How it'll work for 150kpps ? I think the solution is hashing filters and this can't be done with iptables -j CLASSIFY ... i think !
PS
Does anyone use IFB insted of IMQ ?
Torsten Luettgert <t.luettgert@xxxxxxxxxxxxxxxx> wrote:
On Fri, 2006-06-23 at 01:17 +0300, Radu Oprisan wrote:
> Torsten Luettgert wrote:
> > On Thu, 2006-06-22 at 11:28 -0300, Luciano wrote:
> >
> Let me explain...
> Due to the fact that vlan id's add some 4 bytes to the header of the
> packet, tc filter does not work properly unless you feed it with an
> offset and a hex match. I use 801.q and TC with iptables and tc filter
> rules based on iptables mark with great success. I admit it is more
> complicated this way, but it works...
>
> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j MARK --set-mark 12
> iptables -A FORWARD -t mangle -d xxx.xxx.xxx.xxx -j RETURN
Oh, I see. Didn't ever think of those problems, because I never
use tc filters. My setup would look like
iptables -t mangle -A FORWARD -d x.y.z.t -j CLASSIFY --set-class 10:112
which removes a bit of the complexity.
Regards,
Torsten
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
signature
-----
Fight back spam! Download the Blue Frog.
http://www.bluesecurity.com/register/s?user=Z2FmdHk%3D
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc