Lance Dryden
2003-Sep-25 02:14 UTC
Proper filter syntax for matching Netfilter packet marks
Howdy. Sorry if I make a mistake; this is my first list posting. I''m running into ... somewhat conflicting and incomplete documentation when working out what exactly I''m to do in order to tc-filter match against packet MARKs set by NetFilter. The syntax I''m trying looks like this: tc filter add dev eth1 \ protocol ip \ parent 1:0 \ prio 1 \ handle 0x66 \ fw classid 1:102 But it apparently isn''t working right; this is the only filter in an egress HTB queue discipline, and all my traffic goes through the default class instead of my special class. This is as per "tc -s -d class show ..." Thanks for your time, Lance Dryden _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Stef Coene
2003-Sep-25 09:07 UTC
Re: Proper filter syntax for matching Netfilter packet marks
On Thursday 25 September 2003 04:14, Lance Dryden wrote:> Howdy. Sorry if I make a mistake; this is my first list posting. > > I''m running into ... somewhat conflicting and incomplete documentation > when working out what exactly I''m to do in order to tc-filter match > against packet MARKs set by NetFilter. > > The syntax I''m trying looks like this: > tc filter add dev eth1 \ > protocol ip \ > parent 1:0 \ > prio 1 \ > handle 0x66 \ > fw classid 1:102 > > But it apparently isn''t working right; this is the only filter in an > egress HTB queue discipline, and all my traffic goes through the default > class instead of my special class. This is as per "tc -s -d class show > ..."Can you check your iptables ruls so you are sure the mark gets placed? Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
jeremie le-hen
2003-Sep-25 09:21 UTC
Re: Proper filter syntax for matching Netfilter packet marks
> > But it apparently isn''t working right; this is the only filter in an > > egress HTB queue discipline, and all my traffic goes through the default > > class instead of my special class. This is as per "tc -s -d class show > > ..." > Can you check your iptables ruls so you are sure the mark gets placed?In case your NetFilter rules really match and packet are marked, then you should try using hexadecimal for marks. I know ip(8) interprets marks as hexadecimal, although it''s not documented AFAIK. I don''t have time to look at it in tc(8), but there are good chances it runs in the same way. I have posted a mail on this inconsistency one week ago, but no one replied. http://mailman.ds9a.nl/pipermail/lartc/2003q3/010074.html Regards, -- Jeremie aka TtZ/TataZ jeremie.le-hen@epita.fr _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/