[LARTC] Kernel Packet Traveling Diagram
nano bug
linnewbye at gmail.com
Mon Jul 2 17:08:23 CEST 2007
Hello,
Can you post a "tc -s -d filter ls dev nas0" ?
On 7/2/07, Edouard Thuleau <thuleau at gmail.com> wrote:
>
> Yes,
> This one was for the DSCP re-marking :
>
> iptables -t mangle -A PREROUTING -i nas0 -d 192.168.43.2 -j DSCP
> --set-dscp 0x08
>
> $TC qdisc add dev nas0 handle ffff: ingress
> $TC filter add dev nas0 parent ffff: protocol ip prio 1 u32 match ip
> tos 0x20 0xff police rate 200kbit burst 1k drop flowid :1
>
> and this one with a DNAT rule :
>
> iptables -t nat -A PREROUTING -i nas0 -p udp --dport 11112 -j DNAT
> --to-destination 192.168.1.10
>
> $TC qdisc add dev nas0 handle ffff: ingress
> $TC filter add dev nas0 parent ffff: protocol ip prio 1 u32 match ip
> dst 192.168.1.10 police rate 200kbit burst 1k drop flowid :1
>
>
> 2007/7/2, nano bug <linnewbye at gmail.com >:
> >
> > Hello,
> >
> > Can you post the scripts you are using ?
> >
> > On 7/2/07, Edouard Thuleau <thuleau at gmail.com > wrote:
> > >
> > > Thanks,
> > > I know the older version of this diagram and this one is quite the
> > > same I told below but the problem is the same for the DNAT. I made another
> > > test. I change the DSCP value in the PREROUTING table and I put an ingress
> > > policing which match this new dscp value but the filter doesn't match
> > > nothing (I work on a Linux 2.6.17).
> > > With my test, the older version (http://www.imagestream.com/~josh/PacketFlow.jpg<http://www.imagestream.com/%7Ejosh/PacketFlow.jpg>)
> > > of the diagram seams more exactly.
> > >
> > > Have you an idea ?
> > >
> > > 2007/7/2, nano bug < linnewbye at gmail.com >:
> > > >
> > > > Hello,
> > > >
> > > > I find this one more useful :
> > > >
> > > > http://www.imagestream.com/~josh/PacketFlow-new.png<http://www.imagestream.com/%7Ejosh/PacketFlow-new.png>
> > > >
> > > > On 7/2/07, Edouard Thuleau <thuleau at gmail.com> wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > > I find this diagram which details the kernel packet traveling :
> > > > > http://www.docum.org/docum.org/kptd/
> > > > > Is it up to date ?
> > > > > I made some test and I put a DNAT rules in the PREROUTING table of
> > > > > an interface and I attach it a ingress policy, the dst IP wasn't changed.
> > > > > the DNAT it isn't yet make.
> > > > >
> > > > > I've another question (I'm not sure is it the good mailing list),
> > > > > for the fragment packet, I see the ingress policy doesn't work correctly and
> > > > > I'd like to know where in the kernel travel of the packet the fragment are
> > > > > re-assemble ? At the NAT or in the routing ?
> > > > >
> > > > > Thanks,
> > > > > Edouard.
> > > > >
> > > > > _______________________________________________
> > > > > LARTC mailing list
> > > > > LARTC at mailman.ds9a.nl
> > > > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> > > > >
> > > > >
> > > >
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20070702/106fa59a/attachment.html
More information about the LARTC
mailing list