Re: Fair queuing with htb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I've attached a graph which explains what are the marked packets.

Your design is wrong. You mark the upload traffic, when the main http traffic is the download traffic. That is why your QoS seems ineffective


The general goal is to do a QoS based on user ip. If I had no proxy, it would be easy. However, since I've a proxy, my firewall sees the proxy ip, not the
users IP.

Where is your firewall ? Between the proxy and the webserver, or the otherside ?

In the first case, you can only mark the upload traffic (it's to late for the download traffic). You should use the conntrack module to mark a connection, and so, you will be able to mark the download traffic

Moreover, I don't understand why you don't have access to your user addresses. You use mark, so your firewall and your proxy are running on the same box. So, when the download traffic leaves your proxy/firewall, the destination adsress is the user address. tc is called when a packet is send to the network, or when a packet arrive. So you can do IP based QoS.

Antoine
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux