Hi All/GGounot, I've had a good review of the IFB, but it doesn't seem to have very good documentation on its usage/implementation (that I've found anyway). IMQ has worked very well for my purpose, but the only issue I have is where it is hooking. I need a place (after PRE-ROUTING NAT) to be able to mark packets and then count the ones successfully delivered after they've passed through IMQ. The best place I could find would be to have IMQ hook in 'before' the mangle table in POSTROUTING. I'm not that familiar with NF hooks, but would it be possible to modify this in some way to have IMQ hook in before the mangle table in PostRouting? /* imq_egress_ipv4 */ .hook = imq_nf_hook, .owner = THIS_MODULE, .pf = PF_INET, .hooknum = NF_INET_POST_ROUTING, #if defined(CONFIG_IMQ_BEHAVIOR_AA) || defined(CONFIG_IMQ_BEHAVIOR_BA) .priority = NF_IP_PRI_LAST, #else .priority = NF_IP_PRI_NAT_SRC - 1, #endif }, Thanks. Steve. -----Original Message----- From: Steve (Telsat Broadband) [mailto:steve@xxxxxxxxxxx] Sent: Wednesday, 17 September 2014 8:43 PM To: 'GGounot'; 'lartc@xxxxxxxxxxxxxxx' Subject: RE: Hook location of IMQ Hi GGounot, No, to be honest, I'd never even heard of IFB. I'm reviewing all the info now. Thanks very much for your reply. Thanks Steve -----Original Message----- From: GGounot [mailto:g.gounot@xxxxxxxxxxx] Sent: Wednesday, 17 September 2014 6:10 PM To: Steve (Telsat Broadband); lartc@xxxxxxxxxxxxxxx Subject: Re: Hook location of IMQ Hi. Did you try IFB instead of IMQ ? "The Intermediate Functional Block device is the successor to the IMQ iptables module that was never integrated." http://www.linuxfoundation.org/collaborate/workgroups/networking/ifb Le 17/09/2014 01:15, Steve (Telsat Broadband) a écrit : > Hi All, > > I've posted a couple of questions over on linuximq.net but the > discussion there seems quiet, so I'll try here to see if anyone here > can point me in the right direction. > > Currently I use IMQ devices and TC to limit bandwidth to clients; this > is all working very well, except that the byte counters I'm relying on > for counting the clients data seems to be 'before' IMQ does its work. > > For example; I've got rules in the 'mangle/forward' table for > assigning the clients data to the IMQ device and rules in the > 'filter/forward' table which matches the client's data and I'm counting their traffic from here. > > However, according to this packet flow show on linuximq.net > (http://www.docum.org/docum.org/kptd/) the IMQ hook is after 'POSTROUTING' > which means that even though I'm using '-j IMQ' in the 'mangle/forward' > table to limit the bandwidth before counting; the counters are still > counting all packets; including dropped ones by IMQ. > > There doesn't seem to be any more 'chains' after the IMQ hook which I > could rely upon to 'count' the data after IMQ has done its job. > > I realise that when compiling the kernel, I can choose where IMQ hooks > in (before or after NAT); currently I have selected as 'AB'. > > What I'd like to know is; > > a) Is there something I'm missing; is there somewhere I can count the > packets after IMQ's work is done? > b) If not, is there some way I can modify the IMQ hook to be > in-between the 'mangle/forward' and 'filter/forward' chains. > > Any help/comments are greatly appreciated. > > Thanks > Steve. > > > -- > To unsubscribe from this list: send the line "unsubscribe lartc" in > the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info > at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
