Re: bug report and future request

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Mar 24, 2022 at 02:09:25PM +0200, Martin Zaharinov wrote:
> One more update 
> 
> I try to make rule for limiter in offload mode :
> 
> table inet nft-qos-static {
>         set limit_ul {
>                 typeof ip saddr
>                 flags dynamic
>         }
>         set limit_dl {
>                 typeof ip daddr
>                 flags dynamic
>         }
> 
>         chain upload {
>                 type filter hook prerouting priority filter ; policy accept;
>                 ip saddr @limit_ul drop;
>         }
> 
>         chain download {
>                 type filter hook postrouting priority filter; policy accept;
>                 ip daddr @limit_dl drop;
> 
>         }
>         flowtable fastnat {
>                 hook ingress priority filter; devices = { eth0, eth1 };
>         }
>         chain forward {
>                 type filter hook forward priority filter; policy accept;
>                 ip protocol { tcp , udp } flow offload @fastnat;
>         }
> }
> 
> its not work perfect only upload limit work , download get full channel 
> 
> in test i set 100mbit up/down  upload is stay on ~100mbit , but download up to 250-300mbit (i have this limit be my isp).
> 
> the problem is limiter work only for Upload , is it posible to make work on download rule ?

If you want to combine ratelimit/policing with flowtable, then you
have to use the ingress and egress hooks, not prerouting and
postrouting.

Make sure you place the flowtable in a priority that comes after the
priority of your ingress hook.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux