search for: ip_src

...g in this way. ============================== script: ============================== dev eth0 { ingress { $police_isp = SLB( cbs 100kB, cir 50000 kbps ); $police_mirror = SLB( cbs 20kB, cir 2000 kbps ); $police_other = SLB( cbs 10kB, cir 1000 kbps ); class(<>) if (ip_src == XXX.XXX.XXX.XXX || /* external host */ ip_src == YYY.YYY.YYY.YYY ) && /* backup traffic */ SLB_ok($police_isp); class(<>) if ( ip_src == host("host.mirror.one") || ip_src == host("hos...

Martin, If I understand whay you are suggesting, there is a problem in your design: It will only work if you use Hide NAT. The problem is that the ip_src == IP0 rule is wrong: The ip_src is not changed by the router and it is not equal to the IP of any of the machine interfaces. Can you think of a solution that will work in the following reasonabl scenario: Lets say I have two T1 internet connections connected to one ethernet interface. I do not us...

...nel 2.4.8-20, iproute 2.4.7-7. Here is my script: ========================================================== ##################### #Interface definition ##################### #interface="ppp0" interface="eth0" ##################### #Addresses definition ##################### ip_src="192.168.1.240" #ip_src2="225.0.7.110" ######################################### #Delete any previous stored configuration ######################################### tc qdisc del dev $interface root ######################################## #Creating the root Qdisc (Queueing D...

...m sure what I have is far from optimal - but I wanted to stick as close to my original tc architecture as I could so: dev "imq0" { egress { class (<$four_vip>) if ip_src == 192.168.4.2/32; class (<$six_vip>) if ip_src == 192.168.6.2/32; class (<$four_all>) if ip_src == 192.168.4.0/24;...

...////////////////////////////////////////////////// #include "fields.tc" #include "ports.tc" #define WAN eth0 #define LAN83 eth1 #define LAN84 eth2 /* The WAN section is about upload to the internet */ dev WAN { egress { class ( <$uploadRouter> ) if ip_src == 192.168.83.1 || ip_src == 192.168.84.1; class ( <$uploadGKS> ) if ip_src == 192.168.83.22 ; class ( <$upload83> ) if ip_src:24 == 192.168.83.0 ; class ( <$upload84> ) if ip_src:24 == 192.168.84.0 ; class ( <$others> )...

Although RAW sockets can be used when specifying the source address of packets (defeating one of the aspects of the jail) some people may find it usefull to use utilities like ping(8) or traceroute(8) from inside jails. Enclosed is a patch I have written which gives you the option of allowing prison-root to create raw sockets inside the prison, so

...0kbps/2 #define midadsl 300kbps/2 #define lowadsl 200kbps/2 #define intadsl 150kbps/2 #define vloadsl 100kbps/2 #define noadsl 50kbps/2 dev INTERNET { $meter = trTCM( cir 128kbps, cbs 10kB, pir 200kbps, pbs 10 kB ); egress { class(<$lanssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_src == LAN_IP || ip_dst == LAN_IP; class(<$dmzssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_src == DMZ_IP || ip_dst == DMZ_IP; class(<$ssh>) if tcp_sport == 22 || tcp_dport == 22 if ip_tos_delay==1 ; class(<$smtp>) if tcp_sport == 25 || tcp_dport == 25; clas...

...script: > ============================== > > dev eth0 { > ingress { > $police_isp = SLB( cbs 100kB, cir 50000 kbps ); > $police_mirror = SLB( cbs 20kB, cir 2000 kbps ); > $police_other = SLB( cbs 10kB, cir 1000 kbps ); > > class(<>) if (ip_src == XXX.XXX.XXX.XXX || /* external host */ > ip_src == YYY.YYY.YYY.YYY ) && /* backup traffic */ > SLB_ok($police_isp); > class(<>) if ( ip_src == host("host.mirror.one") || > ip_s...

Hi. I understand that device aliases (e.g. eth2:3) are not shapeable. Does anybody know if this functionality is planned in the future? Anyway, for the time being the only option that seems to leave is to fwmark packets differently for each device alias and then shape based on that. Is it possible to set multiple marks on the packets? Alternatively, is it possible to check for a specific

...s. I plan to use tcng to set it up easier. Is there something wrong in my tcng file ? ~/tcng$ cat htb /* */ #include "fields.tc" #include "ports.tc" dev eth0 { htb ( ) { class ( rate 600kbps, ceil 600kbps ) { class () if ip_src == 10.0.0.1 ; class (default) ; } } } When I compile it, I get : ~/tcng$ tcc htb # ================================ Device eth0 tc qdisc add dev eth0 handle 1:0 root htb default 3 tc class add dev eth0 parent 1:0 classid 1:1 htb rate 75000bps ceil 75000b...

