Hello All, I would like to mark some packets for traffic shaping based on size of packet AND ToS in the tcrules file. I saw the use of tos-minimize-delay in tcclasses, but that will not allow any other criteria - i.e., if I will not be able to say packets less than 100bytes AND ToS = minimize-delay. I was wondering if the ''TEST'' column could be used for this purpose, but could not find any documentation on how I could use it at http://shorewall.net/traffic_shaping.htm Could someone please point me to the right documentation, or give me an example which I could adapt and use? Thanks in advance, Prasanna. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Prasanna Krishnamoorthy wrote:> Hello All, > > I would like to mark some packets for traffic shaping based on size of > packet AND ToS in the tcrules file. > > I saw the use of tos-minimize-delay in tcclasses, but that will not > allow any other criteria - i.e., if I will not be able to say packets > less than 100bytes AND ToS = minimize-delay. > > I was wondering if the ''TEST'' column could be used for this purpose, > but could not find any documentation on how I could use it at > http://shorewall.net/traffic_shaping.htm > > Could someone please point me to the right documentation, or give me > an example which I could adapt and use? > > Thanks in advance,You will have to use 3.2.0 Beta to get that functionality -- in 3.2, the tcrules file is extended to include a LENGTH column. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 5/1/06, Tom Eastep <teastep@shorewall.net> wrote:> Prasanna Krishnamoorthy wrote: > > Hello All, > > > > I would like to mark some packets for traffic shaping based on size of > > packet AND ToS in the tcrules file. > > > > I saw the use of tos-minimize-delay in tcclasses, but that will not > > allow any other criteria - i.e., if I will not be able to say packets > > less than 100bytes AND ToS = minimize-delay. > > > > I was wondering if the ''TEST'' column could be used for this purpose, > > but could not find any documentation on how I could use it at > > http://shorewall.net/traffic_shaping.htm > > > > Could someone please point me to the right documentation, or give me > > an example which I could adapt and use? > > > > Thanks in advance, > > You will have to use 3.2.0 Beta to get that functionality -- in 3.2, the > tcrules file is extended to include a LENGTH column. > > -TomThanks! Could you tell me what exactly the ''TEST'' functionality in tcrules can be used for? Regards, Prasanna. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Prasanna Krishnamoorthy wrote:> On 5/1/06, Tom Eastep <teastep@shorewall.net> wrote:> > Could you tell me what exactly the ''TEST'' functionality in tcrules can > be used for? >It can be used to match against the current packet or connection mark values. Isn''t that clear from the description of the column in the file and in the traffic shaping documentation? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 5/1/06, Tom Eastep <teastep@shorewall.net> wrote:> Prasanna Krishnamoorthy wrote: > > On 5/1/06, Tom Eastep <teastep@shorewall.net> wrote: > > > > > Could you tell me what exactly the ''TEST'' functionality in tcrules can > > be used for? > > > > It can be used to match against the current packet or connection mark > values. Isn''t that clear from the description of the column in the file > and in the traffic shaping documentation?I guess I''m being a bit obtuse here, but I could definitely use an example. Can I match the value against the whole packet, or packet header? If I want to match a particular ToS value how could I do that? I''m sorry, but I haven''t been able to find an example of this anywhere, and I''m unable to imagine what matching against ''the current packet or connection mark'' would mean, and how it would be done. Could you please give me an example? Thanks! Prasanna.> > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > >------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Prasanna Krishnamoorthy wrote:> On 5/1/06, Tom Eastep <teastep@shorewall.net> wrote: >> Prasanna Krishnamoorthy wrote: >> > On 5/1/06, Tom Eastep <teastep@shorewall.net> wrote: >> >> > >> > Could you tell me what exactly the ''TEST'' functionality in tcrules can >> > be used for? >> > >> >> It can be used to match against the current packet or connection mark >> values. Isn''t that clear from the description of the column in the file >> and in the traffic shaping documentation? > I guess I''m being a bit obtuse here, but I could definitely use an > example. Can I match the value against the whole packet, or packet > header? If I want to match a particular ToS value how could I do that? > > I''m sorry, but I haven''t been able to find an example of this > anywhere, and I''m unable to imagine what matching against ''the current > packet or connection mark'' would mean, and how it would be done. > > Could you please give me an example? > >There is a complete example in the comments in the the current 3.0 tcrules file: http://svn.sourceforge.net/viewcvs.cgi/shorewall/branches/3.0/Shorewall/tcrules?view=markup&rev=3622 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Prasanna Krishnamoorthy wrote:>> >> Could you please give me an example? >> >> > > There is a complete example in the comments in the the current 3.0 > tcrules file: > > http://svn.sourceforge.net/viewcvs.cgi/shorewall/branches/3.0/Shorewall/tcrules?view=markup&rev=3622 >I''ve updated the Traffic Shaping documentation to include this example and I''ve also added some more explanation of packet marks and connections marks. Hopefully this helps. see http://www1.shorewall.net/traffic_shaping.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On 5/2/06, Tom Eastep <teastep@shorewall.net> wrote:> Tom Eastep wrote: > I''ve updated the Traffic Shaping documentation to include this example > and I''ve also added some more explanation of packet marks and > connections marks. Hopefully this helps. > > see http://www1.shorewall.net/traffic_shaping.htmThanks! I very much appreciate your patience in dealing with my queries. Is there any way now, or some feature planned in the future, to allow for ToS matching in tcrules? Or is there any other way to add a rule which says ToS packets from this IP address alone would be given this mark? Regards, Prasanna. ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Prasanna Krishnamoorthy wrote:> On 5/2/06, Tom Eastep <teastep@shorewall.net> wrote: >> Tom Eastep wrote: >> I''ve updated the Traffic Shaping documentation to include this example >> and I''ve also added some more explanation of packet marks and >> connections marks. Hopefully this helps. >> >> see http://www1.shorewall.net/traffic_shaping.htm > > Thanks! I very much appreciate your patience in dealing with my queries. > > Is there any way now, or some feature planned in the future, to allow > for ToS matching in tcrules? Or is there any other way to add a rule > which says ToS packets from this IP address alone would be given this > mark?TOS matching is already there. And the SOURCE column in the tcrules file may be used to specify a source IP address. Which version of Shorewall are you running? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Prasanna Krishnamoorthy wrote: >> On 5/2/06, Tom Eastep <teastep@shorewall.net> wrote: >>> Tom Eastep wrote: >>> I''ve updated the Traffic Shaping documentation to include this example >>> and I''ve also added some more explanation of packet marks and >>> connections marks. Hopefully this helps. >>> >>> see http://www1.shorewall.net/traffic_shaping.htm >> Thanks! I very much appreciate your patience in dealing with my queries. >> >> Is there any way now, or some feature planned in the future, to allow >> for ToS matching in tcrules? Or is there any other way to add a rule >> which says ToS packets from this IP address alone would be given this >> mark? > > TOS matching is already there. And the SOURCE column in the tcrules file > may be used to specify a source IP address. Which version of Shorewall > are you running?Please disregard this -- Haven''t had my coffee yet. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Prasanna Krishnamoorthy wrote:> > Is there any way now, or some feature planned in the future, to allow > for ToS matching in tcrules? Or is there any other way to add a rule > which says ToS packets from this IP address alone would be given this > mark?There is no way to do that and I don''t have any plans right now to extend the tcrules file for 3.2. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Prasanna Krishnamoorthy wrote: > >> Is there any way now, or some feature planned in the future, to allow >> for ToS matching in tcrules? Or is there any other way to add a rule >> which says ToS packets from this IP address alone would be given this >> mark? > > There is no way to do that and I don''t have any plans right now to > extend the tcrules file for 3.2.It turned out to be trivial to add a TOS column to tcrules -- change is in SVN in shorewall/trunk/Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key