Unable to match/classify non-icmp traffic with TOS bigger than 0x10

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This problem is driving nuts, so I am seeking help here.
Your help will be deeply appreciated.

I have made myself a Linux bridge with eth1 and eth0 to
form br0. Then I run a script to configure tc with htb on it.

But I can never match non-icmp traffic ( such as tcp and udp )
with TOS or DSCP values such as 0x68.

The full story as follows :-

1. On the source testing machine, I do this to set the tos and dscp settings
:-

 (A)      iptables -t mangle -A OUTPUT -j TOS --set-tos 0x10
         ( to make ssh tos value 0x10 )

                 or

  (B)     iptables -t mangle -A OUTPUT  -j DSCP --set-dscp 0x1a
         ( to make ssh DSCP value 0x68 )

2. Then on the bridge machine, I have tc filter as follows :-

(A)     tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \
   match ip tos 0x10 0xfc flowid 1:10
          tc filter add dev eth1 parent 1: protocol ip prio 10 u32 \
   match ip tos 0x10 0xfc flowid 1:10

   Then I do a ssh login to side B of the bridge from side A.
   It shows that the traffic has been classified correctly.

(B)
           tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \
   match ip tos 0x68 0xfc flowid 1:10
          tc filter add dev eth1 parent 1: protocol ip prio 10 u32 \
   match ip tos 0x68 0xfc flowid 1:10

    Then I do a ssh login to side B of the bridge from side A,
    the traffic has not been classified correctly. The class 1:10
    picks up zero traffic.

 (C)
        However if I ping side B of the bridge from side A, it shows
   that icmp could be classified into class 1:10.

   Why it is just not possible to classify anything other than icmp ?

Regards.




--------------------------------------------------------
Important Warning! 

*************************** 

This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the use of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If this e-mail was sent to you by mistake, please take the time to notify the sender so that they can identify the problem and avoid any more mistakes in sending e-mail to you. The unauthorised use of information contained in this communication or its attachments may result in legal action against any person who uses it.

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux