Hi, I'm replying to your discussion about ingress shapping via connection marking on: http://www.spinics.net/lists/lartc/msg22750.html Have you managed to do it? I'm trying to do the same thing: I don't control the Internet routers, I just have several downloads on my computer and I would like to give a guaranteed bandwidth to one of the downloads. The incoming packets themselves are undistinguishable from Netfilter (all downloads are on port 80 etc.) but the application requiring the guaranteed bandwidth could potentially be modified to mark the connection (setsockopt-SO_MARK). So I have the same problem as you: incoming packets don't have any marking because the ingress-qdisc runs before Netfilter. You suggested to use veths and bridging to work around that. But I don't understand how it could help because the "socket lookup" to find the mark previously set with setsockopt-SO_MARK only happens in the protocol layer and bridging incoming packets between the interfaces would not leave the link layer until the final delivery (when it's too late). I'm referring to this diagram: http://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg NATing the veth instead of using a bridge would reach the network layer but still not the protocol layer, so I don't think it would help either. Is there something I'm missing? Best regards, Alban -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
