LARTC - May 2002 - IMQ losing marks ??

I am marking incoming packets this way:

iptables -A PREROUTING -t mangle -i eth0 -j IMQ
iptables -A PREROUTING -t mangle --protocol tcp --destination 443 \
     -j MARK --set-mark 0x10020


On the IMQ device I have a htb queue.

But all the traffic is put in the *default* htb queue, and not in the good
one, it seems like the mark is lost ?


I am using a pretty similar configuration on transmite the output queue of
eth0, and it is working perfectly.

I have try :
  - change the marks, in order to not have interferences of the ones done
    by iptables in the transmit queue.
  - put -i eth0, or -i imq0 in the iptable who marks the packet.

So, the " --set-mark 0x10020" trick is not working in this case ??


-- 

      __o
    _ \<_
   (_)/(_)

Saludos de Julián
EA4ACL
-.-

Foro Wireless Madrid
http://opennetworks.rg3.net

> >
> >So, the " --set-mark 0x10020" trick is not working in this
case ??
> >

Yes, it is the conclusion. With "tc filter" the packets go to the
desired
queue, Devik''s trick doesn''t work in this case :-)




On Wed, 29 May 2002, Patrick McHardy wrote:
> Julián Muñoz wrote:
>
> >I am marking incoming packets this way:
> >
> >iptables -A PREROUTING -t mangle -i eth0 -j IMQ
> >iptables -A PREROUTING -t mangle --protocol tcp --destination 443 \
> >     -j MARK --set-mark 0x10020
> >
> >
> >On the IMQ device I have a htb queue.
> >
> >But all the traffic is put in the *default* htb queue, and not in the
good
> >one, it seems like the mark is lost ?
> >
> marks are definitely not lost, i''m classifying based on netfilter
marks
> (and fw classifier) and nothing
> gets lost there ...
>
> >
> >
> >I am using a pretty similar configuration on transmite the output queue
of
> >eth0, and it is working perfectly.
> >
> >I have try :
> >  - change the marks, in order to not have interferences of the ones
done
> >    by iptables in the transmit queue.
> >
> hmm there shouldn''t be any interferences, marks for imq usually
done in
> PREROUTING, marks for egress in
> OUTPUT or POSTROUTING ..
>
> >
> >  - put -i eth0, or -i imq0 in the iptable who marks the packet.
> >
> -i imq0 will never match. packets never come in through the imq device,
> they only pass the attached qdisc.
>
> >
> >So, the " --set-mark 0x10020" trick is not working in this
case ??
> >
> i have not tried it myself this way, but imq is doing nothing that would
> prevent it.
> maybe devik has an answer for us (i never tried nf_mark for
> classification, is it supposed to work this way ?)
>
> bye
> patrick
>
>
-- 

      __o
    _ \<_
   (_)/(_)

Saludos de Julián
EA4ACL
-.-

Foro Wireless Madrid
http://opennetworks.rg3.net

> > >
> > >So, the " --set-mark 0x10020" trick is not working in
this case ??
> > >
>
>
> Yes, it is the conclusion. With "tc filter" the packets go to the
desired
> queue, Devik''s trick doesn''t work in this case :-)
I''m interested here. Do you want why didn''t it work ?

devik

yes me :)

didn''t get why???

C

Martin Devera wrote:
>>>>So, the " --set-mark 0x10020" trick is not working in
this case ??
>>>>
>>>>
>>
>>Yes, it is the conclusion. With "tc filter" the packets go to
the desired
>>queue, Devik''s trick doesn''t work in this case :-)
>>
> 
> I''m interested here. Do you want why didn''t it work ?
> 
> devik
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

Yes, but will we understand ?? :-)


On Wed, 29 May 2002, Martin Devera wrote:
> > > >
> > > >So, the " --set-mark 0x10020" trick is not working
in this case ??
> > > >
> >
> >
> > Yes, it is the conclusion. With "tc filter" the packets go
to the desired
> > queue, Devik''s trick doesn''t work in this case :-)
>
> I''m interested here. Do you want why didn''t it work ?
>
> devik
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>

Hi All,

Anybody know if a range of ports can be specified within a tc filter
statement

i.e.
tc filter add dev eth 0 parent 10:1 protocol ip prio 10 u32 match ip dport
???? flowid 10:100

Works fine with a single port but can''t find any spec for multiple
ports.

Cheers
Steve.

Hello,

Can I define a ports range from one ip address?
For example, I try to determine certain bandwidth to one ip for smtp, http
and pop3, but I don''t want make any limit for netbios ports.

    Best regards,
                                        Alexander Dudko.

Use -j MARK in iptables and futher use this mark in tc filter

30.05.2002 4:16:38, "Steven Schmidt" <sschmidt@compass.net.nz>
wrote:
>Hi All,
>
>Anybody know if a range of ports can be specified within a tc filter
>statement
>
>i.e.
>tc filter add dev eth 0 parent 10:1 protocol ip prio 10 u32 match ip dport
>???? flowid 10:100
>
>Works fine with a single port but can''t find any spec for multiple
ports.
>
>Cheers
>Steve.
>
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
-----------------------------------
mailto:alexey_talikov@texlab.com.uz
BR
Alexey Talikov
FORTEK
-----------------------------------

Gasp,

Comparing my ingress with my egress config, I found I forget this:
tc filter add dev imq0 protocol ip parent 1: prio 1 fw

In the imq config, that''s why it didn''t work I suppose :-(



On Wed, 29 May 2002, Martin Devera wrote:
> > > >
> > > >So, the " --set-mark 0x10020" trick is not working
in this case ??
> > > >
> >
> >
> > Yes, it is the conclusion. With "tc filter" the packets go
to the desired
> > queue, Devik''s trick doesn''t work in this case :-)
>
> I''m interested here. Do you want why didn''t it work ?
>
> devik
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
-- 

      __o
    _ \<_
   (_)/(_)

Saludos de Julián
EA4ACL
-.-

Foro Wireless Madrid
http://opennetworks.rg3.net

Ehhh sorry , I wanted to ask: do you know ...... ?
devik

On Wed, 29 May 2002, [ISO-8859-1] Julián Muńoz wrote:
> Yes, but will we understand ?? :-)
>
>
> On Wed, 29 May 2002, Martin Devera wrote:
>
> > > > >
> > > > >So, the " --set-mark 0x10020" trick is not
working in this case ??
> > > > >
> > >
> > >
> > > Yes, it is the conclusion. With "tc filter" the packets
go to the desired
> > > queue, Devik''s trick doesn''t work in this case
:-)
> >
> > I''m interested here. Do you want why didn''t it work
?
> >
> > devik
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> >
> >
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>