-----Original Message-----
From: Patrick McHardy [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 01, 2006 2:23 PM
To: Eliot, Wireless and Server Administrator, Great Lakes Internet
Cc: [email protected]; Netfilter Development Mailinglist
Subject: Re: [LARTC] iptables CLASSIFY and MARK not working?
> Eliot, Wireless and Server Administrator, Great Lakes Internet wrote:
> > However, this still does not work:
> >
> > Chain POSTROUTING (policy ACCEPT 812K packets, 441M bytes)
> > pkts bytes target prot opt in out source
> > destination
> > 2071 129K CLASSIFY all -- * br1 0.0.0.0/0
> > 0.0.0.0/0 MARK match 0x1fe CLASSIFY set 1c7:0
> > 2 521 CLASSIFY all -- * br1 0.0.0.0/0
> > 0.0.0.0/0 MARK match 0x1ff CLASSIFY set 1c8:0
> > 0 0 CLASSIFY all -- * br1 0.0.0.0/0
> > 0.0.0.0/0 MARK match 0x200 CLASSIFY set 1c9:0
> > 2760 4060K CLASSIFY all -- * wivl4 0.0.0.0/0
> > 0.0.0.0/0 MARK match 0x1fe CLASSIFY set 1db:0
> > 3 500 CLASSIFY all -- * wivl4 0.0.0.0/0
> > 0.0.0.0/0 MARK match 0x1ff CLASSIFY set 1dc:0
> > 0 0 CLASSIFY all -- * wivl4 0.0.0.0/0
> > 0.0.0.0/0 MARK match 0x200 CLASSIFY set 1dd:0
> >
> >
> > wireless-r1 bwlimit # tc -s qdisc show dev wivl4
> > qdisc hfsc 5: default 2
> > Sent 8554815 bytes 7797 pkt (dropped 6, overlimits 13 requeues 0)
> > rate 0bit 0pps backlog 0b 0p requeues 0
> > qdisc sfq 1db: parent 5:1fe limit 128p quantum 1514b
> > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> > rate 0bit 0pps backlog 0b 0p requeues 0
> > qdisc sfq 1dc: parent 5:1ff limit 128p quantum 1514b
> > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> > rate 0bit 0pps backlog 0b 0p requeues 0
> > qdisc sfq 1dd: parent 5:200 limit 128p quantum 1514b
> > Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
> > rate 0bit 0pps backlog 0b 0p requeues 0
>
>
> I already told you why this doesn't work, you have to classify to
> the _classes_, not the qdiscs.
These rules make it go to the classes instead of the qdisc:
- Adding rules to classify traffic on br1 ...
- iptables -A POSTROUTING -t mangle -o br1 -m mark --mark 0x1FE -j
CLASSIFY --set-class 0x5:0x1FE
- iptables -A POSTROUTING -t mangle -o br1 -m mark --mark 0x1FF -j
CLASSIFY --set-class 0x5:0x1FF
- iptables -A POSTROUTING -t mangle -o br1 -m mark --mark 0x200 -j
CLASSIFY --set-class 0x5:0x200
- Adding rules to classify traffic on wivl4 ...
