similar to: Can I Classify Non-IP Traffic?

Hi; I was wondering about splitting my Ethernet in different Vlan. But is there any functionality in iptables, or any other tools, witch I can use to match a specific Vlan? I was thinking about marking this packet and then classify it to a appropriate queue. Another question is: How many packages can a ordinary pfifo queue hold?? Say, packets that are used are full Ethernet frame.

Hi I''ve searched the archive for a solution where I want to limit/shape WLAN users. I only know''s their MAC, because they get their IP from dhcp. > Why not, just use negative offsets with U32 to access >the 14-byte eth frame header before the IP header: > >Decimal Ofs Description >----------------------------------- >-14: DST MAC, 6 bytes >-8: SRC MAC, 6

Hi, I discover recently that the arp traffic is managed like any other flow. So you get hang after a moment if you don''t use a default class. Is the any means to avoid this ? Not to have a default class is a way to filter traffic ... One would be to managed to class ARP request with tc but I don''t know if it is possible. Thanks in advance, -- Éric Leblond courriel :

Hello list, I just wonder if someone did any performance tests (speed of processing the packets) or maybe could advise about this two scenario: 1. packets are marked with iptables and processed by tc using filters 2. packets are sent by iptables directly to tc using CLASSIFY chain, thus avoiding the tc filters I had some thinking about these two ways of dealing with egress traffic and my

Dear all, I am facing problem in restricting upload traffic on fake ip address 10.0.0.0/8 network. I can easily restrict upload traffic on my real ip address. eth0 --wan port connected to internet eth1 --lan port connect to local network my script on eth1 is working properly bcoz it is for downlink traffic this is the script which is having problem.

OK - this is starting to get frustrating... Are there any known issues with 2.6.9 and traffic shaping? I am using 2.6.9 with geoip 20041115, and get odd oopses. The following script oopses my box: ----------------------------------------------------- #!/bin/sh -x IFOUT=''eth1'' IFIN=''eth0'' TC=''/sbin/tc''

Hi Is there a way of marking packets by mac address instead of ip or ports using a "tc filter u32 match"? I read somewhere that I could use the offset -8 and -14 to grab the mac addresses but if I use anything lower than -8, for example -9, I get an error. I''m modifying the wondershaper script to cap the download speed by mac address. Any sugestions?

Hi All, I''ve been playing with QOS for a short while now and have worked out how to do what I want using HTB. Great queuing discipline btw. My problem is the tc filters I want to setup aren''t working because iptables is getting to the packets first and mangling the src address. The iptables script I am using is MonMotha''s Firewall 2.3.8 and it includes lots of nice

Hi again, I keep posting about my problem with HTB -> http://mailman.ds9a.nl/pipermail/lartc/2005q3/016611.html With a bit of search I recently found the exact same problem I have in the 2004 archives with some graphs that explain it far better than I did -> http://mailman.ds9a.nl/pipermail/lartc/2004q4/014519.html and http://mailman.ds9a.nl/pipermail/lartc/2004q4/014568.html

Hi all, based on the information in the "Linux Advanced Routing & Traffic Control HOWTO", I was trying to set up traffic shaping on my firewall. While I found the HOWTO very useful, in the process I ran into some problems that I did not forsee: According to the HOWTO it seems that it should have worked, even after spending some time going through the sections looking for answers,

How i can classify sip traffic (voip)?? I try dst 5060 udp port, but dont''work. sip sesion use dynamic port. Sniffing packets with windows net-peeker, I see that packets lenghts is always=87 How i can filter, by packet lenght, with u32? Regards Fabian

Could someone comment on the benefits of using CLASSIFY vs fwmark (or vice versa) in iptables? I''m getting ready to implement some basic tc for VoIP and most of the examples seem to use the (older?) fwmark syntax. Should I convert these to CLASSIFY? Can the two syntaxes be mixed? Also with U32? TIA, Edwin -- <=+=+=+==+=+=+==+=+=+=+=+=+=+=+=> Edwin Whitelaw, P.E. New River

I am trying to shape a client (somewhat advanced). This is my target: Client is 192.168.2.224. I would like to allow him to download with 500000 bits/sec in general. But, for a specific port(say 22), i would like him to download with 300000 bit/sec only. The problem is that my configuration (maybe wrong) allows him to download with 800000 bit/sec. (500000 generally + 300000 on port 22) I thought

Where can I find information on the CLASSIFY target? I saw it in some examples people posted on this list, but I cannot find it in the LARTC Howto or with Google. I need to classify packets into PRIO queues based on iptables rules. I am currently setting MARKs during classification. Unfortunately, if I understand correctly u32 cannot see marks because they''re not in the packet, so my

This problem is driving nuts, so I am seeking help here. Your help will be deeply appreciated. I have made myself a Linux bridge with eth1 and eth0 to form br0. Then I run a script to configure tc with htb on it. But I can never match non-icmp traffic ( such as tcp and udp ) with TOS or DSCP values such as 0x68. The full story as follows :- 1. On the source testing machine, I do this to set

I have to match my packets based on MAC address, which I cannot do in the POSTROUTING chain, so I do it in PREROUTING using MARK. Then, I match on the MARK in the POSTROUTING chain to do a CLASSIFY. But this does not seem to work: wireless-r1 bwlimit # iptables -L -v -n -t mangle Chain PREROUTING (policy ACCEPT 3353K packets, 941M bytes) pkts bytes target prot opt in out source

hello, i have a question: - which one is faster: "tc filter with u32 match per dst ip" or "iptables match per dst ip with target CLASSIFY"? - this question is for large rulesets (over 500) thank you, cristian carstea

Hi all, I have setup two multipath route tables on my system for doing failover routing, What I want it''s that if GW at route1 of the MP is dead, traffic goes by route2, for doing that I have created the multipath routes as follows: ip route add table mail.traffic proto static nexthop via ${GW1} dev eth1 weight 1 nexthop via ${GW2} dev eth1 weight 250 But it does not run as I

Hello every one! I''m making a project to a discipline in the university and the project is make a Linux router that grants QoS to Multimedia connections (the prof. say we can use Open Source Soft. :) or reinvent the wheel). I have been googeling and googeling and i found the l7-filter in source forge and the spectacular simple language that is TCNG. Well the problem is how can i

As seen on my post at: http://www.sveasoft.com/modules/phpBB2/viewtopic.php?p=28112#28112 This works very well... It does NOT work with stable 4.0! sveasoft will be issuing a bug fix for this (4.1) in the near future. Final Rev of working script w/ asterisk support I'm not going to run alchemy on production machines until it is stablish. Remember to set your uplink properly and to set