Hello Tom, On the page 'http://lwn.net/Articles/313328/' i found info about changes in 'cls_flow.c' in kernel-2.6.29: net/sched/cls_flow.c | 4 +- and may be now it will work properly to everyone's entertainment. Thank you, Alex --- Прогноз погоды ТУТ - http://pogoda.tut.by ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
alex wrote:> Hello Tom, > On the page ''http://lwn.net/Articles/313328/'' i found info about changes > in ''cls_flow.c'' in kernel-2.6.29: > > net/sched/cls_flow.c | 4 +- > > and may be now it will work properly to everyone''s entertainment.The changes to cls_flow.c are unlikely to change its behavior. I notice, though, that there have been significant changes to sch_sfq.c between 2.6.25 (which I am running) and 2.6.29. Those might have an effect. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
alex wrote:> Hello Tom, > On the page ''http://lwn.net/Articles/313328/'' i found info about changes > in ''cls_flow.c'' in kernel-2.6.29: > > net/sched/cls_flow.c | 4 +- > > and may be now it will work properly to everyone''s entertainment.I have found that the following works ok for me: - Outbound filtering -- flow=ncft_src - Inbound filtering -- flow=dst Check out the article at http://www.wlug.org.nz/TrafficControl. It talks about the ''100% packet loss'' issue. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there''s a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you''ll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
>> Hello Tom, >> On the page 'http://lwn.net/Articles/313328/' i found info about >>changes >> in 'cls_flow.c' in kernel-2.6.29: >> >> net/sched/cls_flow.c | 4 +- >> >> and may be now it will work properly to everyone's entertainment. > > I have found that the following works ok for me: > > - Outbound filtering -- flow=ncft_src > - Inbound filtering -- flow=dst > > Check out the article at http://www.wlug.org.nz/TrafficControl. It talks > about the '100% packet loss' issue.Thanks Tom, Very useful and smart information and investigations, but how actual? I didn't find any descriptions of the versions of the tested products. Did you try to discuss these defects with Perry Lorier? If i understand you correct, you already have production (working) version of 'cls_flow' control realization in Shorewall but also have some doubts about its behavior on other configurations? Here i can tell that Perry in his article talk about many pitfalls in 'tc' realization but you use almost all its features in Shorewall long time without any disaster. Thank you very much, Alex --- Прогноз погоды ТУТ - http://pogoda.tut.by ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
alex wrote:>>> Hello Tom, >>> On the page ''http://lwn.net/Articles/313328/'' i found info about >>> changes >>> in ''cls_flow.c'' in kernel-2.6.29: >>> >>> net/sched/cls_flow.c | 4 +- >>> >>> and may be now it will work properly to everyone''s entertainment. >> I have found that the following works ok for me: >> >> - Outbound filtering -- flow=ncft_src >> - Inbound filtering -- flow=dst >> >> Check out the article at http://www.wlug.org.nz/TrafficControl. It talks >> about the ''100% packet loss'' issue. > > Thanks Tom, > Very useful and smart information and investigations, but how actual? > I didn''t find any descriptions of the versions of the tested products. > Did you try to discuss these defects with Perry Lorier?No.> If i understand you correct, you already have production (working) > version > of ''cls_flow'' control realization in Shorewall but also have some doubts > about its behavior on other configurations? Here i can tell that Perry in > his > article talk about many pitfalls in ''tc'' realization but you use almost all > its features in Shorewall long time without any disaster.I have this working in 4.3.10+. The key thing, which I got out of Perry''s article, was to set ''protocol all''. The code in 4.2.8 still has ''protocol ip''. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there''s a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you''ll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com