On Wed, 2013-06-12 at 18:04 -0400, David Shaw wrote: [...] > Unfortunately, this doesn't work. While the restore-mark/save-mark > stuff works great, and the incoming packets do have the correct mark as > set by the process originating the connection, and the ifb stuff works > great in that it forwards the incoming data to the ifb device, I can't > connect the two. It seems the mirred egress grabs the incoming packets > before they go through iptables and so their marks are never restored, > and thus the only data I see on the ifb device is not marked. That's your problem I'm afraid. IFB grabs the packets before they hit the netfilter stack, so they won't have any marks applied. Your only options are: 1. Do the shaping on the opposite outbound interface (so if you're forwarding packets from ppp0 to eth0 and are trying to do the ingress shaping on ppp0, then do it on the egress of eth0 instead). This only works if you are actually forwarding packets. 2. Use IMQ, which unfortunately is not part of the vanilla kernel. Andy -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
