hrmmm, ok after trying out "tc" for the last week i''ve noticed it is not even nearly as powerfull as netfilter. is still have the same problem with dropping packets as i did before, it seems to break some connections (i''m not dropping SYN packets, or any ones which are in state NEW), only those related & established. is there anything i shouldn''t drop?, like specific combinations of flags? would it be better if i dropped every second packet when a limit is exceeded rathat than everything? i really need advice on this :( Regards Nigel
On Tuesday 09 April 2002 01:51, Nigel Kukard wrote:> hrmmm, ok after trying out "tc" for the last week i''ve noticed it is > not even nearly as powerfull as netfilter.Netfilter is designed to filter the traffic and the packets. Tc will manage the outgoing queue and has nothing to do with netfilter. They both will drop packets, but with netfilter you can specify the packets (so you can create a firewall) while tc will drop packets to slow down the sender. Tc is used to manage the bandwidth you can send (and in a special way you receive). Netfilter can also do rate-limiting, but it can''t do it as powerfull as tc. Tc can share the bandwidth between classes, give packets a higher priority, ... Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net
you can do the same with netfilter, with the relevant matches. it has to be cleverly constructed yes, but it definitly is possible. you can use priorities with connection marking.... very easy i would like to know how tc drops packets, because if i drop consecutive packets (over 10 or 20) in one connection, it gets reset by the other side. if i drop packets randomly (50%), it works fine. On Tue, 9 Apr 2002, Stef Coene wrote:> On Tuesday 09 April 2002 01:51, Nigel Kukard wrote: > > hrmmm, ok after trying out "tc" for the last week i''ve noticed it is > > not even nearly as powerfull as netfilter. > Netfilter is designed to filter the traffic and the packets. Tc will manage > the outgoing queue and has nothing to do with netfilter. > They both will drop packets, but with netfilter you can specify the packets > (so you can create a firewall) while tc will drop packets to slow down the > sender. > Tc is used to manage the bandwidth you can send (and in a special way you > receive). Netfilter can also do rate-limiting, but it can''t do it as > powerfull as tc. Tc can share the bandwidth between classes, give packets a > higher priority, ... > > Stef > >