[Bridge] packet mangling and qos on bridge .
ratheesh k
ratheesh.ksz at gmail.com
Tue Sep 8 08:46:11 PDT 2009
i m a big idiot .....i made a big mistake .
i will explain in detail . i have a router like below . i will connect
my computers to lan side of router ( br0) and eth1 is connected to
internet .
-> br0 <------------------------> eth1
( eth0 , ap0)
{ lan } {wan}
there r two types of traffic .
A. traffic from my computers that will go to br0 , then will route
and go to internet thru eth1
B. traffic coming from eth1 will be routed to br0 , then to my computer .
There are two types of qdisc in place . ingress and outgress .
pkts of type A will be processed only at egress qdisc of eth1
pkts of type B will be processed only at egress qdisc of br0 .
My mistakes was : i applied coloring at br0 and used fw filter on same
br0 ..This wont work .
dev_queue_xmit function will put pkts after routed into repective
device (eth0 or br0 ) qdisc .
Suppose there are lan-to-lan traffic and wan-to-lan traffic , we
cannot prioritize any of this traffic using egress qdisc . Because
lan-to-lan traffic wont call dev_queue_xmit . You can use ingress
queue to do policing . I am not very much sure about this .
netif_recieve_skb() function is called for all pkts coming in . Try
ingress qdisc .
Thanks,
Rat
On Tue, Aug 25, 2009 at 5:08 PM, ratheesh k<ratheesh.ksz at gmail.com> wrote:
> i can see problem in 2.6.22.18 ,but not in 2.6.26.8 ..... Is there
> any patch available ??//
>
>
>
>
>
>
> On Thu, Aug 20, 2009 at 8:58 PM, ratheesh k<ratheesh.ksz at gmail.com> wrote:
>> in linux kernel , in net/sched/cls_fw.c file , fw_classify is
>> called every time tc filter is hit .
>> skb->mark is zero when u use rules like
>>
>> > iptables -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
>>> iptables -t mangle -A PREROTUING -p icmp -s 192.168.1.0/24 -d !
>>> 192.168.1.0/24 -j MARK --set-mark 2
>>> iptables -t mangle -A FORWARD -p icmp -i br0 -o eth1 -j MARK --set-mark 2
>>
>> But if u use
>>>iptables -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2
>>
>> the skb->mark is 2 , correct value .
>>
>> This problem happens only with bridge . when i tried with one of the
>> interface it works perfectly .
>>
>> Thanks,
>> Ratheesh
>>
>>
>>
>>
>> On Wed, Aug 19, 2009 at 5:44 PM, ratheesh k<ratheesh.ksz at gmail.com> wrote:
>>> I have two interfaces , eth0 and ap0 bridged together to form br0 .
>>> And another interfaces eth1 on wan side .
>>>
>>>
>>> br0 <------------------------> eth1
>>> ( eth0 , ap0)
>>> { lan } {wan}
>>>
>>> packets from lan side are nated to eth1 . i have qos rules on both
>>> br0 and eth1 . when i googled i found that "mangling packets on br0
>>> and using fw filters wont work on linux bridge ".. Is this true ?? Can
>>> you tell me why ??
>>>
>>> But the funny thing is i colored packets in prerouting chain only
>>> specifying protocol ( not specifying interface )
>>>
>>> iptables -t mangle -A PREROTUING -p icmp -j MARK --set-mark 2 and
>>> i have filter rule to put packets tat are fw marked as 2 to put into
>>> some flow . This works fine , when i send an icmp packet from lan to
>>> wan side !!!!!!! ??????????
>>>
>>> But if try any of below rules intsead of above , it wont work
>>>
>>> iptables -t mangle -A PREROTUING -p icmp -i br0 -j MARK --set-mark 2
>>> iptables -t mangle -A PREROTUING -p icmp -s 192.168.1.0/24 -d !
>>> 192.168.1.0/24 -j MARK --set-mark 2
>>> iptables -t mangle -A FORWARD -p icmp -i br0 -o eth1 -j MARK --set-mark 2
>>>
>>> i dont know y ????????
>>>
>>> I should go for ebtables to mark packets ???????? then it will work ???
>>>
>>
>
More information about the Bridge
mailing list