Hello,
I would need to be able to do that, as I think that iptables is more
powerful for classifying traffic you want to police/shape. I don't
really know tc yet, so could you tell if it has the possibility of
detecting:
- mac addresses
- ip tos/ttl values
- icmp types
- tcp/udp flags/ports or port ranges
- layer 7 protocols
Thanks for help,
François.
Nikolay Kichukov wrote:
Hello there,
Why would you want to mark the packets with iptables in the first place for
ingress shaping?
Why don't use the tc functionality to specify source and destination
addresses and protocol types?
I would suggest to leave iptables alone and get your hand on TC for doing
traffic control ;-)
So in your example:
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match ip src
172.28.54.41/32 police rate 10000kbit burst 10000kbit mtu 1500k drop flowid
ffff:
Thats an elegant way to achieve what you want.
HTH,
-nik
p.s. Mind the burst parameter, seems huge value to me.
----- Original Message -----
From: mohican 542003
To: lartc@xxxxxxxxxxxxxxx
Sent: Wednesday, February 28, 2007 4:39 PM
Subject: incoming traffic + iptable
Hello,
i try to use iptables to mark packet and then to filter them with tc. Here
is my script:
iptables -t mangle -A PREROUTING -s 172.28.54.41/32 -p tcp -j
MARK --set-mark 1
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw police
rate 10000kbit burst 10000kbit mtu 1500k drop flowid :1
I can not use u32 because i have several filter with more than one IP
address in each.
Packets seem to be well marked (command: iptables -t mangle -L -vnx)
but packets are not filtered with tc.
Can someone help me ?
Thanks,
Olivier.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc