RE: Unable to match/classify non-icmp traffic with TOSbiggerthan 0x10

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Did you try to capture the packets with tcpdump or something and check
the TOS field? Was it correct?
I had a similar set up before, though not bridge, and it worked.

-----Original Message-----
From: Salim S I [mailto:salim.si@xxxxxxxxxxxxxxxx] 
Sent: Friday, August 17, 2007 10:59 AM
To: 'Salim S I'; 'Ming-Ching Tiew'; lartc@xxxxxxxxxxxxxxx
Subject: RE:  Unable to match/classify non-icmp traffic with
TOSbiggerthan 0x10 

Sorry, I hadn't seen 0x68 match.

-----Original Message-----
From: lartc-bounces@xxxxxxxxxxxxxxx
[mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Salim S I
Sent: Friday, August 17, 2007 10:47 AM
To: 'Ming-Ching Tiew'; lartc@xxxxxxxxxxxxxxx
Subject: RE:  Unable to match/classify non-icmp traffic with
TOSbiggerthan 0x10 

Is it because the TOS and DSCP values are different?

-----Original Message-----
From: lartc-bounces@xxxxxxxxxxxxxxx
[mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Ming-Ching Tiew
Sent: Thursday, August 16, 2007 5:21 PM
To: lartc@xxxxxxxxxxxxxxx
Subject:  Unable to match/classify non-icmp traffic with TOS
biggerthan 0x10 


This problem is driving nuts, so I am seeking help here.
Your help will be deeply appreciated.

I have made myself a Linux bridge with eth1 and eth0 to
form br0. Then I run a script to configure tc with htb on it.

But I can never match non-icmp traffic ( such as tcp and udp )
with TOS or DSCP values such as 0x68.

The full story as follows :-

1. On the source testing machine, I do this to set the tos and dscp
settings
:-

 (A)      iptables -t mangle -A OUTPUT -j TOS --set-tos 0x10
         ( to make ssh tos value 0x10 )

                 or

  (B)     iptables -t mangle -A OUTPUT  -j DSCP --set-dscp 0x1a
         ( to make ssh DSCP value 0x68 )

2. Then on the bridge machine, I have tc filter as follows :-

(A)     tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \
   match ip tos 0x10 0xfc flowid 1:10
          tc filter add dev eth1 parent 1: protocol ip prio 10 u32 \
   match ip tos 0x10 0xfc flowid 1:10

   Then I do a ssh login to side B of the bridge from side A.
   It shows that the traffic has been classified correctly.

(B)
           tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \
   match ip tos 0x68 0xfc flowid 1:10
          tc filter add dev eth1 parent 1: protocol ip prio 10 u32 \
   match ip tos 0x68 0xfc flowid 1:10

    Then I do a ssh login to side B of the bridge from side A,
    the traffic has not been classified correctly. The class 1:10
    picks up zero traffic.

 (C)
        However if I ping side B of the bridge from side A, it shows
   that icmp could be classified into class 1:10.

   Why it is just not possible to classify anything other than icmp ?

Regards.




--------------------------------------------------------
Important Warning! 

*************************** 

This electronic communication (including any attached files) may contain
confidential and/or legally privileged information and is only intended
for the use of the person to whom it is addressed. If you are not the
intended recipient, you do not have permission to read, use,
disseminate, distribute, copy or retain any part of this communication
or its attachments in any form. If this e-mail was sent to you by
mistake, please take the time to notify the sender so that they can
identify the problem and avoid any more mistakes in sending e-mail to
you. The unauthorised use of information contained in this communication
or its attachments may result in legal action against any person who
uses it.

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc



_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux