Hi, After my first experience with traffic shapping using Martin's htb [1] shapper with packets marked by an iptables match we got thinking about a new match based on connection duration/traffic. This would allow a match something like:
iptables -t mangle -A POSTROUTING -p tcp --conn-traffic 0:50000 -j MARK --set-mark 1 iptables -t mangle -A POSTROUTING -p tcp --conn-traffic 50000: -j MARK --set-mark 2 Which could be used (in conjunction with shaping) to shape long lived downloads of large files (where any sense of "interactivity" is gone) to favour normal web page downloads. If had an initial poke around the netfilter kernel code and the ip_conntrack structure which (AFAIK) should exist for each identified connection. My inital thoughts involved just hacking in some byte counters to that structure. I've also poked around the conntrack helper structs but they seem to be protocol specific (ftp etc..). I guess my questions are: 1. Can the byte counting code be hacked ontop of the core conntrack code or should it done by an additonal module? 2. Should the match code by created in a seperate module or can it safely be added to the core conntrack matches without breaking API's? As I'm a bit of a newbie to the netfilter code I thought I had better ask the developers before I started randomly hacking :-) -- [EMAIL PROTECTED] http://www.bennee.com/~alex/ Ref 1 : LARTC thread http://marc.theaimsgroup.com/?t=101900139000004&r=1&w=2
