Bob Ramstad wrote: > > Thoughts? >
Yes -- the warnings at the top of the Shorewall traffic shaping documentation means what they say. a) You can't understand Linux traffic shaping by reading just the Shorewall documentation. b) You must not expect the Shorewall support team to make up the difference between what you read in the Shorewall documentation and what you need to know to make traffic shaping work. If I had the time and the patience to bridge that gap, I would write a book about Linux traffic shaping -- I have neither. I will close by giving you some basic principles: a) Entries in tcrules are applied to every packet so there is a cost associated with each one. b) There are both packet marks and connection marks and you can copy the mark value back and forth using SAVE and RESTORE. c) With the exception of CONTINUE, entries in tcrules are not terminating -- so even though a packet matches a rule doesn't mean that it won't pass through the next rule and so on. The only way to stop further processing of a packet is to have it match a CONTINUE rule. So marking DNS, SMTP and HTTP packets with mark 40 then passing them through a RESTORE rule is clearly not something that is going to accomplish anything useful since RESTORE is going to overwrite the packet mark with the connection mark. d) When you don't have CLASSIFY target support (as in your case), you must include 'tc filter rules' in your traffic shaping configuration. Those rules associate packet marks (fwmark) with tc classes. So in your case, if you have class 1:50 as your p2p class, then you still need a tc filter rule that sends packets with mark 50 (or whatever mark value you use to designate P2P packets) to class 1:50. And remember, ONLY PACKET MARKS APPLY TO TC FILTER RULES, not connection marks. If you are using the built-in Shorewall shaper (tc4shorewall) then these tc filter rules are created for you. e) Example 6 at http://www.shorewall.net/traffic_shaping.htm is the pp2p example -- the text explains what each rule does and why. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/