Did you try to capture the packets with tcpdump or something and check the TOS field? Was it correct? I had a similar set up before, though not bridge, and it worked. -----Original Message----- From: Salim S I [mailto:salim.si@xxxxxxxxxxxxxxxx] Sent: Friday, August 17, 2007 10:59 AM To: 'Salim S I'; 'Ming-Ching Tiew'; lartc@xxxxxxxxxxxxxxx Subject: RE: Unable to match/classify non-icmp traffic with TOSbiggerthan 0x10 Sorry, I hadn't seen 0x68 match. -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Salim S I Sent: Friday, August 17, 2007 10:47 AM To: 'Ming-Ching Tiew'; lartc@xxxxxxxxxxxxxxx Subject: RE: Unable to match/classify non-icmp traffic with TOSbiggerthan 0x10 Is it because the TOS and DSCP values are different? -----Original Message----- From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] On Behalf Of Ming-Ching Tiew Sent: Thursday, August 16, 2007 5:21 PM To: lartc@xxxxxxxxxxxxxxx Subject: Unable to match/classify non-icmp traffic with TOS biggerthan 0x10 This problem is driving nuts, so I am seeking help here. Your help will be deeply appreciated. I have made myself a Linux bridge with eth1 and eth0 to form br0. Then I run a script to configure tc with htb on it. But I can never match non-icmp traffic ( such as tcp and udp ) with TOS or DSCP values such as 0x68. The full story as follows :- 1. On the source testing machine, I do this to set the tos and dscp settings :- (A) iptables -t mangle -A OUTPUT -j TOS --set-tos 0x10 ( to make ssh tos value 0x10 ) or (B) iptables -t mangle -A OUTPUT -j DSCP --set-dscp 0x1a ( to make ssh DSCP value 0x68 ) 2. Then on the bridge machine, I have tc filter as follows :- (A) tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \ match ip tos 0x10 0xfc flowid 1:10 tc filter add dev eth1 parent 1: protocol ip prio 10 u32 \ match ip tos 0x10 0xfc flowid 1:10 Then I do a ssh login to side B of the bridge from side A. It shows that the traffic has been classified correctly. (B) tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \ match ip tos 0x68 0xfc flowid 1:10 tc filter add dev eth1 parent 1: protocol ip prio 10 u32 \ match ip tos 0x68 0xfc flowid 1:10 Then I do a ssh login to side B of the bridge from side A, the traffic has not been classified correctly. The class 1:10 picks up zero traffic. (C) However if I ping side B of the bridge from side A, it shows that icmp could be classified into class 1:10. Why it is just not possible to classify anything other than icmp ? Regards. -------------------------------------------------------- Important Warning! *************************** This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the use of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If this e-mail was sent to you by mistake, please take the time to notify the sender so that they can identify the problem and avoid any more mistakes in sending e-mail to you. The unauthorised use of information contained in this communication or its attachments may result in legal action against any person who uses it. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc