Success! If you put the traffic shaping qdiscs on the physical interface and change ONE thing on the filter statement, everything works as advertised. Just change the "protocol ip" to "protocol 802.1q" on the filter commands and Viola - VLAN traffic shaping... I have not tested other rules, but our destination mac address rule with u32 matches works as follows: $TC filter add dev eth1 parent 1:0 prio 1 protocol 802.1q \ u32 match u32 0x$mymac3$mymac4$mymac5$mymac6 0xFFFFFFFF at -12 \ match u32 0x0000$mymac1$mymac2 0x0000FFFF at -16 \ classid 1:$myclassid Hope this helps someone. --Mike > -----Original Message----- > From: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] On > Behalf Of Michael S. Kazmier > Sent: Tuesday, September 28, 2004 2:33 PM > To: 'lartc mailing list' > Subject: RE: Help! VLAN tagged traffic not shaping :-( > > > My linux box has 2 interfaces (eth0 and eth1). These are bridged to form > > br0. > > All web/email traffic is sent to IMQ (via netfilter) and shaped. > > > > The VLAN traffic just has a 4-byte 802.1Q header between the ethernet > > header and > > the IP header (which is stripped off by br_netfilter.c so iptables can > > "see" the > > underlying IP packet). > > > > The problem is the VLAN packets (which contain web/email traffic) are > seen > > and > > marked by netfilter and pass through IMQ but are not shaped (whereas > > regular > > web/email traffic is shaped). > > > > > John, > > Did you find an answer??? I have the same problem, sort of. My LAN > interface has 10 VLANs, and I mark the packets in IPTABLES based off of > source MAC address. This mark is holding fine and when passed to the IMQ > I > have for Internet based traffic, the traffic is shaping fine (I can post > the > code if you need me to). > > The problem I am having is on downstream data (from internet to VLANS). > On > a non-VLAN interface, I use the following filer to put the traffic into > the > correct users "bucket": > > filter parent 1: protocol ip pref 1 u32 fh 800::8b3 order 2227 key ht 800 > bkt 0 flowid 1:10b5 > match 47b60401/ffffffff at -12 > match 00000003/0000ffff at -16 > > This works great on non-vlan interfaces, but not so on the VLANs, so I > figured with the 4 byte VLAN header appended AFTER the Ethernet frame and > BEFORE the IP frame, I could do this: > > filter parent 1: protocol ip pref 1 u32 fh 800::8b3 order 2227 key ht 800 > bkt 0 flowid 1:10b5 > match 47b60401/ffffffff at -16 > match 00000003/0000ffff at -20 > > But that is not matching a darn thing. Any thoughts? I am stumped - of > course, I don't know if the VLAN header is on the packets as they are > handed > off to the IMQ, but it would appear so as they do not match the "old" > filter > which works without any VLAN tagging. > > --Mike > > _______________________________________________ > LARTC mailing list / LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
