets as you choose, and then filter for > that mark. Something like: This does work, but there are a few complications... > # It's often easier to make new chains for this > # because there's an implicit RETURN after a MARK > # so we can't just let packets fall off the end of the chain > # or else they may end up matching later rules. > ip6tables -t mangle -N fast > ip6tables -t mangle -A fast -j MARK --set-mark 0x01 > ip6tables -t mangle -A fast -j ACCEPT > > # just an example > ip6tables -t mangle -A FORWARD -p tcp -s 10.0.0.2 -j fast > > # You can set up your htb (or whatever) framework > # and add this filter for it to reference. > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x01 fw \ > flowid 1:10 That should of course read "protocol ipv6", and then it works. Well, almost. There seem to be rather a lot of issues if trying to mix "protocol ip" and "protocol ipv6" in filters. I've seen a lot of: "RTNETLINK answers: No such file or directory" errors while trying that. Sometimes it appears to work, other times it doesn't, and I've yet to work out why. Which, I must say, is rather irritating. If anybody can shed any light on this I'd like to hear it :) -- Alan Ford * alan@xxxxxxxxxxxxxx _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