...et_payload (tb, &data); if (ret >= 0) printf ("payload_len=%d ", ret); fputc ('\n', stdout); return id; } static int cb (struct nfq_q_handle *qh, struct nfgenmsg *nfmsg, struct nfq_data *nfa, void *data) { uint32_t ip_src, ip_dst; struct in_addr s_ip; struct in_addr d_ip; uint16_t src_port; uint16_t dst_port; int verdict; int id; int ret; unsigned char *buffer; struct nfqnl_msg_packet_hdr *ph = nfq_get_msg_packet_hdr (nfa); if (ph) { id =...

...e.c~ Thu Jul 31 15:18:34 2003 +++ route.c Fri Oct 3 12:04:54 2003 @@ -174,7 +174,9 @@ static void route_ipv4_unreachable(vpn_packet_t *packet, uint8_t code) { - struct ip *hdr; + struct ip local_hdr; + struct ip *hdr = &local_hdr; + struct ip *phdr; struct icmp *icmp; struct in_addr ip_src; @@ -186,7 +188,7 @@ cp(); - hdr = (struct ip *)(packet->data + 14); + phdr = (struct ip *)(packet->data + 14); icmp = (struct icmp *)(packet->data + 14 + 20); /* Remember original source and destination */ @@ -217,7 +219,9 @@ memcpy(&hdr->ip_dst, &ip_src, 4);...

Is there a flow diagram as to where tc actions take place with respect to NAT and other iptables functions on a multihomed box (private & public NICs) ? Are tc filter rules consulted before or after NATing? My real interest is in basic understanding first, and then solving a real problem second. Example: Firewall Public NIC 123.123.123.1 Firewall Private NIC 192.168.168.1 Dedicated Video

Hello I am trying to redirect all http traffic of unauthorized wifi users on a wireless hotspot to a login page. The problem I have is that I can not disable the regular address translation (I want the source address to stay the same). 10.0.0.7 is the wifi client 195.250.155.29 is the web wifi user tries to access from his browser 195.113.17.94 is my login page 10.0.0.1 is the wifi

Hey all, i have a class. class ( <$call1> ) if ip_dst == 10.100.1.6 && tcp_dport == 22 if ip_src == 10.100.1.4 && tcp_sport == 22 ; Now when i apply this traffic TO 6 on port 22 is indeed limited to the speed i specify BUT it doesn''t seem to take the src into account at all. If i change the src to anything, even an address that doesn''t exist it still limi...

...he top of the hierarchy to get it working as expected. Is that true ? Thanks Le mer 05/05/2004 à 13:41, lartc@manchotnetworks.net a écrit : > ooops, > > j''ai oblier l''autre ligne: > dev eth0 { > htb () { > class ( rate 600kbps, ceil 600kbps ) if ip_src == 10.0.0.1; > class ( rate 1000kbps ) if 1; > } > } > > > On Wed, 2004-05-05 at 10:15, Clement MOREAU wrote: > > Thank you for your help. > > > > this setup is creating an additionnal qdisc (dsmark). For performance > > reasons, I would pref...

Hi all, I have setup two multipath route tables on my system for doing failover routing, What I want it''s that if GW at route1 of the MP is dead, traffic goes by route2, for doing that I have created the multipath routes as follows: ip route add table mail.traffic proto static nexthop via ${GW1} dev eth1 weight 1 nexthop via ${GW2} dev eth1 weight 250 But it does not run as I

Hi all, It is my understanding that with HTB, the rate and the ceiling are divided over the elements of the class. E.g. using a rate of 100 kb and a ceiling of 2000 kb for a class with 10 elements on a 100Mb NIC, the effect of the ceiling will be that if all elements are generating their maximimum possible trafic they will be effectively limited to ~ ceiling / number of elements, in this case

Hi, secfolks. While reading ip_input.c I have met following lines: ;------------------------------------------------- /* 127/8 must not appear on wire - RFC1122 */ if ((ntohl(ip->ip_dst.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET || (ntohl(ip->ip_src.s_addr) >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET) { if ((m->m_pkthdr.rcvif->if_flags & IFF_LOOPBACK) == 0) { ipstat.ips_badaddr++; goto bad; } } ;------------------------------------------- If we have such wonderful c...

Hi, I try to shape my incoming traffic. I have 2MBit/s DSL bandwith and the following ruleset (on the internal interface): $INT="eth1"; $INT_NET=192.168.1.0; $MAX_IN=2Mbps; dev $INT { egress { class (<$int>) if ip_src:24 == $INT_NET; class (<$ssh>) if tcp_sport == PORT_SSH; class (<$smtp>) if tcp_sport == PORT_SMTP; class (<$http>) if tcp_sport == PORT_HTTP; class (<$http>) if tcp_sport == PORT_HTTPS; class (<$nntp>) if tcp_sport == PORT_NNTP; class (<$nnt...