thr3ads.net - Linux Ethernet Bridging - [Bridge] packet mangling and qos on bridge . [Aug 2009]

If this information is useful, please help other people find it:
Share via:

ratheesh k

2009-Aug-19 12:14 UTC

[Bridge] packet mangling and qos on bridge .

I have two interfaces , eth0 and ap0 bridged together to form br0 .
And another interfaces eth1 on wan side .


                   br0 <------------------------> eth1
               ( eth0 , ap0)
                 {  lan  }                         {wan}

packets from lan side are nated  to eth1 .  i have qos rules on both
br0 and eth1 .  when i googled i found that "mangling packets on br0
and using fw filters wont work on linux bridge ".. Is this true ?? Can
you tell me why ??

But the funny thing is i colored packets  in prerouting chain  only
specifying protocol ( not specifying interface )

 iptables  -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2   and
i have filter rule to put  packets tat are fw marked as 2 to put into
some flow . This works fine , when i send an icmp packet from lan to
wan side !!!!!!! ??????????

But if  try any of below rules  intsead of above ,  it wont work

iptables  -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
iptables  -t mangle -A PREROTUING -p icmp  -s 192.168.1.0/24  -d !
192.168.1.0/24 -j MARK --set-mark 2
iptables  -t mangle -A FORWARD  -p icmp  -i br0 -o eth1 -j MARK --set-mark 2

i dont know y ????????

 I should go for ebtables to mark packets ???????? then it will work ???

ratheesh k

2009-Aug-20 15:28 UTC

head link

[Bridge] packet mangling and qos on bridge .

in linux kernel  , in  net/sched/cls_fw.c  file  , fw_classify is
called every time  tc filter  is hit .
skb->mark is  zero when u use rules like

 > iptables  -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark
2> iptables  -t mangle -A PREROTUING -p icmp  -s 192.168.1.0/24  -d !
> 192.168.1.0/24 -j MARK --set-mark 2
> iptables  -t mangle -A FORWARD  -p icmp  -i br0 -o eth1 -j MARK --set-mark
2
But if u use>iptables  -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2
the skb->mark is 2  , correct value .

This problem happens only with bridge . when i tried with one of the
interface it works perfectly .

Thanks,
Ratheesh




On Wed, Aug 19, 2009 at 5:44 PM, ratheesh k<ratheesh.ksz at gmail.com>
wrote:>  I have two interfaces , eth0 and ap0 bridged together to form br0 .
> And another interfaces eth1 on wan side .
>
>
>                   br0 <------------------------> eth1
>               ( eth0 , ap0)
>                 {  lan  }                         {wan}
>
> packets from lan side are nated  to eth1 .  i have qos rules on both
> br0 and eth1 .  when i googled i found that "mangling packets on br0
> and using fw filters wont work on linux bridge ".. Is this true ?? Can
> you tell me why ??
>
> But the funny thing is i colored packets  in prerouting chain  only
> specifying protocol ( not specifying interface )
>
>  iptables  -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2   and
> i have filter rule to put  packets tat are fw marked as 2 to put into
> some flow . This works fine , when i send an icmp packet from lan to
> wan side !!!!!!! ??????????
>
> But if  try any of below rules  intsead of above ,  it wont work
>
> iptables  -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
> iptables  -t mangle -A PREROTUING -p icmp  -s 192.168.1.0/24  -d !
> 192.168.1.0/24 -j MARK --set-mark 2
> iptables  -t mangle -A FORWARD  -p icmp  -i br0 -o eth1 -j MARK --set-mark
2
>
> i dont know y ????????
>
>  I should go for ebtables to mark packets ???????? then it will work ???
>

ratheesh k

2009-Aug-25 11:38 UTC

head link

[Bridge] packet mangling and qos on bridge .

i can see problem in   2.6.22.18 ,but not in 2.6.26.8 ..... Is there
any patch available ??//






On Thu, Aug 20, 2009 at 8:58 PM, ratheesh k<ratheesh.ksz at gmail.com>
wrote:> in linux kernel ?, in ?net/sched/cls_fw.c ?file ?, fw_classify is
> called every time ?tc filter ?is hit .
> skb->mark is ?zero when u use rules like
>
> ?> iptables ?-t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
>> iptables ?-t mangle -A PREROTUING -p icmp ?-s 192.168.1.0/24 ?-d !
>> 192.168.1.0/24 -j MARK --set-mark 2
>> iptables ?-t mangle -A FORWARD ?-p icmp ?-i br0 -o eth1 -j MARK
--set-mark 2
>
> But if u use
>>iptables ?-t mangle -A PREROTUING -p icmp -j MARK --set-mark 2
>
> the skb->mark is 2 ?, correct value .
>
> This problem happens only with bridge . when i tried with one of the
> interface it works perfectly .
>
> Thanks,
> Ratheesh
>
>
>
>
> On Wed, Aug 19, 2009 at 5:44 PM, ratheesh k<ratheesh.ksz at
gmail.com> wrote:
>> ?I have two interfaces , eth0 and ap0 bridged together to form br0 .
>> And another interfaces eth1 on wan side .
>>
>>
>> ? ? ? ? ? ? ? ? ? br0 <------------------------> eth1
>> ? ? ? ? ? ? ? ( eth0 , ap0)
>> ? ? ? ? ? ? ? ? { ?lan ?} ? ? ? ? ? ? ? ? ? ? ? ? {wan}
>>
>> packets from lan side are nated ?to eth1 . ?i have qos rules on both
>> br0 and eth1 . ?when i googled i found that "mangling packets on
br0
>> and using fw filters wont work on linux bridge ".. Is this true ??
Can
>> you tell me why ??
>>
>> But the funny thing is i colored packets ?in prerouting chain ?only
>> specifying protocol ( not specifying interface )
>>
>> ?iptables ?-t mangle -A PREROTUING -p icmp -j MARK --set-mark 2 ? and
>> i have filter rule to put ?packets tat are fw marked as 2 to put into
>> some flow . This works fine , when i send an icmp packet from lan to
>> wan side !!!!!!! ??????????
>>
>> But if ?try any of below rules ?intsead of above , ?it wont work
>>
>> iptables ?-t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
>> iptables ?-t mangle -A PREROTUING -p icmp ?-s 192.168.1.0/24 ?-d !
>> 192.168.1.0/24 -j MARK --set-mark 2
>> iptables ?-t mangle -A FORWARD ?-p icmp ?-i br0 -o eth1 -j MARK
--set-mark 2
>>
>> i dont know y ????????
>>
>> ?I should go for ebtables to mark packets ???????? then it will work
???
>>
>

