On Sun, 2004-04-18 at 12:35, Andy Furniss wrote:
> Connmark is a netfilter patch which is required by the type of P2P
> limiting/marking projects on sf.net that could mark bittorrent traffic.
just from the sounds of it, appears it may be able to mark a group of
related flows with the same fwmark.
> It is incompatable with the connbytes patch which I use to mark the
> first x KB of new connections. Doing this lets me send new TCps to a
> short queue which is capped at 50% of my bandwidth. This means that some
> packets get dropped and the slowstart phase is ended before it's
> exponential nature floods my ISP buffer.
seems very similar in concept to what Alex (alex@xxxxxxxxxxxxx) was
trying to achieve.
> > To accomodate your need for b), the idea would be as follows:
> > packet gets demasquared, mark it with a fwmark
>
> I guess you really mean mark then demasquerade.
Either should work fine.
> OK I can see this as a possibility - assuming I can mark. Maybe conmark
sounds like connmark maybe what you want.
> will be OK with connbytes sometime. I don't really know how to use it,
> but if it is possible to mark egress connections in output and have
> connmark match their incoming packets that would be a solution. I
> haven't got a clue if connmark can do this, though, just speculating.
>
> Does anyone else know, and why it's not compatable with connbytes?
>
some of the netfilter people should be able to help.
cheers,
jamal
|