similar to: u32 mark hashing

Hello! I am glad to announce a patch for u32 to allow matches on nfmark. The patch is non intrusive (few lines). Why I did this? Because fw classifier cannot be used together with u32. For example, now, you cannot match a mark of 0x90 and a destination port of 80. I know you can do it with iptables to do the marking, but if you use Jamal actions to apply mark to policed packets, you need

Hello, Stephen, List! Attached is the patch for iproute2 to add the possibility to use fwmark in u32 filters. The kernel part was included in 2.6.10. Please apply! Thank you! For more info: - Kernel patch (not needed for 2.6.10): http://kernel.umbrella.ro/net/mark_in_u32/net-match-nfmark-in-u32.patch - Examples: http://kernel.umbrella.ro/net/mark_in_u32/examples.txt --- Catalin(ux aka Dino)

Is it possible to create 1 filter rule using fw selectors AND u32 selectors? Richard. -- ___________________________________________________________________ Recursion: see recursion +------------------------------------------------------------------+ | Richard Lucassen, Utrecht | | Public key and email address: | |

Hello list members, Finaly I''m here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don''t work at all for me. Let me explain a bit more in

iproute2 distribution in README.iproute2+tc includes toward the end an example of usage of syntax ''offset mask'' as follows: # Lookup hash table, if it is not fragmented frame # Use protocol as hash key $TC filter add dev eth1 parent 1:0 prio 5 handle ::1 u32 ht 800:: \ match ip nofrag \ offset mask 0x0F00 shift 6 \ hashkey mask 0x00ff0000 at 8 \ link 1: Also, identical

hello... 1. Is it possible using u32 to filter marked packets? I have found only documents to fw filter to filter marked packets... 2. If u32 cannot filter marked packets is it possible to use fw and u32 together? I wanted to filter packets marked by iptables by fw, and packets depended on ip destination, src and others by u32, but something goes wrong :( the filters configuration is: $TC

Greetings, I have been reading the list for a little while now, but this is the first occasion I have had to post--of course, because of a problem. My problems began when I upgraded my RedHat 9 system to 2.6.10 from source. Aside from some other booting issues and things, all of which appear to be resolved, the only things NOT working are my scripts for traffic control. I get a whole host of

I''m hashing on a non-octet boundary, and it doesn''t seem to be working. I''ve got this set of filters, that does work: # root tc filter add dev eth1 \ parent 1: protocol ip prio 2 \ u32 # ht tc filter add dev eth1 \ parent 1: protocol ip prio 2 \ handle 2: \ u32 divisor 256 # flow tc filter replace dev eth1 \

why if I place a fw filter on root I cant place the u32 filter with the same prio. filter add ... parent root prio 1 fw ... filter add ... parent root prio 1 u32 ... <-gives error, but filter add ... parent root prio 2 u32 .x.x.x.1. filter add ... parent root prio 2 u32 x.x.x.1 no problem with this... I know that the priorities tells the order at which to check them(is the order

Hello all, this is my first post here. Sorry for my english. Gentoo LAN router, 2.4.26-hardened-r2 There are 2 WAN links, one LAN link. I am doing some iptables/routing/tc magic in my scripts. What''s interesting is marking packets traveling from all IP''s in LAN. Interesting commands are: ------------- for ip in `seq 50`; do $IPTABLES -t mangle -A FORWARD -o eth2 -d

Hi there, I''m having a bit of a headache because of the u32 filter with hashing... My router administration system updates filter configuration differentially. Therefore I need to delete filters sometimes. I know that by deleting root class I''d make all filters go away, but I can''t use that option in this particular case. When I delete even a single u32 hashed filter I

Hi all, I am a newbie and I have not played a lot with tc utility. I have red maybe everything that has to do with massive filtering (maybe not everything). If you can help me on this I would appriciate that very much. I use tc utility with iproute2-ss040831. I want to limit bandwidth for the 192.168.0.0/16 subnet using this script. tc qdisc del dev eth0 root tc qdisc add dev eth0 root

Hi All I''d like to use an iptables mark together with u32 filter. Something like this, for instance: tc filter add dev imq0 protocol ip parent 1:0\ prio 2 handle 55\ u32 match u8 1 0xff at 0x09 flowid 1:22 (all icmp packets marked with 55 goes to class 1:22) But I got ''Illegal filter ID'' as answer. Is this combination possible? -- Ethy H. Brito /"\

Hello, I''m having some trouble with the u32 port match and that is when specifying a mask. tc filter add prio 1 dev ppp1 parent 2:0 protocol ip u32 match ip dst 0.0.0.0/0 match ip protocol 17 0xff match ip dport 27015 0xffff flowid 2:4 Using 27015 0xffff works just fine, all packets to dport 27015 go to 2:4 tc filter add prio 1 dev ppp2 parent 2:0 protocol ip u32 match ip dst

On Sat, 17 Dec 2005, Andy Furniss wrote: > The u8 test works OK for me as does the one below. My mistake. I cleaned the rules and removed the ones that collided with the u8 one. There is no error on this. (see explanation bellow). > > When playing with tc filters I always tc qdisc del dev eth0 root and enter > the whole lot again between tests. I always took that as mandatory.

Hi, New to traffic shaping I would like to make some tests. It''s for a production server (fw), using 2.4.27 kernel. Something is not clear to me about HTB... is the last stable version included in the 2.4.27 kernel and iproute2 (iproute2-2.6.8-040823.tar.bz2) ? Are there special patches to apply ? EC. _______________________________________________ LARTC mailing list /

Hello, I just compiled a new kernel.iptable/iproute2 to fresh up my router. There is a little problem... The fw classifier does not work in tc. I read some note found in the source of iproute2 and it says: "* To use "fw" classifier you will need ipfwchains patch." I can''t find this patch. Do you have it? Is there any other way to implement the "fw"

Hi all, After reading a lot and searching on the INternet, I want to filter ASP and/or AH traffic According to /etc/protocols ESP and AH are IP protos 50 and 51 so this u32 filter should work ? (I can use fw filter because the firewall/VPN can''t mark pakets :-( tc filter add dev ethX parent X:0 protocol ip prio X u32 match ip protocol 50 0xff flowid X:XX ? Can someone confirm this ?

Hello. I have eth1 for WAN(0.0.0.0) and eth0 for LAN (192.168.10.0/24), need to setup that local user get access to $LOCAL_IP network and ip 192.168.10.2, 192.168.10.3 (will be more in future) to internet, but bandwidth to $LOCAL_IP is 128kbps and for internet is 8kbps. i wrote rc.firewall #!/bin/bash #env IPTABLES="/usr/sbin/iptables" LOCAL_IP="62.64.80.0/21 62.221.38.0/24

Hello, I am trying to shape p2p trafik to 256kbps on my dsl line. I wrote this set of commands: DEV=eth2 ip link set imq0 up tc qdisc add dev imq0 root handle 1:0 htb default 21 r2q 2 tc class add dev imq0 parent 1:0 classid 1:1 htb rate 530kbit tc class add dev imq0 parent 1:1 classid 1:20 htb rate 530kbit ceil 530kbit prio 0 tc class add dev imq0 parent 1:1 classid 1:21 htb rate 64kbit