Hi,
what is needed to
activate ingress policies for enterprise server 9!
My current loaded
modules:
in the
attachments
my kernel:
Linux linux 2.6.5-7.97-smp #1 SMP Fri Jul 2 14:21:59 UTC 2004
i686 i686 i386 GNU/Linux
So you can see the
module sch_ingress is loaded and also the package iprout2 is
installed.
I have set also a
filter for ingress policies but i don`t think it is working, because i have
never dropped packages:
tc qdisc add dev
eth0 ingress
tc filter add dev
eth0 parent ffff: protocol ip u32 match ip dport 8099 0xffff police rate 1kbit
burst 1kbit mtu 1 drop flowid :1
# tc -s qdisc ls dev
eth0
qdisc ingress ffff:
Sent 83463 bytes 1002 pkts (dropped 0, overlimits 0)
qdisc pfifo_fast 0: [Unknown qdisc, optlen=20]
Sent 316975056 bytes 1093222 pkts (dropped 0, overlimits 0)
qdisc ingress ffff:
Sent 83463 bytes 1002 pkts (dropped 0, overlimits 0)
qdisc pfifo_fast 0: [Unknown qdisc, optlen=20]
Sent 316975056 bytes 1093222 pkts (dropped 0, overlimits 0)
a example
tcpdump:
# tcpdump -v port
8099
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:19:25.340470 IP (tos 0x0, ttl 63, id 31421, offset 0, flags [DF], length: 48) 158.226.150.44.4870 > iacapp3.local.8099: S [tcp sum ok] 2049470510:2049470510(0) win 64240 <mss 1460,nop,nop,sackOK>
13:19:25.341584 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 48) iacapp3.local.8099 > 158.226.150.44.4870: S [tcp sum ok] 1753072926:1753072926(0) ack 2049470511 win 5840 <mss 1460,nop,nop,sackOK>
13:19:25.341042 IP (tos 0x0, ttl 63, id 31422, offset 0, flags [DF], length: 40) 158.226.150.44.4870 > iacapp3.local.8099: . [tcp sum ok] ack 1 win 64240
13:19:25.342163 IP (tos 0x0, ttl 63, id 31423, offset 0, flags [DF], length: 704) 158.226.150.44.4870 > iacapp3.local.8099: P 1:665(664) ack 1 win 64240
13:19:25.342188 IP (tos 0x0, ttl 64, id 52551, offset 0, flags [DF], length: 40) iacapp3.local.8099 > 158.226.150.44.4870: . [tcp sum ok] ack 665 win 6640
13:19:25.357938 IP (tos 0x0, ttl 64, id 52552, offset 0, flags [DF], length: 297) iacapp3.local.8099 > 158.226.150.44.4870: P 1:258(257) ack 665 win 6640
13:19:25.490836 IP (tos 0x0, ttl 63, id 31429, offset 0, flags [DF], length: 399) 158.226.150.44.4870 > iacapp3.local.8099: P 665:1024(359) ack 258 win 63983
13:19:25.491986 IP (tos 0x0, ttl 64, id 52553, offset 0, flags [DF], length: 1288) iacapp3.local.8099 > 158.226.150.44.4870: P 258:1506(1248) ack 1024 win 7968
13:19:25.691613 IP (tos 0x0, ttl 63, id 31436, offset 0, flags [DF], length: 40) 158.226.150.44.4870 > iacapp3.local.8099: . [tcp sum ok] ack 1506 win 64240
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:19:25.340470 IP (tos 0x0, ttl 63, id 31421, offset 0, flags [DF], length: 48) 158.226.150.44.4870 > iacapp3.local.8099: S [tcp sum ok] 2049470510:2049470510(0) win 64240 <mss 1460,nop,nop,sackOK>
13:19:25.341584 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 48) iacapp3.local.8099 > 158.226.150.44.4870: S [tcp sum ok] 1753072926:1753072926(0) ack 2049470511 win 5840 <mss 1460,nop,nop,sackOK>
13:19:25.341042 IP (tos 0x0, ttl 63, id 31422, offset 0, flags [DF], length: 40) 158.226.150.44.4870 > iacapp3.local.8099: . [tcp sum ok] ack 1 win 64240
13:19:25.342163 IP (tos 0x0, ttl 63, id 31423, offset 0, flags [DF], length: 704) 158.226.150.44.4870 > iacapp3.local.8099: P 1:665(664) ack 1 win 64240
13:19:25.342188 IP (tos 0x0, ttl 64, id 52551, offset 0, flags [DF], length: 40) iacapp3.local.8099 > 158.226.150.44.4870: . [tcp sum ok] ack 665 win 6640
13:19:25.357938 IP (tos 0x0, ttl 64, id 52552, offset 0, flags [DF], length: 297) iacapp3.local.8099 > 158.226.150.44.4870: P 1:258(257) ack 665 win 6640
13:19:25.490836 IP (tos 0x0, ttl 63, id 31429, offset 0, flags [DF], length: 399) 158.226.150.44.4870 > iacapp3.local.8099: P 665:1024(359) ack 258 win 63983
13:19:25.491986 IP (tos 0x0, ttl 64, id 52553, offset 0, flags [DF], length: 1288) iacapp3.local.8099 > 158.226.150.44.4870: P 258:1506(1248) ack 1024 win 7968
13:19:25.691613 IP (tos 0x0, ttl 63, id 31436, offset 0, flags [DF], length: 40) 158.226.150.44.4870 > iacapp3.local.8099: . [tcp sum ok] ack 1506 win 64240
9 packets
captured
9 packets received by filter
0 packets dropped by kernel
9 packets received by filter
0 packets dropped by kernel
what is
missing!?
Or is my filter
false!
Thanks,
Gernot
Attachment:
lsmod
Description: Binary data
Attachment:
packages
Description: Binary data
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
