|
iptables packet marking and hfsc
The thing is that only last tc filter is working. When i change them places always last is working for whole
traffic for 192.168.2.202 I'm testing it with only one pc I----HFSC.
LAN_ETH='eth0'
iptables -t mangle -A PREROUTING -i $LAN_ETH -j IMQ --todev 0
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m layer7 --l7proto ssh -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -m mark --mark 0x2 -j CONNMARK --save-mark
iptables -t mangle -A POSTROUTING -m mark --mark 0x2 -j RETURN
ip link set imq0 up
ip link set imq1 up
tc qdisc add dev imq0 root handle 1:0 hfsc default 2
tc class add dev imq0 parent 1:0 classid 1:1 hfsc ls m2 99000kbit ul m2 99000kbit
tc class add dev imq0 parent 1:1 classid 1:2 hfsc ls m2 96000kbit ul m2 96000kbit
tc class add dev imq0 parent 1:1 classid 1:3 hfsc ls m2 2000kbit ul m2 2000kbit
tc class add dev imq0 parent 1:2 classid 1:4 hfsc ls m2 20kbit ul m2 20kbit
#tc qdisc add dev imq0 parent 1:3 esfq perturb 10 hash dst
#tc qdisc add dev imq0 parent 1:2 esfq perturb 10 hash dst
tc class add dev imq0 parent 1:3 classid 1:100 hfsc ls m2 700kbit ul m2 700kbit
tc qdisc add dev imq0 parent 1:100 esfq perturb 5 hash dst
#tc class add dev imq0 parent 1:100 classid 1:1001 hfsc rt m1 700kbit d 2s m2 500kbit ls m2 500kbit ul m2 700k$
tc class add dev imq0 parent 1:100 classid 1:1001 hfsc ls m2 100kbit ul m2 100kbit
tc class add dev imq0 parent 1:100 classid 1:1002 hfsc ls m2 300kbit ul m2 500kbit
tc filter add dev imq0 protocol ip preference 1 parent 1:0 handle 0x2 fw flowid 1:1001
tc filter add dev imq0 protocol ip preference 2 parent 1:0 u32 match ip dst 192.168.2.202 flowid 1:1002
Last edited by xanax; 02-18-2007 at 11:44 PM.
|
