Krzysztof Matusik wrote:
Hi all.
I'm using Jamal's ifb virtual interface from new kernel. Redirecting incoming
traffic from external interface like that:
# tc [blahbla] match u32 0 0 flowid 1:0 action mirred egress redirect dev ifb0
to ifb to shape it.
The problem is that I'm using MASQUERADE by netfilter also. That redirected
traffic coming from internet gets to ifb _before_ DNAT is done. So I cannot
filter or mark it in other way by ip dst address to differ between forwarded
and incoming traffic to my node.
Goal is to find a solution how to let tc filter find the difference between
forwarded and incoming traffic in that redirected traffic coming to ifb
device so shaping/queueing could be done elegantly :-)
(well, infact this traffic goes off ifb device and then gets routed and masqed
etc- by egress queue)
Anybody got any nice ideas?
You still need to use IMQ for this situation at this time.
There has been talk of making an ematch that can get netfilter state.
Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
