Re: Trying to add filter based on iptables mark gets "RTNETLINK answers: Invalid argument"

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I suspect that it might be because you can not add a u32 and a fw filter at the same priority level to a given parent 

On 3/06/2013 8:23 PM, Matthew Jurgens wrote:

I've built the traffic control setup as shown in this diagram:
http://www.edcint.co.nz/tmp/LTCS.jpg

When trying to add a filter that looks for an iptables mark using
tc filter add dev ppp0 parent 400: protocol ip prio 70 handle 3 fw flowid 400:40 

I get the response "RTNETLINK answers: Invalid argument"
Now, my setup already includes other filters based on iptables marks so the basic command structure works ok, its just when I add the filter to the parent (400:) which already has other filters attached. 

The following tc and iptables commands are used to build this structure.

tc qdisc del dev ppp0 root
tc qdisc del dev ppp0 ingress
tc qdisc add dev ppp0 root handle 1: tbf rate 1067kbit burst 4k latency 30ms tc qdisc add dev ppp0 parent 1: handle 10: prio bands 4 priomap 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 
tc qdisc add dev ppp0 parent 10:1 handle 100: pfifo
tc qdisc add dev ppp0 parent 10:2 handle 200: sfq perturb 10
tc qdisc add dev ppp0 parent 10:3 handle 300: tbf rate 853kbit burst 4k latency 30ms 
tc qdisc add dev ppp0 parent 10:4 handle 400: htb
tc class add dev ppp0 parent 400: classid 400:1 htb rate 1067kbit burst 5k cburst 10k tc class add dev ppp0 parent 400:1 classid 400:10 htb rate 320kbit ceil 1067kbit burst 5k cburst 10k prio 4 tc class add dev ppp0 parent 400:1 classid 400:20 htb rate 213kbit ceil 1067kbit burst 5k cburst 5k prio 5 tc class add dev ppp0 parent 400:1 classid 400:30 htb rate 106kbit ceil 1067kbit burst 5k cburst 5k prio 6 tc class add dev ppp0 parent 400:1 classid 400:40 htb rate 53kbit ceil 640kbit burst 2k cburst 2k prio 7 tc class add dev ppp0 parent 400:1 classid 400:50 htb rate 10kbit ceil 1067kbit burst 2k cburst 2k prio 8 
tc qdisc add dev ppp0 parent 400:10 handle 4001: sfq perturb 10
tc qdisc add dev ppp0 parent 400:20 handle 4002: sfq perturb 10
tc qdisc add dev ppp0 parent 400:30 handle 4003: sfq perturb 10
tc qdisc add dev ppp0 parent 400:40 handle 4004: sfq perturb 10
tc qdisc add dev ppp0 parent 400:50 handle 4005: sfq perturb 10
tc filter add dev ppp0 parent 10:0 prio 10 protocol ip handle 1 fw flowid 10:1 tc filter add dev ppp0 parent 10: protocol ip prio 20 u32 match ip sport 442 0xffff flowid 10:2 tc filter add dev ppp0 parent 10: protocol ip prio 20 u32 match ip sport 28960 0xffff flowid 10:2 tc filter add dev ppp0 parent 10: protocol ip prio 20 u32 match ip dport 5615 0xffff flowid 10:2 tc filter add dev ppp0 parent 10: protocol ip prio 20 u32 match ip dport 8767 0xffff flowid 10:2 tc filter add dev ppp0 protocol ip parent 10:0 prio 35 handle 2 fw flowid 10:2 tc filter add dev ppp0 parent 10: protocol ip prio 30 u32 match ip sport 40000 0xffff flowid 10:3 tc filter add dev ppp0 parent 10:0 prio 40 protocol ip u32 match ip src 0.0.0.0/0 flowid 10:4 tc filter add dev ppp0 parent 400: protocol ip prio 50 u32 match ip tos 0x10 0xff flowid 400:10 tc filter add dev ppp0 parent 400: protocol ip prio 50 u32 match ip protocol 1 0xff flowid 400:10 tc filter add dev ppp0 parent 400: protocol ip prio 50 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 400:10 tc filter add dev ppp0 parent 400: protocol ip prio 50 u32 match ip sport 443 0xffff flowid 400:10 tc filter add dev ppp0 parent 400: protocol ip prio 50 u32 match ip dport 53 0xffff flowid 400:10 tc filter add dev ppp0 parent 400: protocol ip prio 60 u32 match ip sport 1194 0xffff flowid 400:20 tc filter add dev ppp0 parent 400: protocol ip prio 60 u32 match ip sport 1723 0xffff flowid 400:20 tc filter add dev ppp0 parent 400: protocol ip prio 60 u32 match ip dport 2078 0xffff flowid 400:20 tc filter add dev ppp0 parent 400: protocol ip prio 60 u32 match ip dport 3131 0xffff flowid 400:20 tc filter add dev ppp0 parent 400: protocol ip prio 60 u32 match ip dport 4500 0xffff flowid 400:20 tc filter add dev ppp0 parent 400: protocol ip prio 80 u32 match ip dport 80 0xffff flowid 400:30 tc filter add dev ppp0 parent 400: protocol ip prio 80 u32 match ip dport 443 0xffff flowid 400:30 tc filter add dev ppp0 parent 400: protocol ip prio 70 u32 match ip tos 0x18 0xff flowid 400:40
# ------------------------------------------------------------------------------- tc filter add dev ppp0 parent 400: protocol ip prio 70 handle 3 fw flowid 400:40 
RTNETLINK answers: Invalid argument
# -------------------------------------------------------------------------------
tc filter add dev ppp0 parent 400: protocol ip prio 100 u32 match ip src 0.0.0.0/0 flowid 400:50 
tc qdisc add dev ppp0 handle ffff: ingress
tc filter add dev ppp0 parent ffff: protocol ip prio 1 u32 match ip src 0.0.0.0/0 police rate 20000kbit burst 10k drop flowid :1 iptables -t mangle -A PREROUTING -j MARK -i br0 --protocol udp --source 192.168.0.51 --set-mark 1 iptables -t mangle -A PREROUTING -j MARK -i br0 --protocol udp --source 192.168.2.2 --source-port 32768 --set-mark 2 iptables -t mangle -A PREROUTING -j MARK -i br0 --protocol udp --source 192.168.5.0/24 --set-mark 3 iptables -t mangle -A PREROUTING -j MARK -i br0 --protocol tcp --source 192.168.5.0/24 --set-mark 3 


Why is the filter add failing?



--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux