hi,
I have the following problem I have to classify packets based on iptables-mark
and on u32 filter...
My idea was to set
root-------> classX
|------------------> classY
and then in the root to have a filter that on iptables-mark to direct it to
classX, and then in classX to setup u32 filters
that further classify the packets.
Then in the root put the same u32 filters. So that (pseudo code):
>root
if fwmark == 2 then classid classX
else
u32 filter1 ..... flowid classY-child1
u32 filter2 ..... flowid classY-child2
u32 filter3 ..... flowid classY-child3
>classX
u32 filter1 ..... flowid classX-child1
u32 filter2 ..... flowid classX-child2
u32 filter3 ..... flowid classX-child3
Now what I read in the LARTC docs :
9.6. Classifying packets with filters
................
You can't filter a packet 'upwards', by the way. Also, with HTB, you should
attach all filters to the root!
......
Now this ruins my idea.... My config will not work with filters attached only on
ROOT 'cause the filters are the
same. The only difference is the fwmark. But on the other hand there is no way
to set in one filter both of these
mathces..
How to do what I want ?!
aaa and I can't use iptables only solution.. (meanwhile what is the maximum
number of the --set-mark values possible and what
is the maximum numbers of classes and qdisc i can use).
On Wednesday 12 November 2003 09:26, raptor wrote: > hi, > > I have the following problem I have to classify packets based on > iptables-mark and on u32 filter... My idea was to set > > root-------> classX > > |------------------> classY > > and then in the root to have a filter that on iptables-mark to direct it to > classX, and then in classX to setup u32 filters that further classify the > packets. > > Then in the root put the same u32 filters. So that (pseudo code): > >root > > if fwmark == 2 then classid classX > else > u32 filter1 ..... flowid classY-child1 > u32 filter2 ..... flowid classY-child2 > u32 filter3 ..... flowid classY-child3 > > >classX > > u32 filter1 ..... flowid classX-child1 > u32 filter2 ..... flowid classX-child2 > u32 filter3 ..... flowid classX-child3 > > Now what I read in the LARTC docs : > > 9.6. Classifying packets with filters > ................ > You can't filter a packet 'upwards', by the way. Also, with HTB, you should > attach all filters to the root! ...... You don't have to attach the filters to the root qdisc with htb. So you can implement your idea. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net
|> Now what I read in the LARTC docs : |> |> 9.6. Classifying packets with filters |> ................ |> You can't filter a packet 'upwards', by the way. Also, with HTB, you should |> attach all filters to the root! ...... |You don't have to attach the filters to the root qdisc with htb. So you can |implement your idea. ]- so, the LARTC docs are wrong !? tia
On Thursday 13 November 2003 00:56, raptor wrote: > |> Now what I read in the LARTC docs : > |> > |> 9.6. Classifying packets with filters > |> ................ > |> You can't filter a packet 'upwards', by the way. Also, with HTB, you > |> should attach all filters to the root! ...... > | > |You don't have to attach the filters to the root qdisc with htb. So you > | can implement your idea. > > ]- so, the LARTC docs are wrong !? Yes. I sended a patch to the maintainers. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net
--=-RV4p+sdu9VN9qPqBTWfd Content-Type: text/plain; charset=ISO-8859-2 Content-Transfer-Encoding: quoted-printable Ehlo! On =B6ro, 2003-11-12 at 09:26, raptor wrote: <cut/> > Now what I read in the LARTC docs : >=20 > 9.6. Classifying packets with filters > ................ > You can't filter a packet 'upwards', by the way. Also, with HTB, you should attach all filters to the root! > ...... <cut/> I've noticed that also. Can anyone explain why I should attach all filters to root when using HTB and what could happen if I don't respect that? BTW, why there's no "reply-to: lartc@mailman.ds9a.nl" in header? I think it would be a good idea. Or maybe I did something wrong? Greetings --=20 --=3D=3D Jacek "Dino" Bilski =3D=3D-- --=3D=3D Registered Linux User #165= 468 =3D=3D-- --=3D=3D dino@camelot.homedns.org =3D=3D-- --=3D=3D GG# 3484913= =3D=3D-- -=3D 1024D/5B44CFBE 2228 3F73 A678 81C3 4ABE 2617 C77C AE70 5B44 CFBE =3D= - --=-RV4p+sdu9VN9qPqBTWfd Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQA/s6WUx3yucFtEz74RAttTAJ4lxLBYHOgsT9qp8cbLi6eJciv69QCcDayY MFuiGKW03gLuzlzxwOckPQk= =nUnT -----END PGP SIGNATURE----- --=-RV4p+sdu9VN9qPqBTWfd--