Hello, with the command : tc filter add dev eth0 parent ffff: protocol ip u32 patch ip src 192.168.2.6police rate 10000kbit burst 10000kbit drop flowid :1 we can limit traffic coming from 192.168.2.6. I would like: for 192.168.1.2, 192.168.1.4 limit to 10mbit for 192.168.1.3, 192.168.1.5 limit to 20mbit other ip would have no limit. Is it possible with tc ? Regards Olivier. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
mohican 542003 wrote:> Hello, > > with the command : > tc filter add dev eth0 parent ffff: protocol ip u32 patch ip src > 192.168.2.6police rate 10000kbit burst 10000kbit drop flowid :1 > we can limit traffic coming from 192.168.2.6. > > I would like: > for 192.168.1.2, 192.168.1.4 limit to 10mbit > for 192.168.1.3, 192.168.1.5 limit to 20mbit > other ip would have no limit. > > Is it possible with tc ?Should be possible - do you mean .2 and .4 share 10mbit or get 10mbit each? Andy.
mohican 542003 wrote:> Hello, > > I would like that .2 and .4 share 10mbit and .3 and .5 share 20 mbit. > > I finally use tcindex that works fine. u32 can only be used with one IP, > and iptables cannot mark packet for incoming traffic. > > Do you have another suggestion ?There are things called shared meters - though I think that name is a bit misleading as to their usefullness. You can use them to make policers from different matches behave as one, so it is possible to do as you want - it won''t be a fair share though. The iptables issue is because the place policers hook changed - on 2.4s and if you config your kernel the right way (don''t select packet action, and then select the old/depreciated policer) it will see packets after iptables prerouting, the default on 2.6s is to hook before netfilter. Andy.