i m a big idiot .....i made a big mistake .
i will explain in detail . i have a router like below . i will connect
my computers to lan side of router ( br0) and eth1 is connected to
internet .
-> br0 <------------------------> eth1
( eth0 , ap0)
{ lan } {wan}
there r two types of traffic .
A. traffic from my computers that will go to br0 , then will route
and go to internet thru eth1
B. traffic coming from eth1 will be routed to br0 , then to my computer .
There are two types of qdisc in place . ingress and outgress .
pkts of type A will be processed only at egress qdisc of eth1
pkts of type B will be processed only at egress qdisc of br0 .
My mistakes was : i applied coloring at br0 and used fw filter on same
br0 ..This wont work .
dev_queue_xmit function will put pkts after routed into repective
device (eth0 or br0 ) qdisc .
Suppose there are lan-to-lan traffic and wan-to-lan traffic , we
cannot prioritize any of this traffic using egress qdisc . Because
lan-to-lan traffic wont call dev_queue_xmit . You can use ingress
queue to do policing . I am not very much sure about this .
netif_recieve_skb() function is called for all pkts coming in . Try
ingress qdisc .
Thanks,
Rat
On Tue, Aug 25, 2009 at 5:09 PM, ratheesh k<ratheesh.ksz@xxxxxxxxx> wrote:
> i can see this bug in 2.6.22.18 but not in 2.6.26.8 ....any clue is
> greatly appreciated ///
>
> On Thu, Aug 20, 2009 at 9:01 PM, ratheesh k<ratheesh.ksz@xxxxxxxxx> wrote:
>> I have two interfaces , eth0 and ap0 bridged together to form br0 .
>> And another interfaces eth1 on wan side .
>>
>>
>> br0 <------------------------> eth1
>> ( eth0 , ap0)
>> { lan } {wan}
>>
>> packets from lan side are nated to eth1 . i have qos rules on both
>> br0 and eth1 . when i googled i found that "mangling packets on br0
>> and using fw filters wont work on linux bridge ".. Is this true ?? Can
>> you tell me why ??
>>
>> But the funny thing is i colored packets in prerouting chain only
>> specifying protocol ( not specifying interface )
>>
>> iptables -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2 and
>> i have filter rule to put packets tat are fw marked as 2 to put into
>> some flow . This works fine , when i send an icmp packet from lan to
>> wan side !!!!!!! ??????????
>>
>> But if try any of below rules intsead of above , it wont work
>>
>> iptables -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
>> iptables -t mangle -A PREROTUING -p icmp -s 192.168.1.0/24 -d !
>> 192.168.1.0/24 -j MARK --set-mark 2
>> iptables -t mangle -A FORWARD -p icmp -i br0 -o eth1 -j MARK --set-mark 2
>>
>> i dont know y ????????
>>
>> in linux kernel , in net/sched/cls_fw.c file , fw_classify is
>> called every time tc filter is hit .
>> skb->mark is zero when u use rules like
>>
>> iptables -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
>> iptables -t mangle -A PREROTUING -p icmp -s 192.168.1.0/24 -d !
>> 192.168.1.0/24 -j MARK --set-mark 2
>> iptables -t mangle -A FORWARD -p icmp -i br0 -o eth1 -j MARK --set-mark 2
>>
>> But if u use
>> iptables -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2
>>
>> the skb->mark is 2 , correct value .
>>
>> This problem happens only with bridge . when i tried with one of the
>> interface it works perfectly .
>>
>> Thanks,
>> Ratheesh
>>
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
