Hello all,

I am having some trouble getting a firewall filter to work with TC.   I am
actually setting the mark via EBTables (which is working as far as I can
tell, I am also logging the packet and my syslog reports lots of marks):

ebtables -t broute -A BROUTING -p ipv4 -i eth1 -s 08:00:46:60:B3:57 -j mark
--set-mark 7 --mark-target CONTINUE --log --log-level debug --log-prefix
"EBFW Mark 7"

Now, with the marked packet, I want to rate shape it on ETH0 on its way out.

tc qdisc del dev eth0 root
tc qdisc add dev eth0 root handle 1 cbq bandwidth 100Mbit avpkt 1000 cell 8
tc class change dev eth0 root cbq weight 10Mbit allot 1514
tc class add dev eth0 parent 1: classid 1:2500 cbq bandwidth 100Mbit rate
1512Kbit weight 51Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
tc qdisc add dev eth0 parent 1:2500 handle 2500 sfq perturb 10
tc class add dev eth0 parent 1:2500 classid 1:3500 cbq bandwidth 100Mbit
rate 256Kbit weight 26Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000
tc qdisc add dev eth0 parent 1:3500 handle 3500 sfq perturb 10
tc filter add dev eth0 parent 1:2500 protocol ip prio 100 handle 7 fw flowid

But the problem is, when I look at stats, my 3500 queue has no traffic and
my filters are blank, I run a " tc filter show dev eth0" and its empty.  I
have various u32 filters on eth1 and they show up.  If add:

tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dst classid 1:2500

I can now see that I have filters on eth0

[EMAIL PROTECTED] tc filter show dev eth0
[EMAIL PROTECTED] tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match
ip dst classid 1:2500
[EMAIL PROTECTED] tc filter show dev eth0
filter parent 1: protocol ip pref 100 u32
filter parent 1: protocol ip pref 100 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 100 u32 fh 800::800 order 2048 key ht 800
bkt 0 flowid 1:2500
  match 00000000/00000000 at 16

What am I missing here???



LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Reply via email to