Hello, <br>
<br>
Can you post a "tc -s -d filter ls dev nas0" ? <br><br><br><div><span class="gmail_quote">On 7/2/07, <b class="gmail_sendername">Edouard Thuleau</b> <<a href="mailto:thuleau@gmail.com">thuleau@gmail.com</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Yes,<br>This one was for the DSCP re-marking :<br><br><span style="font-style: italic;">
iptables -t mangle -A PREROUTING -i nas0 -d <a href="http://192.168.43.2" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.43.2</a> -j DSCP --set-dscp 0x08</span><br style="font-style: italic;">
<br style="font-style: italic;"><span style="font-style: italic;"> $TC qdisc add dev nas0 handle ffff: ingress</span><br style="font-style: italic;"><span style="font-style: italic;"> $TC filter add dev nas0 parent ffff: protocol ip prio 1 u32 match ip tos 0x20 0xff police rate 200kbit burst 1k drop flowid :1
</span><br><br>and this one with a DNAT rule :<br><br><span style="font-style: italic;"> iptables -t nat -A PREROUTING -i nas0 -p udp --dport 11112 -j DNAT --to-destination <a href="http://192.168.1.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.1.10</a>
</span><br style="font-style: italic;"><br style="font-style: italic;"><span style="font-style: italic;"> $TC qdisc add dev nas0 handle ffff: ingress</span><br style="font-style: italic;"><span style="font-style: italic;">
$TC filter add dev nas0 parent ffff: protocol ip prio 1 u32 match
ip dst <a href="http://192.168.1.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.10</a> police rate 200kbit burst 1k drop flowid :1</span><div><span class="e" id="q_11386e665429fc2c_1">
<br><br><br><div><span class="gmail_quote">2007/7/2, nano bug <<a href="mailto:linnewbye@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">linnewbye@gmail.com
</a>>:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello, <br><br>Can you post the scripts you are using ?<div><span>
<br><br><div><span class="gmail_quote">On 7/2/07, <b class="gmail_sendername">Edouard Thuleau</b> <<a href="mailto:thuleau@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">thuleau@gmail.com
</a>> wrote:
</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Thanks,<br>
I know the older version of this diagram and this one is quite the same I told below
but the problem is the same for the DNAT. I made another test. I change
the DSCP value in the PREROUTING table and I put an ingress policing which match this new dscp value but the filter doesn't match nothing (I work on a Linux 2.6.17).<br>With my test, the older version (<a href="http://www.imagestream.com/%7Ejosh/PacketFlow.jpg" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.imagestream.com/~josh/PacketFlow.jpg</a>) of the diagram seams more exactly. <br><br>Have you an idea ?<br><br><div><span class="gmail_quote">2007/7/2, nano bug <<a href="mailto:linnewbye@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
linnewbye@gmail.com
</a>>:</span><div><span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hello, <br><br>I find this one more useful :
<br><br><a href="http://www.imagestream.com/%7Ejosh/PacketFlow-new.png" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.imagestream.com/~josh/PacketFlow-new.png</a><br><br><div><div><span><span class="gmail_quote">On 7/2/07, <b class="gmail_sendername">
Edouard Thuleau</b> <<a href="mailto:thuleau@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">thuleau@gmail.com</a>> wrote:</span></span></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><span>
Hi,<br><br>I find this diagram which details the kernel packet traveling :<br><a href="http://www.docum.org/docum.org/kptd/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://www.docum.org/docum.org/kptd/
</a><br>Is it up to date ?<br>I made some test and I put a DNAT rules in the PREROUTING table of an interface and I attach it a ingress policy, the dst IP wasn't changed. the DNAT it isn't yet make.
<br><br>I've another question (I'm not sure is it the good mailing list), for the fragment packet, I see the ingress policy doesn't work correctly and I'd like to know where in the kernel travel of the packet the fragment are re-assemble ? At the NAT or in the routing ?
<br><br>Thanks,<br><span>Edouard.<br>
</span><br></span></div>_______________________________________________<br>LARTC mailing list<br><a href="mailto:LARTC@mailman.ds9a.nl" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">LARTC@mailman.ds9a.nl
</a><br><a href="http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc</a><br><br></blockquote></div><br>
</blockquote></span></div></div><br>
</blockquote></div><br>
</span></div></blockquote></div><br>
</span></div></blockquote></div><br>