I worked out how to filter based on SRC IP, you can't with tc. Using iptables PREROUTING you can but I wanted to avoid getting QOS into iptables. I also found you can filter on SRC/DST MAC address. Hmm same thing really so here is what you need to know: the u32 can be used to match any bit in the ip header. Before the ip header, there is a frame header. In that frame header you can find the src and dst mac address. You can trick the u32 filter in using the frame header if you use negative offsets. Decimal Offset Description -14: DST MAC, 6 bytes -8: SRC MAC, 6 bytes -2: Eth PROTO, 2 bytes, eg. ETH_P_IP 0: Protocol header (IP Header) Egress (match Dst MAC): ... match u16 0xPPPP 0xFFFF at -2 match u32 0xM2M3M4M5 0xFFFFFFFF at -12 match u16 0xM0M1 0xFFFF at -14 Ingress (match Src MAC): ... match u16 0xPPPP 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF at -8 Where PPPP is the Eth Proto Code (from linux/include/linux/if_ether.h): ETH_P_IP= IP = match u16 0x0800 So the below is what I came up with and it works. Simplistic I know. Now that I have the basics working I can build on it now with diferent QOS settings for different packet types (ie ack, ssh, bulk) though I may use L7 filtering using iptables for this. Hey using iptables after all this :\ tc qdisc add dev ppp0 root handle 1:0 htb default 20 tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil 128kbit tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 # My Laptop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF at -8 flowid 1:10 # My Desktop tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF at -8 flowid 1:20 # change the MAC's of course. tc -s -d class show dev ppp0 tc -s -d qdisc show dev ppp0 tc -s -d filter show dev ppp0 There you have it. :L ------------------------------------------------------------------------------ > Hi All, > > I've been playing with QOS for a short while now and have worked out how to > do what I want using HTB. Great queuing discipline btw. > > My problem is the tc filters I want to setup aren't working because > iptables is getting to the packets first and mangling the src address. > > The iptables script I am using is MonMotha's Firewall 2.3.8 and it includes > lots of nice goodies like syn flood rate limiting. The extra bits like this > are why I'm using it rather than figuring the iptables configuration out > myself. > > My network configuration is trivial, adsl router connected to linux box > connected to two networks, LAN and WLAN. > > I like having these iptables features but MonMotha's Firewall isn't > designed with QOS in mind. > > My question for this list, is there a recommended iptables router script > that everyone here uses designed with QOS in mind or have you all written > your own ? > > Thanks in Advance > > Lee > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc -- _____________________________________________________ Lee Sanders Computer Systems Engineer Consultant Email: tagline@xxxxxxxxxx Professionals Mobile: 0400481632 77 122 550 929 _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
