Re: traffic shaping vpn (GRE) traffic

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Craig,
Is it linux flavour specific kernel you are using? I guess there might be no tc support for the kind of match you are tring to do, but iptables support included. Those I presume might be different kernel options.
In the first place, if anyone can say if the syntax of the following command is okay would be best choice: 

tc filter add dev eth2 parent 1:0 protocol ip u32 \
        match ip protocol 47 0xff \
        match ip u16 0x10 00ff at 24 \
        classid 1:10
I am also CCing the LARTC list hoping anyone with more experience will know the answer. 

-Nik

syncmaster4 wrote:

Hi Nikolay,

I am using the standard kernel but we are able to successully allow GRE
traffic through IPTABLES running on this same computer. So I am assuming we 
do have support for GRE since we are able to successfully NAT it.

I am far from a kernel/iptables/tc expert so maybe my assumption is
completely wrong...

Thanks!
Craig


On 12/11/06, Nikolay Kichukov <hijacker@xxxxxxxxx> wrote:


Hello syncmaster4,
I am not much of an routing expert myself, but if you are getting the
Illegal match error message, try looking in the command syntax or the
kernel config to check if you compiled all the necessary modules for the
command you are using.

Have you got support for protocol 47? Just guessing here.

-Nik

syncmaster4 wrote:
> Looking for some advise from the experts out there.
>
> We do simple traffice shaping and I'm having trouble figuring out how to 
> shape vpn traffic using a tc filter.
>
> The following filter works fine for SSH
> tc filter add dev eth2 parent 1:0 protocol ip u32 match ip sport 22
> 0xffff classid 1:10
>
> The following throws and "Illegal match" error when trying to filter GRE 
> traffic.
> tc filter add dev eth2 parent 1:0 protocol ip u32 \
>         match ip protocol 47 0xff \
>         match ip u16 0x10 00ff at 24 \
>         classid 1:10
>
> Any pointers are greatly appreciated!
>
> CentOS 4.4 - 2.6.9-42.0.3.ELsmp
>
> Thanks!
> Craig
>
>
> ------------------------------------------------------------------------ 
>
> _______________________________________________
> LARTC mailing list
> LARTC@xxxxxxxxxxxxxxx
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc





_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux