On 6/5/2015 9:13 AM, Jean-Marc Liotier wrote: > On 05/06/2015 17:35, Tom Eastep wrote: >> You can, of course, control the *total* IPv6 outbound traffic by >> controlling protocol 41 on the Ethernet interface. If you want to >> control the individual IPv6 application streams, then you need do that >> by defining traffic shaping on the SIT interface. > Suppose that in /etc/shorewall/tcfilters I enumerate assorted IPv6 and > IPv4 rules. Now, suppose an outbound IPv4 packet and an outbound IPv6 > packet, both being queued and both matching the same > /etc/shorewall/tcfilters entry (for exemple an entry matching a > destination port) - tc has to decide which one has priority and what > fits in OUT-BANDWIDTH... Is tc aware that there are actually an IPv4 > packet and an IPv6 packet, or is it rather comparing an IPv4 packet to > another IPv4 packet with a protocol 41 header ? > > Or am I entirely misunderstanding how a Shorewall-controlled tc manages > that ? > For an outbound ipv6 packet, first the IPv6 tc rules and filters for the SIT device are applied. Then, once the packet is encapsulated, the IPv4 tc rules and filters are applied to the IPv4 protocol 41 packet.
For an inbound encapsulated IPv6 packet, IPv4 policing is applied and then, once the IPv6 packet has been extracted, IPv6 policing specified for the SIT device is applied. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
