I've never tried marking packets the way that you're doing it, so not sure if it should work. Have you tried marking with iptables instead? Something like: iptables -t mangle -A FORWARD --source 192.168.200.163 -j CLASSIFY --set-class 2:12 This will of course match all packets going both ways. Add "-i eth0" if you only want it one way. Andy Beverley On Mon, 2007-02-05 at 21:38 +1100, Anthony Kamau wrote: > Hello list. > > I've configured a very simple script to slow down packets coming from a > particular IP Address. I've used IPTABLES to mark traffic coming from this > IP Address, but it does not appear to be working as expected. Let me first > describe my system as maybe what I'm doing is beyond what NETFILTER can do. > > I have one machine that runs all my servers as VM's. The P2P WinXP box and > the router are virtualized. So too is the Windows 2003 DNS server. > > Please have a look at the traffic control script below and let me know if > I've done something wrong! > > Cheers, > tkb. > > > Below is the script. You'll note that I've even tried using a filter > (attached to eth0 - LAN) linking parent at eth0 going to a class on eth1 - > is this even valid? tc did not seem to complain about it so I figured it > must be okay. > > #******************************************************************* > #!/bin/bash > > # Whole purpose of this is to slow the P2P WinXP box down! > > ################################### > # Reset everything to known state # > ################################### > tc qdisc del dev eth0 root > tc qdisc del dev eth1 root > > #################### > # Setup the qdiscs # > #################### > tc qdisc add dev eth0 parent root handle 1: htb default 10 > tc qdisc add dev eth1 parent root handle 2: htb default 10 > > ########################## > # Setup the root classes # > ########################## > tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit \ > ceil 10mbit > tc class add dev eth1 parent 2: classid 2:1 htb rate 384kbit \ > ceil 384kbit burst 15k > > ########################### > # Setup the child classes # > ########################### > tc class add dev eth0 parent 1:1 classid 1:10 htb rate 10mbit \ > ceil 10mbit prio 0 > tc class add dev eth1 parent 2:1 classid 2:10 htb rate 224kbit \ > ceil 384kbit prio 0 > tc class add dev eth1 parent 2:1 classid 2:11 htb rate 100kbit \ > ceil 100kbit prio 1 > tc class add dev eth1 parent 2:1 classid 2:12 htb rate 60kbit \ > ceil 60kbit prio 2 > > ##################### > # Setup the filters # > ##################### > # match acks the hard way, > # IP protocol 6, > # IP header length 0x5(32 bit words), > # IP Total length 0x34 (ACK + 12 bytes of TCP options) > # TCP ack set (bit 5, offset 33) > ACK="tc filter add dev eth1 protocol ip parent 2:0 prio 0 u32" > $ACK match ip protocol 6 0xff \ > match u8 0x05 0x0f at 0 \ > match u16 0x0000 0xffc0 at 2 \ > match u8 0x10 0xff at 33 \ > classid 2:11 > #**U32_0="tc filter add dev eth0 protocol ip parent 1:0 u32" > #**$U32_0 match ip src 192.168.200.163 classid 2:12 > #U32_1="tc filter add dev eth1 protocol ip parent 2:0 u32" > P2P="tc filter add dev eth1 protocol ip parent 2:0 prio 10" > $P2P handle 1 fw classid 2:12 > > #################################################### > # Setup the queue discipline for the child classes # > #################################################### > tc qdisc add dev eth1 parent 2:10 handle 10: sfq perturb 10 > tc qdisc add dev eth1 parent 2:11 handle 11: sfq perturb 10 > tc qdisc add dev eth1 parent 2:12 handle 12: sfq perturb 10 > #************************************************************************ > > > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
