Hi there, I am trying to understand our router / firewall, that was configured by another person. It is a Debian GNU/Linux with several configurations with tc and iptables. I have a question about flowid in ingress qdisc. As fas as I know, this qdisc is a dummy one, and flowid is just used with :1 because the traffic have to be redirected to something. However, in our router, there are some filters of ingress qdisc, that have differents flowids (:1, :2 and :5). Does that have any sense? Thanks very much, tizo
Andrés Ghigliazza wrote:> Hi there, > > I am trying to understand our router / firewall, that was configured > by another person. It is a Debian GNU/Linux with several > configurations with tc and iptables. > > I have a question about flowid in ingress qdisc. As fas as I know, > this qdisc is a dummy one, and flowid is just used with :1 because the > traffic have to be redirected to something. > > However, in our router, there are some filters of ingress qdisc, that > have differents flowids (:1, :2 and :5). Does that have any sense?If they are before the mirred egress redirect dev dummyX then they will not affect the shaping/classification on the dummy setup, but will be restored when the packets leave dummy - so you can shape again if say you were doing it on egress (you can''t filter redirected packets twice to avoid loops). I don''t know whether they carry over to egress when it''s done on ingress. Andy.