Dear Admins and Hackers, maybe i am to stupid to use 'tc'. But i having logical Problems to understand the Filter Rules in tc. Common Config: There is a Linux Engine (Debian) with a 2.6.11.11 Kernel which act as Packetshaper. Two Interfaces eth0 and eth1 are installed. Interface 'eth0' is the Firewall Side Net 195.185.185.0/24. Interface 'eth1' goes to the Internet (switch and Routers to the isps). Both Interfaces are bridged. The TEST Client is located on the eth0 Device of the Packetshaper. Kernel Module: (lsmod) Module Size Used by mirred 7744 0 sch_dsmark 7424 0 police 10976 0 pedit 7648 0 gact 7008 0 cls_rsvp 7424 0 cls_route 7808 0 sch_prio 5888 0 ipt_state 2048 0 ipt 8288 0 sch_htb 18816 0 cls_tcindex 8192 0 cls_u32 9220 0 cls_fw 5504 0 TC Config (a htb Qdisc): for d in eth0 eth1; do tc qdisc add dev $d root handle 1:0 htb default 12 tc class add dev $d parent 1:2 classid 1:2 htb rate 8096mbit tc class add dev $d parent 1:2 classid 1:10 htb rate 64kbit ceil 64kbit prio 0 tc class add dev $d parent 1:2 classid 1:12 htb rate 1024mbit ceil 1024mbit prio 0 done Http Filter ( looks for (Source)Port 80 on Offset 20 in the Ip Packet (Httpserver Answer) ): tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match u32 0x500000 0xffff0000 at 20 classid 1:10 This Filter is working and the http download on the Firewall Side is resticted to 64 kbit as you can see below. tc -s filter show dev eth0 : filter parent 1: protocol ip pref 100 u32 filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:10 (rule hit 151 success 129) match 00500000/ffff0000 at 20 (success 129 ) But why i !cant! filter Packets with dstPort 80 or Src Ip on eth0: Dstport 80: tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match u32 0x50 0xffff at nexthdr+0 classid 1:10 or Source Ipaddress: tc filter add dev eth0 parent 1:0 protocol ip prio 0 u32 match ip src 195.185.185.2/32 classid 1:10 On these Filters are no success Counters. Our Firewall cant it be. I connect our Testlaptop directly to the eth0 Packetshaper Device. When i run a "tcpdump -i eth0" on the Packetshaper i saw the Src Ipaddress 195.185.185.2 and dstport 80 Packets. I cant understand why tc not able to find the SRC IP Fields in the Packets on eth0 of the Packetshaper. At first i thought the problem will be the br_fw (bridgerouter) Option in the Kernel. Without these Option the Problem is still alive. In my Eyes it´s not logical! Please can anyone help me? Have no Idea left. I hope there is a Hacker or Admin which can me tell the Filterlogic. thanks in advance Christian ______________________________________________________________ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193 _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
