(using htb)
I''m trying to learn tc filter and it seems the flowid parameter can
only
point to leaf classes. Actually, it can point anywhere, but it doesn''t
seem to work unless it points to a leaf class. Is this correct?
For example, I have this tree:
eth0
|
+------1:-------+
| |
+------1:10 1:20
| | |
1:30 1:40 20:
| |
30: 40:
1: is htb qdisc, with default pointing to minor 20.
And this filter:
iptables -t mangle -A OUTPUT -d $DSTHOST -j MARK --set-mark 1
tc filter add dev $DEV parent 1:0 prio 1 protocol ip \
handle 1 \
fw \
flowid 1:10
Now, I only see 1:10 getting the traffic if 1:30 and 1:40 don''t exist.
The moment I add 1:30, 1:40 and their qdiscs, the above filter stops
working and this same traffic starts going to 1:20, which is the default
set at 1:''s qdisc.
Why does the filter stop working? I was expecting it to keep working and
then I could further filter this traffic into 1:30 and 1:40 *at* 1:10.
Andreas Hasenack wrote:> (using htb) > > I''m trying to learn tc filter and it seems the flowid parameter can only > point to leaf classes. Actually, it can point anywhere, but it doesn''t > seem to work unless it points to a leaf class. Is this correct? > > For example, I have this tree: > > eth0 > | > +------1:-------+ > | | > +------1:10 1:20 > | | | > 1:30 1:40 20: > | | > 30: 40: > > 1: is htb qdisc, with default pointing to minor 20. > > And this filter: > > iptables -t mangle -A OUTPUT -d $DSTHOST -j MARK --set-mark 1 > tc filter add dev $DEV parent 1:0 prio 1 protocol ip \ > handle 1 \ > fw \ > flowid 1:10 > > Now, I only see 1:10 getting the traffic if 1:30 and 1:40 don''t exist. > The moment I add 1:30, 1:40 and their qdiscs, the above filter stops > working and this same traffic starts going to 1:20, which is the default > set at 1:''s qdisc. > > Why does the filter stop working? I was expecting it to keep working and > then I could further filter this traffic into 1:30 and 1:40 *at* 1:10.You need other filters with parent 1:10 to send to leafs below 1:10 Andy.
Em Sáb 25 Fev 2006 08:43, Andy Furniss escreveu:> > Why does the filter stop working? I was expecting it to keep working and > > then I could further filter this traffic into 1:30 and 1:40 *at* 1:10. > > You need other filters with parent 1:10 to send to leafs below 1:10Thanks, that was (part of) it. I had tested with other filters on 1:10, but the problem was the filters themselves which were not correct. Just for the record, I was using iptables MARK target to first mark packets going to a host and then attempting to set another mark on 1:10 on the same packets depending on the destination port so they would be sent to 1:30 or 1:40. I now tested with u32 on 1:0 sending traffic to 1:10 and with fw on 1:10 sending packets to 1:30 and 1:40 using the iptables mark and it''s working just fine.