Hi, i am trying to use the map key mark filter in a NAT enviroment to
avoid one single person to take all bandwidth.
Basically what i am doing is redirecting all ip traffic to one ifb
device and marking the packets using different marks per ip address
and using tc filter with map key mark.
DOWNLINK=3072
EXTDEV=pppoe-wan
iptables -t mangle -N QOS
iptables -t mangle -A FORWARD -o $EXTDEV -j QOS
iptables -t mangle -A OUTPUT -o $EXTDEV -j QOS
iptables -t mangle -A QOS -j CONNMARK --restore-mark --nfmask 0xff --ctmask 0xff
for i in 1 2 3 4 5 ; do
iptables -t mangle -A QOS -s 192.168.0.$i -m mark --mark 0x0/0xff -j
MARK --set-xmark $i/0xff
done
iptables -t mangle -A QOS -m mark --mark 0x0/0xff -j MARK --set-xmark 200/0xff
tc qdisc add dev ifb0 iptables -t mangle -A QOS -j CONNMARK
--save-mark --nfmask 0xff --ctmask 0xff
tc qdisc add dev ifb0 root handle 1: htb default 1 r2q 1
tc class add dev ifb0 parent 1: classid 1:1 htb rate ${DOWNLINK}kbit
quantum 1500
tc qdisc add dev ifb0 parent 1:1 handle 1 fq_codel quantum 300 noecn
tc filter add dev ifb0 parent 1: handle 1 protocol ip flow divisor 256
map key mark and 0xff
>From the snippet above, i would expect that 192.168.0.[1-5] would get
marks 1..5 and all others ips would get mark 200. This appears to be
working correctly, since if i manually add one tc filter rule using
the correctly flowid , the traffic will go to the correctly queue. The
problem is that apparently if i am creating the filter using the 'tc
.. map key mark and 0xff' every new connection is going in a different
class . I'd expect that if i start a parallel download from the
192.168.0.1 i would only see one single class created by codel,
instead of one class per connection, since all these connections are
marked with mark 1/0xff
Any help about what am i doing wrong?
[]'s
Salatiel
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
