-- http://www.wogri.at On Jul 4, 2013, at 00:29 , Andy Furniss <adf.lists@xxxxxxxxx> wrote: > Wolfgang Hennerbichler wrote: >> Follow-Up: This is the only pice of information I have found on my problem: >> >> http://marc.info/?l=lartc&m=105421129231583&w=2 >> >> ==> You can reduce the number of fw filters rules if you use the mark as >> hash key. >> So if you add >> tc filter add dev eth0 parent 1:0 protocol ip handle 1 fw >> and you have a packet with mark 39, it will placed in class 1:39. > > I've never tried that, if it does work maybe you need to use 0x39 for the mark as classes are in hex. thanks, will try to do it in HEX. > iptables can do this > > -j CLASSIFY --set-class 1:39 I know, but this doesn't support connection tracking, as far as I've read. And I really net a well-performing setup here - and this performs very well: iptables -A POSTROUTING -t mangle -j CONNMARK --restore-mark > If you have a lot of marks and a complicated set up you could consider the u32 mark match which will let you use masks and I guess explicitly set up hashing - again be sure to work in hex. yeah. but this is something I would love to work around, u32 hashing seems so complicated… > > -- > To unsubscribe from this list: send the line "unsubscribe lartc" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
