similar to: match ip dst works, match ip dport doens''t.

http://bugzilla.netfilter.org/show_bug.cgi?id=612 Summary: conntrack returns src, dst, dport and sport all zeroed Product: libnfnetlink Version: unspecified Platform: i386 OS/Version: other Status: NEW Severity: major Priority: P1 Component: libnfnetlink AssignedTo: laforge at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1202 Bug ID: 1202 Summary: Cannot match on both dport and sport in one nftables rule Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft

HTB performance improvement Hi all ! i''m looking at the performance of the HTB algorithm/implementation because i would like more packets/sec !! this is the scenario of the performance test: i''m using an embedded system with: SPEED CPU: 399,999 MHz RAM: 128 MByte FLASH: 16 MByte EEPROM: 8Kbyte PROCESSOR MPC8272 a lan to lan 10/100 and in particular we are sending

I thought that the below email would be of interest to LARTC readers. I wasted quite a bit of time tracking down this "feature" (bug?). Any comments that shed light on this would be appreciated. In short, "tc filter" + htb + bridging works only with ip_forward off. Andrew Athan ----------------------------------------------------------------------- All: It seems that

Hi, I have some interesting problem with htb , I set up root class and sub-classess: $TC qdisc add dev eth0 root handle 1: htb $TC class add dev eth0 parent 1: classid 1:1 htb rate 1990kbit ceil 2000kbit $TC class add dev eth0 parent 1:1 classid 1:10 htb rate 190kbit ceil 200kbit $TC class add dev eth0 parent 1:1 classid 1:11 htb rate 1400kbit ceil 1600kbit $TC class add dev eth0 parent 1:1

it's a normal desktop machines iptables firewall: If i want to block udp on dport 80 on the output chain, then is this enough? i want to only allow tcp on it! iptables -P OUTPUT DROP iptables -A OUTPUT -o $PUBIF --dport 80 -j ACCEPT or i need this rule? iptables -P OUTPUT DROP iptables -A OUTPUT -o $PUBIF -p tcp --dport 80 -j ACCEPT the second one is the good one? -------------- next

Hi, I have problem with this simple script: #!/bin/bash if [ "$1" == "del" ]; then tc qdisc del dev eth0 root handle 1: htb default 10 exit fi tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 800kbit ceil 900kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 300kbit ceil 600kbit tc class add dev eth0 parent 1:1

Dear all, I want to make a filter for all IRC-Dalnet traffic, so I want to put all traffic for port 6660, 6661, 6662, 6663, 6664, 6665, 6666, 6667, 6668, 6669, 7000, 7001, 7002, and 8000 to a class. So, I create a TC script as below. I''m sure, it is not effective, and we can write it in simpler. I need help, how to make my script below are simpler. The simpler, the better. Thank you

Reading along the Net it seems that MAC marking is not working with egress HTB (because ipables marks packages based on --mac-source ). So my only choice is using ingress or u32. So this is how I did it: I called bellow script add_shaping DEV="eth0" tc qdisc add dev $DEV root handle 1: htb default 20 tc class add dev $DEV parent 1: classid 1:1 htb rate 200kbps ceil 200kbps tc class

Hi again, I just ran into a seriously strange glitch, and was wondering if anybody had experienced this... I have an HTB class with an iptables classifier. The iptables classifier shows packets hitting the rule for this class. Now, HTB drops these packets (''dropped'' increases), even although the packets are small, and there are over 10000 tokens available. Is there any

How can i redirect all traffic that not come from port 80 to a flow ? i was thing about some like tc filter add dev imq1 parent 1: protocol ip prio 7 u32 match ip sport !80 ...... But this not work. Another doubt, if i have two rules that intersects , for example , one filter with u32 match ip src 10.10.10.10 flowid 1:10 and other with u32 match sport 80 0xffff flowid 1:11 , which one will

=== tc filter - based on iptables - MAC fw marking not working == DEV="eth1" tc qdisc add dev $DEV root handle 1: htb default 20 tc class add dev $DEV parent 1: classid 1:1 htb rate 600kbps ceil 3276800kbit tc class add dev $DEV parent 1:1 classid 1:15 htb rate 3kbps prio 4 tc class add dev $DEV parent 1:1 classid 1:20 htb rate 500kbps prio 3 tc qdisc add dev $DEV parent 1:15 handle

... do not work anymore. Anybody with a hint? I''ve got a fully functional HTB setup and just wanted to replace the kernel from 2.4.17 to 2.4.19. In the end the modified tc binary doesn''t recognize "tc filter add" (yet it does accept qdisc show and recognizes htb...) I''ve downloaded the 2.4.19 from kernel.org, iproute2 (2.4.7), installed the patches

Hi All Can someone tell me what am I doing wrong? These was suposed to catch icmp type 8. Why ''match u8'' does not work? # tc filter add dev eth0 protocol ip parent 1: prio 2 \ u32 \ match u16 0x0800 0xffff at -2 \ match u8 8 0xff at 20 \ flowid 1:5 Illegal "match" # # tc filter add dev eth0 protocol ip parent 1: prio 2 \ u32 \ match

Hi, as I promised in LARTC list I created patch for new connbytes match. It matches packets which bellongs to connection which transfered given range of bytes. For those interested it is at http://luxik.cdi.cz/~devik/connbytes/ It was originaly meant to be used with HTB or other qdisc to reclassify long download streams to lower prio class. devik

Dear all, I''m now developing the qos mechanism on my mechine. I have read the documents of both the web site "HTB Home" and "lartc.org". But it confuses me that what is the accurate definition of the argument "rate"? It seems to be "the minimum rate which is guaranteed for a class" in the user guide of HTB Home, but in the manpage of lartc.org

Hello. I have been trying to duplicate these u32 matching rules using TCNG, but without much success: tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32\ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 Wondershaper 1.1a implements this and if I run it things seem to be shaped as expected. But this TCNG

Hi, I have implemented qos at my gateway, mostly for speeding up dns and [video,voice] chat traffic and to slow down p2p traffic. It seems every thing is working properly, as by browsing speed has been improved. But I want to test it by sending various traffic and to see through which qdisc the traffic flows, so that i can be certain that it is working the way I want it to work. The rules

https://bugzilla.netfilter.org/show_bug.cgi?id=892 Summary: ip6tables --match policy needs to accept IPv4 addresses for --tunnel-src and --tunnel-dst Product: iptables Version: 1.4.x Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: ip6tables

Hi! There is one thing I can''t do. In my country we have to pay for "foreign" internet. Local internet is cheap and fast, but foreign is slow and expensive. So I want do following: mark every packet with iptables, where --set-mark 1 for foreign internet, but --set-mark 2 for local internet next when I got all traffic marking, I need to assign traffic to users so I make