Google
  Web www.spinics.net

Re: tc u32 match !port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Salatiel Filho wrote:
On 5/5/07, Andy Furniss <lists@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
Salatiel Filho wrote:

> Well , i am having a few troubles making this work.
> I have some like this in pseudo tc rulez :)
>  Root class
> Class 1 parent ROOT prio 0 filter u32 match sport 80 dst 10.0.0.254
>        Class 2 paret ROOT prio 0 filter u32 match dport 22
>        Class 3 parent ROOT prio 7 filter u32 match dst 10.0.0.254
>        default
>
> Shouldn't traffic from source port 80 and destination 10.0.0.254 go
> through class 1 ?
> I can not make a way to this work, traffic to 10.0.0.254 is always
> falling in to class 3 :/
> Am i missing something ?

prio 1 is the top prio for filters 0 ends up much lower.

I think two prio 1s should work in order of entry, but I would use 1 and
2 to be sure. I have seen reverse order of entry if you don't use prio
at all ...

tc -s filter ls dev $DEV parent X:Y

should help you see what's going on.

Andy.





Changed to this:

tc qdisc add dev imq1 root handle 1: htb default 5 r2q 1
tc class add dev imq1 parent 1: classid 1:5 htb rate 8kbit ceil 8kbit
prio 7 quantum 1500  # DEFAULT

tc class add dev imq1 parent 1: classid 1:2 htb rate 1024kbit ceil
1024kbit prio 0 quantum 1500
tc filter add dev imq1 parent 1: protocol ip prio 1 u32 match ip dst
192.168.10.1 match ip sport 80 0xffff flowid 1:2  # FROM HTTP DEST TO
192.168.10.1

tc class add dev imq1 parent 1: classid 1:3 htb rate 1024kbit ceil
1024kbit prio 0 quantum 1500
tc class add dev imq1 parent 1:3 classid 1:900 htb rate 1024kbit ceil
1024kbit prio 7 quantum 1500
tc filter add dev imq1 parent 1: protocol ip prio 7 u32 match ip dst
192.168.10.1 flowid 1:900 # ANY OTHER TRAFFIC TO 192.168.10.1

But all traffic is still flowing to 1:900  :/

Hmm that should work - as long as imq1 hooks in prerouting and after nat if it goes to 1:900 and not 1:5 I suppose it is seeing the address OK.

This is ingress traffic and you are downloading from an http server?

The way you have set up htb the classes won't share bandwidth.

What does tc -s filter ls dev imq1 show?

Andy.



_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Bugtraq]     [Fedora Legacy]     [GCC Help]     [Yosemite News]     [Yosemite Photos]     [IP Tables]     [Netfilter Devel]     [Fedora Users]

Powered by Linux