Mandi! Andy Furniss In chel di` si favelave... > > http://mailman.ds9a.nl/pipermail/lartc/2005q2/015400.html > >where seems that the trouble came from CONFIG_NET_CLS_IND and > >CONFIG_NET_CLS_ACT kernel compile time options. But probably also that > >aree old. > Probably won't work anymore - but then I haven't tested. The old > policer referred to in that post has gone. Time when men was man, and recompile ther own kernel, passed away... ;-) > Maybe u32 and ifb rather than imq or just u32 on ingress. Ops, i've wrote 'imq' but i was thinking about ifb. sorry. > You can use u32 on ingress to set fwmark - well you could once, > these docs are also quite old, but are in current iproute2 git. I know that. But i set marks using some advanced iptables feature, for example connmark_sip to match VoIP traffic, and i use also connmark save/connmark restore to prevent the re-marking of all the traffic. For that, i'm looking for a way to policy (for ingress, it will suffice to drop) traffic based on connmarks. I've to do some test, but for now i've two question: 1) as stated in previous email, i'm not clear if i have to create an ifb interface for every phisical one, or i can create different interfaces. Ok, probably traffic come back to the correct interface, but police rule apply, i think, to the sum of traffic from all interfaces... 2) the marks that i set inside the ifb interfaces, will survive to the outher one? this post: http://mailman.ds9a.nl/pipermail/lartc/2006q4/019720.html say me no, and seems also reasonable. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
