I'm using the patch for dummy as an imq replacement that Jamal posted a little while back. I've tried to do the same thing on an egress qdisc to try to limit outbound speed and still had no luck. My u32 filters work fine, but are not enough for our setup here. Here's what I've got... export TC="/usr/sbin/tc" $TC qdisc add dev eth0 handle ffff: ingress $TC filter add dev eth0 parent ffff: protocol ip prio 1 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev dummy0 modprobe dummy ifconfig dummy0 up iptables -t mangle -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j TCPMSS --set-mss 1350 iptables -t mangle -I POSTROUTING -s xxx.xxx.xx.xx -o eth1 -j MARK --set-mark 14 iptables -t mangle -I POSTROUTING -s xxx.xxx.xx.xxx -o eth1 -j MARK --set-mark 14 iptables -t mangle -I POSTROUTING -s 172.20.5.1 -o eth1 -j MARK --set-mark 14 iptables -t mangle -A POSTROUTING -j CONNMARK --save-mark iptables -t mangle -I PREROUTING -j CONNMARK --restore-mark iptables -t mangle -I PREROUTING 2 -m mark ! --mark 0x0 -j ACCEPT $TC qdisc add dev dummy0 root handle 1: htb default 50 $TC class add dev dummy0 parent 1: classid 1:1 htb rate 100mbps ceil 100mbps $TC class add dev dummy0 parent 1: classid 1:2 htb rate 1500kbit ceil 1500kbit $TC class add dev dummy0 parent 1:1 classid 1:14 htb rate 95mbps ceil 100mbps #ECC $TC class add dev dummy0 parent 1:2 classid 1:15 htb rate 750kbit ceil 1500kbit prio 0 $TC class add dev dummy0 parent 1:15 classid 1:50 htb rate 730kbit ceil 1500kbit prio 0 $TC class add dev dummy0 parent 1:15 classid 1:51 htb rate 20kbit ceil 1500kbit prio 1 #VPN $TC class add dev dummy0 parent 1:2 classid 1:16 htb rate 750kbit ceil 1500kbit prio 0 $TC filter add dev dummy0 parent 1: protocol ip prio 1 u32 match ip protocol 50 0xff flowid 1:16 $TC filter add dev dummy0 parent 1: protocol ip prio 1 u32 match ip src 172.20.5.1/31 flowid 1:14 $TC filter add dev dummy0 parent 1: protocol ip prio 1 handle 50 fw classid 1:50 $TC filter add dev dummy0 parent 1: protocol ip prio 1 handle 51 fw classid 1:51 $TC filter add dev dummy0 parent 1: protocol ip prio 1 handle 9 fw classid 1:60 $TC filter add dev dummy0 parent 1: protocol ip prio 1 handle 14 fw classid 1:14 Thanks, Troy -----Original Message----- From: Catalin(ux aka Dino) BOIE Sent: Friday, April 08, 2005 4:16 PM To: Troy Caldwell Cc: lartc@xxxxxxxxxxxxxxx Subject: Re: fw as filter broken? On Fri, 8 Apr 2005, Troy Caldwell wrote: > Can someone verify that using fw as a filter in iproute2-2.6.11-050330 > is broken. Doesn't seem to work in any case and I saw an earlier post > that would lead me to believe this is the case. If so does anyone > have a temporary fix? Thanks, > Troy > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > Can you post your script, please? --- Catalin(ux aka Dino) BOIE catab at deuroconsult.ro http://kernel.umbrella.ro/ _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
