On Thu, 2013-06-13 at 23:45 -0400, David Shaw wrote: > > We faced the same issue and found that we could do it with the IFB > > interface but needed to do the classification with tc filters. Although > > it took quite a bit of getting use to, we were able to produce some very > > sophisticated results similar to what we would normally do with iptables > > including chaining filters. > > Interesting. I can see how I could use tc filters to match on various > things, but is there some way (aside from using marks, of course) to > have a filter match on the return packets from a particular > connection? It seems I would need connection tracking for that, and > would run into the same problem with marks. Correct, unless you can identify the connection with something basic such as source port or IP address. -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
