I have been studying traffic control in linux these days. I became to know there are several qeueuing displines such as tbf, cbq, htp, etc. But, there isn't the comment whether they support IPv6 traffic. I got this question because there is no comment about how to connect qdisc classes with IPv6 flow using "tc filter" command, and I think the "tc filter" command examples shown in several documents are for only IPv4.
신혜민 wrote:> I have been studying traffic control in linux these days. > > I became to know there are several qeueuing displines such as tbf, cbq, > > htp, etc. But, there isn''t the comment whether they support IPv6 traffic. > > I got this question because there is no comment about how to connect qdisc > > classes with IPv6 flow using "tc filter" command, and I think the "tc > > filter" command examples shown in several documents are for only IPv4. >I haven''t personally verified this, but I''m pretty sure that even if the tc filters don''t natively support ipv6 matches, you can still use iptables/ip6tables to mark packets as you choose, and then filter for that mark. Something like: # It''s often easier to make new chains for this # because there''s an implicit RETURN after a MARK # so we can''t just let packets fall off the end of the chain # or else they may end up matching later rules. ip6tables -t mangle -N fast ip6tables -t mangle -A fast -j MARK --set-mark 0x01 ip6tables -t mangle -A fast -j ACCEPT # just an example ip6tables -t mangle -A FORWARD -p tcp -s 10.0.0.2 -j fast # You can set up your htb (or whatever) framework # and add this filter for it to reference. tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x01 fw \ flowid 1:10 ....and so forth. -Corey _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wed, Mar 24, 2004 at 09:01:49AM -0800, Corey Hickey wrote:> I haven''t personally verified this, but I''m pretty sure that even if the > tc filters don''t natively support ipv6 matches, you can still use > iptables/ip6tables to mark packets as you choose, and then filter for > that mark. Something like:This does work, but there are a few complications...> # It''s often easier to make new chains for this > # because there''s an implicit RETURN after a MARK > # so we can''t just let packets fall off the end of the chain > # or else they may end up matching later rules. > ip6tables -t mangle -N fast > ip6tables -t mangle -A fast -j MARK --set-mark 0x01 > ip6tables -t mangle -A fast -j ACCEPT > > # just an example > ip6tables -t mangle -A FORWARD -p tcp -s 10.0.0.2 -j fast > > # You can set up your htb (or whatever) framework > # and add this filter for it to reference. > tc filter add dev eth0 parent 1: protocol ip prio 1 handle 0x01 fw \ > flowid 1:10That should of course read "protocol ipv6", and then it works. Well, almost. There seem to be rather a lot of issues if trying to mix "protocol ip" and "protocol ipv6" in filters. I''ve seen a lot of: "RTNETLINK answers: No such file or directory" errors while trying that. Sometimes it appears to work, other times it doesn''t, and I''ve yet to work out why. Which, I must say, is rather irritating. If anybody can shed any light on this I''d like to hear it :) -- Alan Ford * alan@whirlnet.co.uk _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wed, Mar 24, 2004 at 06:24:16PM +0000, Alan Ford wrote:> Well, almost. There seem to be rather a lot of issues if trying > to mix "protocol ip" and "protocol ipv6" in filters.I''ve done some more experimentation with this, and so long as commands are entered in the right order it seems fairly happy. The one thing you *cannot* do is mix "protocol ip" and "protocol ipv6" filters for filtering into a class. The second filter request returns with "Invalid argument". This is really rather inconvenient. Does anybody know why? I wondered if I could get around this by not specifying a protocol at all, i.e.: tc filter add dev eth0 parent 1:0 prio 10 handle 10 fw flowid 1:10 But all it returns with is: RTNETLINK answers: Invalid argument Is it possible to do a fwmark match without a protocol? Or is there any other way around my problem? Thanks, Alan -- Alan Ford * alan@whirlnet.co.uk _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thu, Apr 15, 2004 at 02:10:47PM +0300, Hasso Tepper wrote:> Alan Ford wrote: > > > The one thing you *cannot* do is mix "protocol ip" and "protocol > > ipv6" filters for filtering into a class. The second filter request > > returns with "Invalid argument"....> > Is it possible to do a fwmark match without a protocol? Or is there > > any other way around my problem? > > I would like to have solution for this as well. At the moment I have > to use imq device per device and TBF because of that :(. Number of > imq devices is limited and many other annoying things.I discovered the answer to this problem was hidden in a totally unrelated post yesterday :) [most general filter rule] You can specify "protocol all" in filters, and still use fwmarks to identify traffic. I have been using this since yesterday and it appears to work perfectly, you can MARK packets with the same ID in both iptables and ip6tables, and filter them into the same class. -- Alan Ford * alan@whirlnet.co.uk _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/