On Monday 28 May 2007 10:39:11 VladSun wrote: > Alexandru Dragoi написа: > > u32 hash filters is the key, as somebody pointed. You can also tune your > > iptables setup, like this > > > > #192.168.1.0/24 > > iptables -t mangle -N 192-168-1-0-24 > > iptables -t mangle -A FORWARD -s 192.168.1.0/24 -j 192-168-1-0-24 > > iptables -t mangle -N 192-168-1-0-25 > > iptables -t mangle -N 192-168-1-128-25 > > iptables -t mangle -A 192-168-1-0-24 -s 192.168.1.0/25 -j 192-168-1-0-25 > > iptables -t mangle -A 192-168-1-0-24 -s 192.168.128.0/25 -j > > 192-168-1-128-25 . > > . > > and so on, until (ip 192.168.1.11, which is called in chain created for > > 192.168.1.10/31) > > > > iptables -t mangle -A 192-168-1-10-31 -s 192.168.1.10 -j CLASSIFY > > --set-class 1:10 > > iptables -t mangle -A 192-168-1-10-31 -s 192.168.1.11 -j CLASSIFY > > --set-class 1:11 > > > > .. I guess you got the ideea, it requires some RAM, which i belive is > > not such a big problem. Similar rules should be made for download. > > Or you can use my patch - IPCLASSIFY. Then the rules above would be > substituted by a signle rule per direction: > > > iptables -t mangle -A FORWARD -s 192.168.1.0/24 -j IPCLASSIFY --addr=src > --and-mask=0xff --or-mask=0x11000 > iptables -t mangle -A FORWARD -d 192.168.1.0/24 -j IPCLASSIFY --addr=dst > --and-mask=0xff --or-mask=0x12000 Wow! now i get it, this patch is amazing, now i have a pendient hack that is to merge this with htb-gen. Any chances that this get into mainline, have you mailed netfilter-dev list? -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
