Re: Hook location of IMQ

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



If you want to limit bandwidth to clients, I suppose the Linux box you're working on forwards packets to the clients. So Why do you shape traffic on ingress (that what I understand because you use IMQ) ? Why don't you use classical egress shaping ?

You must note that you cannot use iptables/mangle to mark packets going to IFB (I've never used IMQ) :

Le 21/10/2014 13:15, Steve (Telsat Broadband) a écrit :
Hi All/GGounot,

I've had a good review of the IFB, but it doesn't seem to have very good
documentation on its usage/implementation (that I've found anyway).

IMQ has worked very well for my purpose, but the only issue I have is where
it is hooking.  I need a place (after PRE-ROUTING NAT) to be able to mark
packets and then count the ones successfully delivered after they've passed
through IMQ.

The best place I could find would be to have IMQ hook in 'before' the mangle

I'm not that familiar with NF hooks, but would it be possible to modify this
in some way to have IMQ hook in before the mangle table in PostRouting?

  /* imq_egress_ipv4 */
  .hook = imq_nf_hook,
  .owner = THIS_MODULE,
  .pf = PF_INET,
  .hooknum = NF_INET_POST_ROUTING,
  .priority = NF_IP_PRI_LAST,
  .priority = NF_IP_PRI_NAT_SRC - 1,


-----Original Message-----
From: Steve (Telsat Broadband) [mailto:steve@xxxxxxxxxxx]
Sent: Wednesday, 17 September 2014 8:43 PM
To: 'GGounot'; 'lartc@xxxxxxxxxxxxxxx'
Subject: RE: Hook location of IMQ

Hi GGounot,

No, to be honest, I'd never even heard of IFB.  I'm reviewing all the info

Thanks very much for your reply.


-----Original Message-----
From: GGounot [mailto:g.gounot@xxxxxxxxxxx]
Sent: Wednesday, 17 September 2014 6:10 PM
To: Steve (Telsat Broadband); lartc@xxxxxxxxxxxxxxx
Subject: Re: Hook location of IMQ


Did you try IFB instead of IMQ ?

"The Intermediate Functional Block device is the successor to the IMQ
iptables module that was never integrated."

Le 17/09/2014 01:15, Steve (Telsat Broadband) a écrit :
Hi All,

I've posted a couple of questions over on but the
discussion there seems quiet, so I'll try here to see if anyone here
can point me in the right direction.

Currently I use IMQ devices and TC to limit bandwidth to clients; this
is all working very well, except that the byte counters I'm relying on
for counting the clients data seems to be 'before' IMQ does its work.

For example; I've got rules in the 'mangle/forward' table for
assigning the clients data to the IMQ device and rules in the
'filter/forward' table which matches the client's data and I'm counting
their traffic from here.
However, according to this packet flow show on
( the IMQ hook is after 'POSTROUTING'
which means that even though I'm using '-j IMQ' in the 'mangle/forward'
table to limit the bandwidth before counting; the counters are still
counting all packets; including dropped ones by IMQ.

There doesn't seem to be any more 'chains' after the IMQ hook which I
could rely upon to 'count' the data after IMQ has done its job.

I realise that when compiling the kernel, I can choose where IMQ hooks
in (before or after NAT); currently I have selected as 'AB'.

What I'd like to know is;

a) Is there something I'm missing; is there somewhere I can count the
packets after IMQ's work is done?
b) If not, is there some way I can modify the IMQ hook to be
in-between the 'mangle/forward' and 'filter/forward' chains.

Any help/comments are greatly appreciated.


To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info

To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux