Re: Info about IFB

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ArcosCom Linux User wrote:
I use IMQ to incomming traffic shaping (using u32 to match the
source/destination MACs)

With IMQ I use:

iptables -t mangle -A PREROUTING -i $if_wan0 -j IMQ --to-dev 0

(for example)

To enqueue packets into IMQ device and then shapping.

With IMQ I can use modprobe to set the device count I need and so on.

I really only want to replace IMQ scripts code with IFB, but, at least for
now, I don't stand fine the packet flow using IFB.

IFB on ingress will hook the packets before netfilter, so you can't use iptables to mark or get the denatted addresses like you can with IMQ - so it's not a total replacement. There may be a way to do it in the future.


I stand now how to initialice ifbX with your example, good!!

Now some aditional question about your example:
   With this line:

tc qdisc add dev ifb19 root tbf limit 2k rate 20kbit buffer 2k

   You are initializing the qdisc for ibf in the same manner you could do
with imq?

Yes, you set up queues/filters the same as on imq.


   With this lines:
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol arp prio 1 u32 match u32 0
0 flowid 1:1 action mirred egress redirect dev ifb19

   Are those analogous as this (my imq0 device as your ifb19 device):
iptables -t mangle -A PREROUTING -i $if_wan0 -j IMQ --to-dev 0

tc qdisc add dev  $if_wan0 ingress
tc filter add dev $if_wan0 parent ffff: protocol ip ...

would be the same - iptables only sees ip, with ingress filter you can do others aswell if you want - all, arp, 8021q or any ethertype protocol number (FWIW you need a different prio number for each different ethertype filter).


?

   The last, Do I only need add clases and qdiscs to ifb19 as if it where
my imq0 device?

You'll need to filter aswell - on egress you can use iptables + marks (I don't think classify will work). But on ingress you can't use iptables because ifb is before netfilter.

Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux