> My linux box has 2 interfaces (eth0 and eth1). These are bridged to form > br0. > All web/email traffic is sent to IMQ (via netfilter) and shaped. > > The VLAN traffic just has a 4-byte 802.1Q header between the ethernet > header and > the IP header (which is stripped off by br_netfilter.c so iptables can > "see" the > underlying IP packet). > > The problem is the VLAN packets (which contain web/email traffic) are seen > and > marked by netfilter and pass through IMQ but are not shaped (whereas > regular > web/email traffic is shaped). > John, Did you find an answer??? I have the same problem, sort of. My LAN interface has 10 VLANs, and I mark the packets in IPTABLES based off of source MAC address. This mark is holding fine and when passed to the IMQ I have for Internet based traffic, the traffic is shaping fine (I can post the code if you need me to). The problem I am having is on downstream data (from internet to VLANS). On a non-VLAN interface, I use the following filer to put the traffic into the correct users "bucket": filter parent 1: protocol ip pref 1 u32 fh 800::8b3 order 2227 key ht 800 bkt 0 flowid 1:10b5 match 47b60401/ffffffff at -12 match 00000003/0000ffff at -16 This works great on non-vlan interfaces, but not so on the VLANs, so I figured with the 4 byte VLAN header appended AFTER the Ethernet frame and BEFORE the IP frame, I could do this: filter parent 1: protocol ip pref 1 u32 fh 800::8b3 order 2227 key ht 800 bkt 0 flowid 1:10b5 match 47b60401/ffffffff at -16 match 00000003/0000ffff at -20 But that is not matching a darn thing. Any thoughts? I am stumped - of course, I don't know if the VLAN header is on the packets as they are handed off to the IMQ, but it would appear so as they do not match the "old" filter which works without any VLAN tagging. --Mike _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
