[LARTC] u32 and iptables do not work together

Nataniel Klug nata at cnett.com.br
Fri Apr 7 20:26:00 CEST 2006 

    Hello all,

    I am trying to make a filter into my QoS rules and I founded that 
when I try to use filters u32 and with fwmark they do not work together. 
This is the filter I use, just and example, for u32:

$TC filter add dev $DL parent 1:0 protocol ip prio 1 u32 match ip sport 
22 0xffff flowid 1:10

    This is working fine. Now if I try to mark a package that I want it 
to go to the same class (1:10) it get an error:

$IPT -t mangle -A PREROUTING -s 200.163.208.4 -j MARK --set-mark 10

    Then I tryed to make the filter for this:

$TC filter add dev $DL parent 1:0 protocol ip prio 1 handle 10 fw 
classid 1:10

RETURNS:

[root at ns1 rc.d]# /sbin/tc filter add dev eth3 parent 1:0 protocol ip 
prio 1 handle 10 fw classid 1:10
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
[root at ns1 rc.d]#

    Anyone knows what can I do? My full script (the one that is working 
fine is at the end).

Att,

Nataniel Klug



------
#!/bin/sh
#------
# Script de QoS Cyber Nett
#------
# Nataniel Klug
# suporte at cnett.com.br
#------

TC="/sbin/tc"
IPT="/usr/local/sbin/iptables"

DL="eth3"

#------
# Apagando regras antigas de QoS
#------
$TC qdisc del dev $DL root    2> /dev/null > /dev/null
$TC qdisc del dev $DL ingress 2> /dev/null > /dev/null

#------
# Regras para a placa eth1
#------
$TC qdisc add dev $DL root handle 1: htb default 50

CLASS="/sbin/tc class add dev $DL parent"
$CLASS 1: classid 1:1 htb rate 3072Kbit
$CLASS 1:1 classid 1:10 htb rate 256Kbit prio 1
$CLASS 1:1 classid 1:20 htb rate 1024Kbit ceil 2048Kbit prio 2
$CLASS 1:1 classid 1:30 htb rate 512Kbit ceil 512Kbit prio 3
$CLASS 1:1 classid 1:40 htb rate 512Kbit ceil 512Kbit prio 3
$CLASS 1:1 classid 1:50 htb rate 512Kbit ceil 512Kbit prio 4

QDISC="/sbin/tc qdisc add dev $DL parent"
$QDISC 1:10 handle 10: sfq perturb 10
$QDISC 1:20 handle 20: sfq perturb 10
$QDISC 1:30 handle 30: sfq perturb 10
$QDISC 1:40 handle 40: sfq perturb 10
$QDISC 1:50 handle 50: sfq perturb 10

FILTER="/sbin/tc filter add dev $DL parent 1:0 protocol ip prio 1 u32"

$FILTER match ip protocol 1 0xff flowid 1:10
$FILTER match ip sport 22 0xffff flowid 1:10
$FILTER match ip sport 23 0xffff flowid 1:10
$FILTER match ip sport 2202 0xffff flowid 1:10

$FILTER match ip sport 6121 0xffff flowid 1:10
$FILTER match ip sport 5121 0xffff flowid 1:10

$FILTER match ip sport 80 0xffff flowid 1:20
$FILTER match ip sport 443 0xffff flowid 1:20
$FILTER match ip sport 3128 0xffff flowid 1:20
$FILTER match ip src 200.189.176.206/32 flowid 1:20
$FILTER match ip src 200.189.176.205/32 flowid 1:20
$FILTER match ip sport 5065 0xffff flowid 1:20
$FILTER match ip sport 5070 0xffff flowid 1:20

$FILTER match ip sport 53 0xffff flowid 1:30
$FILTER match ip sport 25 0xffff flowid 1:30
$FILTER match ip sport 110 0xffff flowid 1:30

$FILTER match ip sport 21 0xffff flowid 1:40

More information about the LARTC mailing list