Hi. I am trying to bend my brain around ''tc'' and friends and am failing so far. I need to set up a bridge which limits the packet rate to 2000 packets/s, but with the added twist that packets with a certain DSCP value must be given absolute priority in both directions. The packet rate limit thing appears to be easy: brcfg addbr br0 brcfg addif br0 eth0 brcfg addif br0 eth1 ifconfig eth0 promisc up ifconfig eth1 promisc up ifconfig br0 192.168.10.1 promisc up ebtables -P FORWARD DROP ebtables -A FORWARD --logical-out br0 --limit 2000/s -j ACCEPT I think this bit works. (A bit difficult to measure. iptraf only reveals packetrates for physical ethernet interfaces. Are there better alternatives to monitor the packetrate on a live interface?) But I need to make sure the packets are prioritized before they enter the bridge device. I was hoping the ingress qdisc could help me here. Something like this: tc qdisc add dev eth0 handle ffff: ingress tc filter add dev eth0 parent ffff: protocol ip prio 1 u32 match ip tos 0xC0 0xff tc filter add dev eth0 parent ffff: protocol ip prio 2 u32 match ip dst 0/0 tc qdisc add dev eth1 handle ffff: ingress tc filter add dev eth1 parent ffff: protocol ip prio 1 u32 match ip tos 0xC0 0xff tc filter add dev eth1 parent ffff: protocol ip prio 2 u32 match ip dst 0/0 I would not be terribly surprised if the lines above make somebody cry. Or laugh. Or both. The idea was to prioritize packets with the "right" DSCP value over all other packets, causing the "other" packets to be dropped first. This does not appear to work. Is what I am trying to do at all doable with the current tools? And by the way: ''man tc'' refers to the ''tc-filter'' man-page, which I cannot find.... Regards, Dag B