Re: u32 and iptables do not work together

Nataniel Klug <nata@xxxxxxxxxxxx> · Sat, 08 Apr 2006 08:21:40 -0300

Jody,

I think it worked fine... This is my new script (below the text). I just 
dont know how can I know if this traffic is relly going to the class I 
send it... hehehehe... I am marking Skype packages using L7-Filter like 
this:

$IPT -t mangle -A PREROUTING -m layer7 --l7proto skypetoskype -j MARK 
--set-mark 10

Att,

Nataniel Klug

--------------------------------

#!/bin/sh
#------
# Script de QoS Cyber Nett
#------
# Nataniel Klug
# suporte@xxxxxxxxxxxx
#------

TC="/sbin/tc"
IPT="/usr/local/sbin/iptables"

DL="eth3"

#------
# Apagando regras antigas de QoS
#------
$TC qdisc del dev $DL root    2> /dev/null > /dev/null
$TC qdisc del dev $DL ingress 2> /dev/null > /dev/null

#------
# Regras para a placa eth1
#------
$TC qdisc add dev $DL root handle 1: htb default 50

CLASS="/sbin/tc class add dev $DL parent"
$CLASS 1: classid 1:1 htb rate 3072Kbit
$CLASS 1:1 classid 1:10 htb rate 384Kbit prio 1
$CLASS 1:1 classid 1:20 htb rate 1024Kbit ceil 2048Kbit prio 2
$CLASS 1:1 classid 1:30 htb rate 512Kbit ceil 512Kbit prio 3
$CLASS 1:1 classid 1:40 htb rate 512Kbit ceil 512Kbit prio 4
$CLASS 1:1 classid 1:50 htb rate 640Kbit ceil 640Kbit prio 5

QDISC="/sbin/tc qdisc add dev $DL parent"
$QDISC 1:10 handle 10: sfq perturb 10
$QDISC 1:20 handle 20: sfq perturb 10
$QDISC 1:30 handle 30: sfq perturb 10
$QDISC 1:40 handle 40: sfq perturb 10
$QDISC 1:50 handle 50: sfq perturb 10

FILTER="/sbin/tc filter add dev $DL parent 1:0 protocol"

$FILTER ip prio 11 u32 match ip protocol 1 0xff flowid 1:10
$FILTER ip prio 12 u32 match ip sport 22 0xffff flowid 1:10
$FILTER ip prio 12 u32 match ip sport 23 0xffff flowid 1:10
$FILTER ip prio 12 u32 match ip sport 2202 0xffff flowid 1:10

$FILTER ip prio 13 u32 match ip sport 6121 0xffff flowid 1:10
$FILTER ip prio 13 u32 match ip sport 5121 0xffff flowid 1:10

$FILTER ip prio 14 handle 10 fw classid 1:10

$FILTER ip prio 21 u32 match ip sport 80 0xffff flowid 1:20
$FILTER ip prio 21 u32 match ip sport 443 0xffff flowid 1:20
$FILTER ip prio 21 u32 match ip sport 3128 0xffff flowid 1:20
$FILTER ip prio 22 u32 match ip src 200.189.176.206/32 flowid 1:20
$FILTER ip prio 22 u32 match ip src 200.189.176.205/32 flowid 1:20
$FILTER ip prio 22 u32 match ip sport 5065 0xffff flowid 1:20
$FILTER ip prio 22 u32 match ip sport 5070 0xffff flowid 1:20

$FILTER ip prio 31 u32 match ip sport 53 0xffff flowid 1:30
$FILTER ip prio 32 u32 match ip sport 25 0xffff flowid 1:30
$FILTER ip prio 32 u32 match ip sport 110 0xffff flowid 1:30

$FILTER ip prio 41 u32 match ip sport 21 0xffff flowid 1:40
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: u32 and iptables do not work together

Linux Advanced Routing and Traffic Control