thr3ads.net - LARTC - [tcng] and iptables [Sep 2002]

If this information is useful, please help other people find it:
Share via:

raptor

2002-Sep-26 21:47 UTC

[tcng] and iptables

As we discused earlier in the list tcng still doesn''t support
ipchains/iptable/ip route marking and classifing based on this.
So my question is how can I do this manualy i.e. find the desired class-ID ...
and add additional tc-commands so that marked packets goes to the desired class.

I need this for this :")

eth0  ----> class X:Y
eht1  ----> class Z:W

f.e. everything coming from eth0 goes to 100kbps class and everything from eth1
to 50kbps.
In fact it a litle bit harder :
3 frame realy channels (1 upstream/pvc0 and 2 downstream/pvc1,pvc2) and 2 eth.
Example :
if from pvc1 --> eth0 and ip_dst = 192.168.0.55 then 10kbps
if from pvc2 --> eth0 and ip_dst = 192.168.0.55 then 15kbps
if ip_src = 192.168.0.55 then 10kbps (dest is always pvc0 until i setup proxy)

thanx
raptor
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Werner Almesberger

2002-Sep-27 05:52 UTC

head link

Re: [tcng] and iptables

raptor wrote:> As we discused earlier in the list tcng still doesn''t support
> ipchains/iptable/ip route marking and classifing based on this.
Well, you can just use the MARK target to set skb->nfmark with
iptables, and you can then use this for classification with the
"fw" classifier, e.g.

prio {
    fw {
	class (1) on (13);
	class (2) on (42);
    }
}

13 and 42 are the MARK values.
> In fact it a litle bit harder :
> 3 frame realy channels (1 upstream/pvc0 and 2 downstream/pvc1,pvc2) and 2
> eth.

Combining classifiers is rather tricky, and it''s also quite
limited by the way how classifiers are chained. You can build
interesting things with that, as shown e.g. in the section
"Dump actions" of tcc/if_u32.c, but it''s quite messy.

tcc doesn''t support any combined classifiers (when using tc),
because the limitations imposed by the kernel traffic control
are just too narrow.

Example: let''s assume, you could select "nfmark == X" in an
"if" construct, and tcc would build a classifier combining
"fw" and "u32". Then, the following expressions could be
converted:

class (<$class_1>) if nfmark == VALUE_1 && $condition_1;
class (<$class_2>) if nfmark == VALUE_1 && $condition_2;
class (<$class_3>) if 1;

and

class (<$class_1>) if nfmark == VALUE_1 && $condition_1;
class (<$class_2>) if nfmark == VALUE_2 && $condition_1;
class (<$class_3>) if 1;

but not

class (<$class_1>) if nfmark == VALUE_1 && $condition_1;
class (<$class_2>) if nfmark == VALUE_2 && $condition_2;
class (<$class_3>) if 1;

I don''t even want to think about how to combine this with
policing :-)

So in your case, the correct solution is to do the whole
classification process in iptables, and only use "fw" in
the tcng part. In a future version of tcc, you''ll also be
able to usw "if" instead of "fw".

- Werner

-- 
  _________________________________________________________________________
 / Werner Almesberger, Buenos Aires, Argentina         wa@almesberger.net /
/_http://www.almesberger.net/____________________________________________/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

LARTC - Sep 2002 - [tcng] and iptables

[tcng] and iptables

Re: [tcng] and iptables