Hello lartc, Q1: If I want select subhet, I wrote ...u32 match ip dst a.d.r.es/net police ... How I can say "all except z.x.y" ? Both src/dest addr/port - I foundn''t this info in HOWTO :((( Q2: Why I can''t (or not allowed) to create more then one class into !ingress! queue? I know, it''s incoming trafic? but why? it''s look simply: (yes, i may be wrong:) If first incomng packet owerlimit own filtered class - then drop, else pass... Why it''s hardly then outgoing (drop only!!)? or, if it''s possible - give a sample, please. Thanks! -- Best regards, Ray-Nger mailto:ray-nger@yandex.ru _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Monday 20 January 2003 16:56, ray-nger wrote:> Hello lartc, > Q1: > > If I want select subhet, I wrote > ...u32 match ip dst a.d.r.es/net police ... > How I can say "all except z.x.y" ? > Both src/dest addr/port - I foundn''t this info in HOWTO :(((Use 2 filters : 1. all z.x.y to a class 2. all to an other class so the second filter matches all except x.y.z> Q2: > Why I can''t (or not allowed) to create more then one class into > !ingress! queue? I know, it''s incoming trafic? but why? > it''s look simply: (yes, i may be wrong:) > If first incomng packet owerlimit own filtered class - then drop, else > pass... > > Why it''s hardly then outgoing (drop only!!)? > or, if it''s possible - give a sample, please.It''s not possible. The ingress qdisc is not a real qdisc. All egress qdiscs like htb/cbq/sfq are changing the queue of packets that leaves a nic. But for incoming there is no queue that you can change. So you can add a ingress qdisc and you can use filters+policers to manage incoming traffic, but it will not so powerfull as you can with outgoing packets. You can''t delay a packet with the ingress qdisc. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello Stef,>> How I can say "all except z.x.y" ?SC> Use 2 filters : SC> 1. all z.x.y to a class SC> 2. all to an other class SC> so the second filter matches all except x.y.z Ok. How it will be for ingress? It have only 1 class, haven''t it? -- Best regards, Ray-Nger mailto:srainbow@rambler.ru _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Tuesday 21 January 2003 11:19, ray-nger wrote:> Hello Stef, > > >> How I can say "all except z.x.y" ? > > SC> Use 2 filters : > SC> 1. all z.x.y to a class > SC> 2. all to an other class > SC> so the second filter matches all except x.y.z > Ok. How it will be for ingress? It have only 1 class, haven''t it?Yes. But the same trick can be used. I suppose you want to rate limit the packets coming from "all except x.y.z". Then rate limit only filter 2. So all packets matched by the 1. filter can pass thru and all packets matched by the 2. filter are rate limited. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/