For the benefit of everyone, this is a kernel bug. There is info on it here: http://qa.mandriva.com/show_bug.cgi?id=13845 On Mon, 2005-12-05 at 21:29 +0800, Michael Collard wrote: > I am trying to get IPP2P working on my router. Thus far I can see > connections being marked (see below), but they don't seem to get saved > or something. When looking at /proc/net/ip_conntrack, nothing has > anything other than 0 for mark. The iptables commands for this are: > > iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark > iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT > iptables -t mangle -A PREROUTING -m ipp2p --bit --dc --edk -j MARK > --set-mark 3 > iptables -t mangle -A PREROUTING -m mark --mark 3 -j CONNMARK > --save-mark > iptables -t mangle -A POSTROUTING -o ppp0 -m mark --mark 3 -j CLASSIFY > --set-class 1:50 > > This is pretty much a copy of one of the examples from the ipp2p web > site. When doing a iptables -t mangle -L -n -v -x, I get the following: > > > Chain PREROUTING (policy ACCEPT 7179 packets, 1787132 bytes) > pkts bytes target prot opt in out source > destination > 799 161475 CONNMARK all -- * * 0.0.0.0/0 > 0.0.0.0/0 CONNMARK restore > 0 0 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 MARK match !0x0 > 28 4372 MARK all -- * * 0.0.0.0/0 > 0.0.0.0/0 ipp2p v0.7.4 --edk --dc --bit MARK set 0x3 > 28 4372 CONNMARK all -- * * 0.0.0.0/0 > 0.0.0.0/0 MARK match 0x3 CONNMARK save > > Chain INPUT (policy ACCEPT 3388 packets, 610487 bytes) > pkts bytes target prot opt in out source > destination > > Chain FORWARD (policy ACCEPT 3789 packets, 1175165 bytes) > pkts bytes target prot opt in out source > destination > > Chain OUTPUT (policy ACCEPT 2911 packets, 684078 bytes) > pkts bytes target prot opt in out source > destination > > Chain POSTROUTING (policy ACCEPT 6757 packets, 1866938 bytes) > pkts bytes target prot opt in out source > destination > 15 1752 CLASSIFY all -- * ppp0 0.0.0.0/0 > 0.0.0.0/0 MARK match 0x3 CLASSIFY set 1:50 > > So I can see the packets are getting marked, or at least I see them > being matched. Just don't know why the connection doesn't get shaped. > Here's the stats from tc. > > class htb 1:50 parent 1:1 leaf 50: prio 5 rate 325000bit ceil 650000bit > burst 1639b cburst 1680b > Sent 1752 bytes 15 pkt (dropped 0, overlimits 0 requeues 0) > rate 0bit 0pps backlog 0b 0p requeues 0 > lended: 15 borrowed: 0 giants: 0 > tokens: 38314 ctokens: 19674 > > I am using kernel 2.6.11-6 and ipp2p 7.4 with iptables 1.2.9 > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
