On Tuesday 01 May 2007 16:08, terraja-based wrote: > Hey Andreas, how i catch this traffic using L7 filter?, i´ve installed l7 > filter now, but i don´t kwnow to use the kind of filter...!!! > Can you help me? Maybe you will like to visit http://l7-filter.sourceforge.net/ If you want to use layer7 module in kernel mode, then you should go to http://l7-filter.sourceforge.net/HOWTO#Doing but if you want to use it in user mode, then go to http://l7-filter.sourceforge.net/HOWTO-userspace#Doing > Thx.- > > > > Terraja-based > > 2007/4/29, lartc-request@xxxxxxxxxxxxxxx <lartc-request@xxxxxxxxxxxxxxx>: > > Send LARTC mailing list submissions to > > lartc@xxxxxxxxxxxxxxx > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > or, via email, send a message with subject or body 'help' to > > lartc-request@xxxxxxxxxxxxxxx > > > > You can reach the person managing the list at > > lartc-owner@xxxxxxxxxxxxxxx > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of LARTC digest..." > > > > > > Today's Topics: > > > > 1. Re: LARTC Digest, Vol 26, Issue 24 (terraja-based) > > 2. Re: Re: LARTC Digest, Vol 26, Issue 24 (Alejandro Ramos Encinosa) > > 3. Re: Re: LARTC Digest, Vol 26, Issue 24 (Andreas Mueller) > > 4. Re: HFSC with tcng (Andreas Mueller) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Sat, 28 Apr 2007 16:33:16 -0300 > > From: terraja-based <drumlesson@xxxxxxxxx> > > Subject: Re: LARTC Digest, Vol 26, Issue 24 > > To: lartc@xxxxxxxxxxxxxxx > > Message-ID: > > <823158cf0704281233v1f4bd80dg719a78eb779021e1@xxxxxxxxxxxxxx> > > Content-Type: text/plain; charset="iso-8859-1" > > > > Alejandro, > > > > > > > > > > So, i did try the script that you give to me, and the problems its > > continues.- > > Maybe the problem was in the IPTABLES rules, i attach the complete script > > below: > > > > ##################### > > ifconfig imq0 up > > > > tc qdisc add dev imq0 handle 1: root htb default 30 > > tc class add dev imq0 parent 1: classid 1:1 htb rate 500kbit ceil > > 2000kbit > > > > tc class add dev imq0 parent 1:1 classid 1:10 htb rate 100kbit ceil > > 2000kbit > > tc class add dev imq0 parent 1:1 classid 1:20 htb rate 100kbit ceil > > 2000kbit > > tc class add dev imq0 parent 1:1 classid 1:30 htb rate 100kbit ceil > > 2000kbit > > > > > > tc qdisc add dev imq0 parent 1:10 handle 2 sfq > > tc qdisc add dev imq0 parent 1:20 handle 3 sfq > > > > iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 > > > > tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid > > 1:10 > > tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid > > 1:20 > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK > > --set-mark 2 > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK > > --set-mark 3 > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK > > --set-mark 3 > > ##################### > > > > > > The traffic it continues goes out by the "default" qdisc (1:30), and it > > was > > not clasified by the correct qdisc. > > I did try a ftp transfererence using the 20 and 21 TCP ports, this should > > to > > use the 1:20 qdisc asociated with the "handle 3"...BUT DID NOT WORK...!!! > > PLease, help me...!!! > > > > > > -- > > terraja-based > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > URL: > > http://mailman.ds9a.nl/pipermail/lartc/attachments/20070428/2952a6ff/atta > >chment-0001.html > > > > ------------------------------ > > > > Message: 2 > > Date: Sat, 28 Apr 2007 22:12:45 +0000 > > From: Alejandro Ramos Encinosa <alex@xxxxx> > > Subject: Re: Re: LARTC Digest, Vol 26, Issue 24 > > To: lartc@xxxxxxxxxxxxxxx > > Message-ID: <200704282212.46731.alex@xxxxx> > > Content-Type: text/plain; charset="iso-8859-15" > > > > On Saturday 28 April 2007 19:33, terraja-based wrote: > > > [...] > > > iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 > > > > > > tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid > > > > 1:10 > > > > > tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid > > > > 1:20 > > > > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK > > > --set-mark 2 > > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK > > > --set-mark 3 > > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK > > > --set-mark 