Hi all,
I''m trying to marking packets with iptables and use tc filter to catch
this
packets.
I configure my device:
tc qdisc del root dev eth0
tc qdisc add dev eth0 root handle 1: htb default 10
tc class add dev eth0 parent 1: classid 1:1 htb rate 3000kbit ceil 6000kbit
burst 15k
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 2000kbit ceil
4000kbit burst 15k
tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10
tc class add dev eth0 parent 1:1 classid 1:20 htb rate 1400kbit ceil
2000kbit burst 15k
tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10
Then I mark the packet with this commands:
iptables -F -t mangle
iptables -A PREROUTING -t mangle -p tcp --sport 80 -j MARK --set-mark 2
And I realize the filter:
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 2 fw classid
1:20
To test this configuration I use my browser to create html traffic.
Packets are marked:
iptables -t mangle -vL PREROUTING
output:
Chain PREROUTING (policy ACCEPT 4762 packets, 2102K bytes)
pkts bytes target prot opt in out source
destination
13 4884 MARK tcp -- any any anywhere anywhere
tcp spt:www MARK set 0x2
but nothing goes to class 1:20 and qdisc 20:
tc -s qdisc ls dev eth0
output:
qdisc htb 1: r2q 10 default 10 direct_packets_stat 0
Sent 45353 bytes 197 pkts (dropped 0, overlimits 0)
qdisc sfq 10: parent 1:10 limit 128p quantum 1514b perturb 10sec
Sent 45353 bytes 197 pkts (dropped 0, overlimits 0)
qdisc sfq 20: parent 1:20 limit 128p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
Why?
Thanks
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
Vuoi fare business con la Cina? Videocorso pratico con utili suggerimenti
per chi vuole fare import-export con la Cina
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=6201&d=20070214