- iptables -A POSTROUTING -t mangle -o wivl4 -m mark --mark 0x1FE -j
CLASSIFY --set-class 0x5:0x1FE
- iptables -A POSTROUTING -t mangle -o wivl4 -m mark --mark 0x1FF -j
CLASSIFY --set-class 0x5:0x1FF
- iptables -A POSTROUTING -t mangle -o wivl4 -m mark --mark 0x200 -j
CLASSIFY --set-class 0x5:0x200
Chain POSTROUTING (policy ACCEPT 887K packets, 495M bytes)
pkts bytes target prot opt in out source
destination
8662 508K CLASSIFY all -- * br1 0.0.0.0/0
0.0.0.0/0 MARK match 0x1fe CLASSIFY set 5:1fe
14 8253 CLASSIFY all -- * br1 0.0.0.0/0
0.0.0.0/0 MARK match 0x1ff CLASSIFY set 5:1ff
0 0 CLASSIFY all -- * br1 0.0.0.0/0
0.0.0.0/0 MARK match 0x200 CLASSIFY set 5:200
845 222K CLASSIFY all -- * wivl4 0.0.0.0/0
0.0.0.0/0 MARK match 0x1fe CLASSIFY set 5:1fe
22 5286 CLASSIFY all -- * wivl4 0.0.0.0/0
0.0.0.0/0 MARK match 0x1ff CLASSIFY set 5:1ff
0 0 CLASSIFY all -- * wivl4 0.0.0.0/0
0.0.0.0/0 MARK match 0x200 CLASSIFY set 5:200
And yet, still nothing hits the classes:
wireless-r1 ~ # tc -s class show dev wivl4
class hfsc 5: root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 1
class hfsc 5:1fe parent 5: leaf 1db: sc m1 400000bit d 30.0ms m2
128000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 5:1 parent 5: sc m1 0bit d 2.6ms m2 30000Kbit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 5:1ff parent 5: leaf 1dc: sc m1 2560Kbit d 2.0s m2 512000bit
ul m1 2560Kbit d 2.0s m2 2048Kbit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 5:2 parent 5: ls m1 60000Kbit d 2.0s m2 60000Kbit ul m1
60000Kbit d 2.0s m2 60000Kbit
Sent 19906674 bytes 13396 pkt (dropped 9, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 13396 work 19906674 bytes level 0
class hfsc 5:200 parent 5: leaf 1dd: ls m1 1024Kbit d 2.0s m2 1024Kbit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 5:3 parent 5: ls m1 10000Kbit d 2.0s m2 10000Kbit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 5:1fa parent 5: leaf 1d7: ls m1 64000bit d 2.0s m2 64000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 5:1f8 parent 5: leaf 1d5: sc m1 400000bit d 30.0ms m2
128000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 5:1f9 parent 5: leaf 1d6: sc m1 160000bit d 2.0s m2 32000bit
ul m1 160000bit d 2.0s m2 128000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
wireless-r1 ~ # tc -s class show dev br1
class hfsc 1: root
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 1
class hfsc 1:1fe parent 1: leaf 1c7: sc m1 400000bit d 30.0ms m2
128000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 1:1 parent 1: sc m1 0bit d 2.6ms m2 30000Kbit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 1:1ff parent 1: leaf 1c8: sc m1 640000bit d 2.0s m2 128000bit
ul m1 640000bit d 2.0s m2 512000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 1:2 parent 1: ls m1 60000Kbit d 2.0s m2 60000Kbit ul m1
60000Kbit d 2.0s m2 60000Kbit
Sent 856222 bytes 10041 pkt (dropped 13, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 10041 work 856222 bytes level 0
class hfsc 1:200 parent 1: leaf 1c9: ls m1 256000bit d 2.0s m2 256000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 1:3 parent 1: ls m1 10000Kbit d 2.0s m2 10000Kbit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 1:1fa parent 1: leaf 1c3: ls m1 32000bit d 2.0s m2 32000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 1:1f8 parent 1: leaf 1c1: sc m1 400000bit d 30.0ms m2
128000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
class hfsc 1:1f9 parent 1: leaf 1c2: sc m1 80000bit d 2.0s m2 16000bit
ul m1 80000bit d 2.0s m2 64000bit
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
period 0 level 0
No matter how I write these rules, it always still goes to the default
class (5:2 or 1:2). If this is still wrong, please give me an example of
what I should be writing.
Eliot Gable
Certified Wireless Network Administrator (CWNA)
Certified Wireless Security Professional (CWSP)
Cisco Certified Network Associate (CCNA)
CompTIA Security+ Certified
CompTIA Network+ Certified
Network and System Engineer
Great Lakes Internet, Inc.
112 North Howard
Croswell, MI 48422
(810) 679-3395
(877) 558-8324
_______________________________________________
LARTC mailing list
[email protected]
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
