I would like to test police in ingress. I use kernel 2.4.20. I use this configuration: iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j MARK --set-mark 3 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1004 -j MARK --set-mark 4 tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police rate 2500000 burst 90k drop tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 2 fw police rate 1500000 burst 90k drop tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 3 fw police rate 1000000 burst 90k drop I generate traffic with smartbits and i made this test: 1)len packet layer2 64 byte, packets per second 5500 = 2810000 bit per second 2)len packet layer2 1000 byte, packets per second 350 = 2800000 bit per second The 2 test is good i receive a trafiic with 2500000 rate limit ! The problem is with 1 test because i received full band 2810000 without any limit! Is there any problem with police rate? It doesn't work with small packets? I've to set some other usefull parameter? Please help me ! _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