3 > > > [...] > > > The traffic it continues goes out by the "default" qdisc (1:30), and it > > > > was > > > > > not clasified by the correct qdisc. > > > > Hmm, you are trying to "redirect" all packets from eth1 to imq0, and then > > you > > are trying to mark packets for http and ftp connections. Well, I think > > you need to change again your configuration: if you put '-j IMQ --todev > > 0' as first rule, then all packets will match and will not pass through > > the chain, > > so any rule after that one, will never match against a packet. You need > > to mark packets before, and send to imq device later. Maybe something > > like this: > > > > > > --------------------------------8<-------------------------8<------------ > >----------------------- [...] > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK > > --set-mark > > 2 > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK > > --set-mark > > 3 > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK > > --set-mark > > 3 > > iptables -t mangle -A PREROUTING -i eth1 -j IMQ --todev 0 > > > > tc filter add dev imq0 parent 1: prio 0 protocol ip handle 2 fw flowid > > 1:10 > > tc filter add dev imq0 parent 1: prio 1 protocol ip handle 3 fw flowid > > 1:20 > > [...] > > > > --------------------------------8<-------------------------8<------------ > >----------------------- > > > > PS: as long as I know, marks 0, 1, and 2 are iptables marks (reserved > > marks), > > so if I were you, I start marking with number 3 or greater. > > > > -- > > Alejandro Ramos Encinosa <alex@xxxxx> > > Fac. Matemática Computación > > Universidad de La Habana > > > > > > ------------------------------ > > > > Message: 3 > > Date: Sun, 29 Apr 2007 10:48:25 +0200 > > From: Andreas Mueller <andreas@xxxxxxxxxxxxxxxxxx> > > Subject: Re: Re: LARTC Digest, Vol 26, Issue 24 > > To: lartc@xxxxxxxxxxxxxxx > > Message-ID: <20070429084825.GA3557@xxxxxxxxxxxxxxxxxxxxxxxxxx> > > Content-Type: text/plain; charset=us-ascii > > > > Hallo terraja-based, > > > > > > > > terraja-based wrote: > > [snip] > > > > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 80 -j MARK > > > --set-mark 2 > > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 20 -j MARK > > > --set-mark 3 > > > iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 21 -j MARK > > > --set-mark 3 > > > > [snip] > > > > > The traffic it continues goes out by the "default" qdisc (1:30), and it > > > > was > > > > > not clasified by the correct qdisc. > > > > [snip] > > > > the marks you set here will be gone as soon as the packet leaves, > > connmark could do the trick here. > > Still, matching --sport on the imq device should do the job as well, > > at least for http at port 80. > > For ftp, passive mode (data) connections will go to the default-class as > > the server's port is chosen at runtime, to catch them better use a > > level-7 filter (e.g. http://sourceforge.net/projects/l7-filter/). > > > > Bye, Andreas. > > > > > > ------------------------------ > > > > Message: 4 > > Date: Sun, 29 Apr 2007 11:00:30 +0200 > > From: Andreas Mueller <andreas@xxxxxxxxxxxxxxxxxx> > > Subject: Re: HFSC with tcng > > To: lartc@xxxxxxxxxxxxxxx > > Message-ID: <20070429090030.GB3557@xxxxxxxxxxxxxxxxxxxxxxxxxx> > > Content-Type: text/plain; charset=us-ascii > > > > Hi Simo, > > > > Simo wrote: > > > [...] > > > I don?t know how to use HFSC queuing discipline with tcng configuration > > > language. I become always this error: syntax error near "hfsc" > > > [...] > > > Is it possible, that tcng provides no support for this classful hfcs > > > > queuing > > > > > discipline? > > > [...] > > > > no, there is no such support and might never be, because this project is > > no longer under active development. > > > > Andreas > > > > > > ------------------------------ > > > > _______________________________________________ > > LARTC mailing list > > LARTC@xxxxxxxxxxxxxxx > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > End of LARTC Digest, Vol 26, Issue 25 > > ************************************* -- Alejandro Ramos Encinosa <alex@xxxxx> Fac. Matemática Computación Universidad de La Habana _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
