Sorry, I hadn't seen 0x68 match. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salim S I Sent: Friday, August 17, 2007 10:47 AM To: 'Ming-Ching Tiew'; lartc@mailman.ds9a.nl Subject: RE: [LARTC] Unable to match/classify non-icmp traffic with TOSbiggerthan 0x10
Is it because the TOS and DSCP values are different? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ming-Ching Tiew Sent: Thursday, August 16, 2007 5:21 PM To: lartc@mailman.ds9a.nl Subject: [LARTC] Unable to match/classify non-icmp traffic with TOS biggerthan 0x10 This problem is driving nuts, so I am seeking help here. Your help will be deeply appreciated. I have made myself a Linux bridge with eth1 and eth0 to form br0. Then I run a script to configure tc with htb on it. But I can never match non-icmp traffic ( such as tcp and udp ) with TOS or DSCP values such as 0x68. The full story as follows :- 1. On the source testing machine, I do this to set the tos and dscp settings :- (A) iptables -t mangle -A OUTPUT -j TOS --set-tos 0x10 ( to make ssh tos value 0x10 ) or (B) iptables -t mangle -A OUTPUT -j DSCP --set-dscp 0x1a ( to make ssh DSCP value 0x68 ) 2. Then on the bridge machine, I have tc filter as follows :- (A) tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \ match ip tos 0x10 0xfc flowid 1:10 tc filter add dev eth1 parent 1: protocol ip prio 10 u32 \ match ip tos 0x10 0xfc flowid 1:10 Then I do a ssh login to side B of the bridge from side A. It shows that the traffic has been classified correctly. (B) tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \ match ip tos 0x68 0xfc flowid 1:10 tc filter add dev eth1 parent 1: protocol ip prio 10 u32 \ match ip tos 0x68 0xfc flowid 1:10 Then I do a ssh login to side B of the bridge from side A, the traffic has not been classified correctly. The class 1:10 picks up zero traffic. (C) However if I ping side B of the bridge from side A, it shows that icmp could be classified into class 1:10. Why it is just not possible to classify anything other than icmp ? Regards. -------------------------------------------------------- Important Warning! *************************** This electronic communication (including any attached files) may contain confidential and/or legally privileged information and is only intended for the use of the person to whom it is addressed. If you are not the intended recipient, you do not have permission to read, use, disseminate, distribute, copy or retain any part of this communication or its attachments in any form. If this e-mail was sent to you by mistake, please take the time to notify the sender so that they can identify the problem and avoid any more mistakes in sending e-mail to you. The unauthorised use of information contained in this communication or its attachments may result in legal action against any person who uses it. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
