similar to: fw mark and policers on 2.6 not working ?

Hello list members, Finaly I''m here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don''t work at all for me. Let me explain a bit more in

Hi, So far, if have understand correctly: I route the incoming tcpip message of port 8099 directly to 8080 and then the ingress filter on port 8099 has nothing to do!? Yes I think on different interface on one machine (different Ports for different Request, with different restriction). What has exactly to be done to set the policier before Prerouting! Which kernel options, or also extra

I tried installing the WonderShaper on my internal link, mostly to get the SFQ installed. I set uplink and downlink to 100000 to match the link speed and changed the bandwidth on the cbq line to 100mbit. This killed transfer speed *to* the box, knocking it from 30-40 Mbps down to about 800 kbps. Commenting out just the ingress control restored the speed. What about the ingress policer would do

Hi, Thanks for the fast response, .)Okay I tried your suggestion for my port 8099 and nothing happened: The tcp ip information goes from a firewall to my port 8099 and this port is than routed to the original 8080, I do that because I don`t want to dirturb my port 8080. But it seams the ingress filter doesn`t work on it!! iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt

Hi, I am trying to do some simple ingress limiting based on fwmark. I know the ability and sense to do INGRESS limiting is ehm... limited ;-) but still I want to try it. I tried several things. === 1 === tcq ingress handle ffff: tcf parent ffff: protocol ip prio 1 handle 1 fw police rate 12mbit burst 10k drop tcf parent ffff: protocol ip prio 1 handle 2 fw police rate 10mbit burst 10k drop

Hi all, ive got 2 internet connections set up via the nano howto (which are working great) and we are running NAT. Was looking in to qos mainly to stop large http downloads/ftp downloads from hogging the line so that browsing for other users doesnt slow to a crawl, but if the line is free and no one is doing anything then for it to use the available bandwith. The wondershaper sounded exactly what

I would like to test police in ingress. I use kernel 2.4.20. I use this configuration: iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1001 -j MARK --set-mark 1 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1002 -j MARK --set-mark 2 iptables -t mangle -A PREROUTING -i eth0 -s 10.31.12.2 -d 10.31.11.2 -p udp --dport 1003 -j

Hi, My problem is following now: I would like to set the filters for port 8099. I have tried it, but nothing happened. When I try the same filter for the port 8080 it is working very well. .) working filter (here I can see the dropped packages): tc filter add dev eth0 parent ffff: protocol ip u32 match ip dport 8080 0xffff police rate 1kbit burst 1 drop flowid :1 .) not working filter (here I

Hi ! I wanted to shape my analog modem connection so I took these two lines from the ''wondershaper'' script: tc qdisc add dev $DEV handle ffff: ingress #tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip \ src 0.0.0.0/0 police rate ${DOWNLINK} burst 10k drop flowid :1 with DEV=ppp0 and DOWNLINK=24kbit. But, when I activate it, nothing comes back from the

I am currently using the ultimate-tc script from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html and I want to make sure that internet radio packets (mp3 streaming audio) will always get through no matter what. I have added some iptables commands like this: iptables -A OUTPUT -t mangle -p tcp --dport 8000 -j TOS --set-tos Minimize-Delay iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j

I''m trying to shape traffic on a Devil-Linux box. This note was originally sent to their maillist, because the LARTC list appears to have been down for the past few days. My mailbox was just flooded with a half dozen or so confirmation requests in response to my repeated attempts to subscribe to this list. ---------- Forwarded message ---------- From: drew einhorn

Hi, The problem is this is my goal to use the policier and not the iptables. Because with the policier i think you can give more rules and restrictions to the incoming tcpip traffic. So I would prefer to use the policier and not the iptables. Thanks Gernot > GRAMES Gernot > __________________________________ > SIEMENS AG Austria > PSE SMC AI 21 > * Tel.: +43 (0) 5 1707

Hello, Stephen, List! Attached is the patch for iproute2 to add the possibility to use fwmark in u32 filters. The kernel part was included in 2.6.10. Please apply! Thank you! For more info: - Kernel patch (not needed for 2.6.10): http://kernel.umbrella.ro/net/mark_in_u32/net-match-nfmark-in-u32.patch - Examples: http://kernel.umbrella.ro/net/mark_in_u32/examples.txt --- Catalin(ux aka Dino)

Hello list! In am stuck in getting the wondershaper script working. The last line of the script (tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 1800kbit burst 10k drop flowid :1) produces the following error: RTNETLINK answers: Invalid argument Could somebody please give me a hint on how to fix this? Regards, borghart

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all! when I activate wondershaper on my dsl connection (pppoa vc mux), i get three errors: # sh -x /usr/sbin/wshaper ppp0 + /usr/sbin/xmlstarter setenv tc_downlink + DOWNLINK= + /usr/sbin/xmlstarter setenv tc_uplink + UPLINK= + [ -z ] + cat /proc/avalanche/avsar_modem_stats + grep Connection Rate + awk {printf("%d", $8)} +

Hi, I have a question about policy filters. All I want is incoming traffic being restricted to a specific rate. At the moment, I get way lower rates than specified. So far, I did use a filter much like Wondershaper does: tc filter add dev $DEV parent ffff: protocol ip prio 50 \ u32 match ip src 0.0.0.0/0 \ police rate ${DOWNLINK}kbit burst 10k drop flowid :1

[I sent this earlier but I guess the list is subscriber-only?] I just set up wondershaper, it has a simple filter on the downstream direction to limit the bandwidth usage: tc qdisc add dev $DEV handle ffff: ingress tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1 This is effective but is there any way to

Hi stef and all I want measure the policy perfomance for video traffic on mpls diffserv network. there are two different polices for video packet 1. Video packets that are marked that are over the limit are to be rejected at the edge router. 2. Video packets that are marked that are over the limit are to be downgraded as best effort and are sent through. Before video enter my mpls

Hello everybody on the list, I have the following situation where I want to police the speed of incoming packets from specific subnets to 1024kbps and then police all the rest to 256kbps, which is the speed my ISP grants for the rest of the internet. So, eth1 is the one connected to the cable modem and then to the internet. I do: tc qdisc add dev eth1 ingress handle ffff: then: tc filter

I''m having trouble getting ingress policing to work on a bridged device. The bridge contains several interfaces: peth0, vif0.0, vif[1-7]0.1, vif[25].1 . (This is under xen, in case the vif''s didn''t give that away, so peth0 is renamed eth0.) The tc rules I have are: tc qdisc del dev peth0 root tc qdisc del dev peth0 ingress handle ffff: tc qdisc add dev peth0 root