panca sorin wrote:
Thanck you for your help!
I noticed the ipset tools and I tried to use the
CONNMARK but I don't know how to verify if bitwise
manipulation works. The IP list is random and the
router is an Athlon at 1200 MHz with 64 MB of SDRAM
and a PIO mode 4 harddisk.
After marking for destination, the packets are marked
for priorization. I tried to use the dsmark and some
ingress policing but I've faild to understand how they
work. Also I'm in a hurry and I try to use what I know
for now. Since I have to shape for two speeds, now
I've discovered the --limit filter in iptables and I
try to match packets based on their speeds.
Each connected client has its own class on dev eth1.
There are 38 clients now. On eth2 I shape based on
connection ports. Audio/video, chat and interactive
traffic (and connection control packets) have higher
priority. Here are my script and configuration files
(is best viewd unwraped with kwrite):
That's a big script - I haven't had time to read it properly and I'd
still be likely to miss things :-)
Ingress policers won't work with fw if your kernel config has packet
actions selected. If you don't it will work but only with marks set in
prerouting.
Bitwise manipulation of normal marks should work for recent iptables
just remember to use 0x as it uses decimal otherwise. If you want to
test just make an empty match and look at the counters. So to set bit 2
of the mark use --or-mark 0x2 instead of --set-mark.
I've never used ipset but it seems suited to what you need.
If you choose to use mark/connmark then you can get htb to treat marks
like classify - you just put an empty fw on the root and have to make
sure the marks have the major id in the top 16bits and you have a class
for the minor.
Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