ratheesh k

2009-Sep-08 15:46 UTC

head link

[Bridge] packet mangling and qos on bridge .

i m a big idiot .....i made a big mistake .

i will explain in detail . i have a router like below . i will connect
my computers to lan side of router ( br0) and eth1 is connected to
internet .

 ->   br0 <------------------------> eth1
     ( eth0 , ap0)
       {  lan  }                         {wan}

there r two types of traffic .
 A. traffic from my computers that will go to br0 , then will route
and go to internet thru eth1
 B. traffic coming from eth1 will be routed to br0 , then to my computer .

There are two types of qdisc in place . ingress and outgress .

pkts of type A will be processed  only at egress qdisc of eth1
pkts of type B will be processed only at egress qdisc of  br0 .

My mistakes was : i applied coloring at br0 and used fw filter on same
br0 ..This wont work .

dev_queue_xmit function will put pkts after routed into repective
device (eth0 or br0 ) qdisc  .

Suppose there are lan-to-lan traffic and wan-to-lan traffic , we
cannot prioritize any of this traffic using egress qdisc . Because
lan-to-lan traffic wont call dev_queue_xmit .  You can use ingress
queue to do policing . I am not very much sure about this .

netif_recieve_skb() function is called for all pkts coming in . Try
ingress qdisc .

Thanks,
Rat

On Tue, Aug 25, 2009 at 5:08 PM, ratheesh k<ratheesh.ksz at gmail.com>
wrote:> i can see problem in ? 2.6.22.18 ,but not in 2.6.26.8 ..... Is there
> any patch available ??//
>
>
>
>
>
>
> On Thu, Aug 20, 2009 at 8:58 PM, ratheesh k<ratheesh.ksz at
gmail.com> wrote:
>> in linux kernel ?, in ?net/sched/cls_fw.c ?file ?, fw_classify is
>> called every time ?tc filter ?is hit .
>> skb->mark is ?zero when u use rules like
>>
>> ?> iptables ?-t mangle -A PREROTUING -p icmp -i br0 -j MARK
--set-mark 2
>>> iptables ?-t mangle -A PREROTUING -p icmp ?-s 192.168.1.0/24 ?-d !
>>> 192.168.1.0/24 -j MARK --set-mark 2
>>> iptables ?-t mangle -A FORWARD ?-p icmp ?-i br0 -o eth1 -j MARK
--set-mark 2
>>
>> But if u use
>>>iptables ?-t mangle -A PREROTUING -p icmp -j MARK --set-mark 2
>>
>> the skb->mark is 2 ?, correct value .
>>
>> This problem happens only with bridge . when i tried with one of the
>> interface it works perfectly .
>>
>> Thanks,
>> Ratheesh
>>
>>
>>
>>
>> On Wed, Aug 19, 2009 at 5:44 PM, ratheesh k<ratheesh.ksz at
gmail.com> wrote:
>>> ?I have two interfaces , eth0 and ap0 bridged together to form br0
.
>>> And another interfaces eth1 on wan side .
>>>
>>>
>>> ? ? ? ? ? ? ? ? ? br0 <------------------------> eth1
>>> ? ? ? ? ? ? ? ( eth0 , ap0)
>>> ? ? ? ? ? ? ? ? { ?lan ?} ? ? ? ? ? ? ? ? ? ? ? ? {wan}
>>>
>>> packets from lan side are nated ?to eth1 . ?i have qos rules on
both
>>> br0 and eth1 . ?when i googled i found that "mangling packets
on br0
>>> and using fw filters wont work on linux bridge ".. Is this
true ?? Can
>>> you tell me why ??
>>>
>>> But the funny thing is i colored packets ?in prerouting chain ?only
>>> specifying protocol ( not specifying interface )
>>>
>>> ?iptables ?-t mangle -A PREROTUING -p icmp -j MARK --set-mark 2 ?
and
>>> i have filter rule to put ?packets tat are fw marked as 2 to put
into
>>> some flow . This works fine , when i send an icmp packet from lan
to
>>> wan side !!!!!!! ??????????
>>>
>>> But if ?try any of below rules ?intsead of above , ?it wont work
>>>
>>> iptables ?-t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark
2
>>> iptables ?-t mangle -A PREROTUING -p icmp ?-s 192.168.1.0/24 ?-d !
>>> 192.168.1.0/24 -j MARK --set-mark 2
>>> iptables ?-t mangle -A FORWARD ?-p icmp ?-i br0 -o eth1 -j MARK
--set-mark 2
>>>
>>> i dont know y ????????
>>>
>>> ?I should go for ebtables to mark packets ???????? then it will
work ???
>>>
>>
>

Linux Ethernet Bridging - Aug 2009 - [Bridge] packet mangling and qos on bridge .

[Bridge] packet mangling and qos on bridge .

[Bridge] packet mangling and qos on bridge .

[Bridge] packet mangling and qos on bridge .

[Bridge] packet mangling and qos on bridge .