Re: Kernel Packet Traveling Diagram

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

Can you post a "tc -s -d filter ls dev nas0" ?


On 7/2/07, Edouard Thuleau <thuleau@xxxxxxxxx> wrote:
Yes,
This one was for the DSCP re-marking :

     iptables -t mangle -A PREROUTING -i nas0 -d 192.168.43.2 -j DSCP --set-dscp 0x08

    $TC qdisc add dev nas0 handle ffff: ingress
    $TC filter add dev nas0 parent ffff: protocol ip prio 1 u32 match ip tos 0x20 0xff police rate 200kbit burst 1k drop flowid :1

and this one with a DNAT rule :

    iptables -t nat -A PREROUTING -i nas0 -p udp --dport 11112 -j DNAT --to-destination 192.168.1.10

    $TC qdisc add dev nas0 handle ffff: ingress
    $TC filter add dev nas0 parent ffff: protocol ip prio 1 u32 match ip dst 192.168.1.10 police rate 200kbit burst 1k drop flowid :1



2007/7/2, nano bug <linnewbye@xxxxxxxxx >:
Hello,

Can you post the scripts you are using ?


On 7/2/07, Edouard Thuleau <thuleau@xxxxxxxxx > wrote:
Thanks,
I know the older version of this diagram and this one is quite the same I told below but the problem is the same for the DNAT. I made another test. I change the DSCP value in the PREROUTING table and I put an ingress policing which match this new dscp value but the filter doesn't match nothing (I work on a Linux 2.6.17).
With my test, the older version ( http://www.imagestream.com/~josh/PacketFlow.jpg) of the diagram seams more exactly.

Have you an idea ?

2007/7/2, nano bug < linnewbye@xxxxxxxxx >:
Hello,

I find this one more useful :

http://www.imagestream.com/~josh/PacketFlow-new.png

On 7/2/07, Edouard Thuleau <thuleau@xxxxxxxxx> wrote:
Hi,

I find this diagram which details the kernel packet traveling :
http://www.docum.org/docum.org/kptd/
Is it up to date ?
I made some test and I put a DNAT rules in the PREROUTING table of an interface and I attach it a ingress policy, the dst IP wasn't changed. the DNAT it isn't yet make.

I've another question (I'm not sure is it the good mailing list), for the fragment packet, I see the ingress policy doesn't work correctly and I'd like to know where in the kernel travel of the packet the fragment are re-assemble ? At the NAT or in the routing ?

Thanks,
Edouard.

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc






_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux