Hello Lyle, the following DiffServ scenario might give you some ideas on how to do the prioritizing using XFRM marks:
http://www.strongswan.org/uml/testresults/ikev2/net2net-psk-dscp/ Regards Andreas On 06/21/2011 12:39 AM, [email protected] wrote: > I would like to prioritize certain traffic based on transport > protocol and port number. When I use tc filter rules that > place the filter on a non-ipsec interface, the prioritization > happens. When I change the interface to one that has only > ipsec traffic over it, all traffic is then sent from the > "everything else" queue. Very simple case: two queues, one > gets priority over the other, no bandwidth metering or other > complications. I surmised that tc filters don't > "see" outgoing packets until after encapsulation, when they > are encrypted. Is this correct? What is the preferred way > to do this? Use iptables, mark the traffic and use tc rules > that choose based on this mark instead? > > Thank you. > > --lyle ====================================================================== Andreas Steffen [email protected] strongSwan - the Linux VPN Solution! www.strongswan.org Institute for Internet Technologies and Applications University of Applied Sciences Rapperswil CH-8640 Rapperswil (Switzerland) ===========================================================[ITA-HSR]== _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
