Using fwmark would mean that packets have to pass two filter systems. First iptables, where the got marked and then the tc-filter ruleset where the mark needs to be matched again. And this is something I want to avoid because this means worse performance, so I was wondering if there is a possible way to do time matching with classify instead of forward mark?? Anyone have a patch for time matching so it can be used in the postrouting section? Kind Regards William -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Edwin Whitelaw Sent: 06 May 2006 11:58 To: Denis Ovsienko Cc: lartc@xxxxxxxxxxxxxxx Subject: Re: iptables CLASSIFY vs fwmark? My observation also, but one example shows using fwmark in the PREROUTING chain while CLASSIFY can be used in POSTROUTING only (correct?). My experience with tc at this point is limited but sometimes added flexibility is useful, even if it's a little more effort. Edwin Denis Ovsienko wrote: >> Could someone comment on the benefits of using CLASSIFY vs fwmark (or >> vice versa) in iptables? >> > One benefit I see is that one avoids extra filters, this can be useful > with lots of classes. > > -- <=+=+=+==+=+=+==+=+=+=+=+=+=+=+=> Edwin Whitelaw, P.E. New River Valley Unwired, LLC 2200 Lonesome Dove Dr Christiansburg, VA 24073 540-239-0318 _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
