ArcosCom Linux User wrote:
I use IMQ to incomming traffic shaping (using u32 to match the
source/destination MACs)
With IMQ I use:
iptables -t mangle -A PREROUTING -i $if_wan0 -j IMQ --to-dev 0
(for example)
To enqueue packets into IMQ device and then shapping.
With IMQ I can use modprobe to set the device count I need and so on.
I really only want to replace IMQ scripts code with IFB, but, at least for
now, I don't stand fine the packet flow using IFB.
IFB on ingress will hook the packets before netfilter, so you can't use
iptables to mark or get the denatted addresses like you can with IMQ -
so it's not a total replacement. There may be a way to do it in the future.
I stand now how to initialice ifbX with your example, good!!
Now some aditional question about your example:
With this line:
tc qdisc add dev ifb19 root tbf limit 2k rate 20kbit buffer 2k
You are initializing the qdisc for ibf in the same manner you could do
with imq?
Yes, you set up queues/filters the same as on imq.
With this lines:
tc qdisc add dev eth0 ingress
tc filter add dev eth0 parent ffff: protocol arp prio 1 u32 match u32 0
0 flowid 1:1 action mirred egress redirect dev ifb19
Are those analogous as this (my imq0 device as your ifb19 device):
iptables -t mangle -A PREROUTING -i $if_wan0 -j IMQ --to-dev 0
tc qdisc add dev $if_wan0 ingress
tc filter add dev $if_wan0 parent ffff: protocol ip ...
would be the same - iptables only sees ip, with ingress filter you can
do others aswell if you want - all, arp, 8021q or any ethertype protocol
number (FWIW you need a different prio number for each different
ethertype filter).
?
The last, Do I only need add clases and qdiscs to ifb19 as if it where
my imq0 device?
You'll need to filter aswell - on egress you can use iptables + marks (I
don't think classify will work). But on ingress you can't use iptables
because ifb is before netfilter.
Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc