netdev
[Top] [All Lists]

Re: IMQ / new Dummy device post.

To: Andy Furniss <andy.furniss@xxxxxxxxxxxxx>
Subject: Re: IMQ / new Dummy device post.
From: jamal <hadi@xxxxxxxxxx>
Date: 15 Apr 2004 23:52:33 -0400
Cc: netdev@xxxxxxxxxxx
In-reply-to: <407EE3E5.8060200@xxxxxxxxxxxxx>
Organization: jamalopolis
References: <407E5905.9070108@xxxxxxxxxxxxx> <1082031313.1039.13.camel@xxxxxxxxxxxxxxxx> <407EE3E5.8060200@xxxxxxxxxxxxx>
Reply-to: hadi@xxxxxxxxxx
Sender: netdev-bounce@xxxxxxxxxxx
On Thu, 2004-04-15 at 15:35, Andy Furniss wrote:
> jamal wrote:

> What I want to know is what state IP packets will be in if I

Just to be sure, this is not specific just to IP; it could be ARP, IPX,
v6 etc.

>  
> filter/shape with dummy - In my case I would need them to have been 
> demasqued so I can tell the difference between local and to be forwarded 
> ingress traffic.

The packets are grabbed before NAT on the way in and after NAT on the
way out. 
Coming from non-local machines before NAT you can redirect to a dummy
device; and also be able to redirect on their way back to the non-local;
to use the example i posted earlier:

----
$TC qdisc add dev dummy0 root handle 1: prio 
$TC qdisc add dev dummy0 parent 1:1 handle 10: sfq
$TC qdisc add dev dummy0 parent 1:2 handle 20: tbf rate 20kbit buffer
1600 limit
 3000
$TC qdisc add dev dummy0 parent 1:3 handle 30:
sfq                              
  
$TC filter add dev dummy0 protocol ip pref 1 parent 1: handle 1 fw
classid 1:1
$TC filter add dev dummy0 protocol ip pref 2 parent 1: handle 2 fw
classid 1:2

ifconfig dummy0 up

#deal with ingress of eth0 first
$TC qdisc add dev eth0 ingress

# redirect all IP packets arriving from 10.0.0.21/24 in eth0 to dummy0 
# use mark 1 --> puts them onto class 1:1 of dummy
#
$TC filter add dev eth0 parent ffff: protocol ip prio 10 u32 \
match ip src 10.0.0.21/24 flowid 1:1 \
action ipt -j MARK --set-mark 1 \
action mirred egress redirect dev dummy0

#deal with egress of eth0
$TC qdisc add dev eth0 root handle 1: prio 

# redirect all IP packets going to 10.0.0.21/24 in eth0 to dummy0 
# use mark 2 --> puts them onto class 1:2 of dummy
#
$TC filter add dev eth0 parent 1:0 protocol ip prio 10 u32 \
match ip dst 10.0.0.21/24 flowid 1:1 \
action ipt -j MARK --set-mark 2 \
action mirred egress redirect dev dummy0
-----

I havent tested the above but it should work (sans syntax bugs). If it
doesnt then we have a bug that needs fixing.

> Ie. where on the KPTD would dummy be - IMQ appears twice and by using 
> the IMQ nat patch I can use the prerouting one to filter/shape the 
> packets after they are denatted.
> 

does the above help?

cheers,
jamal


<Prev in Thread] Current Thread [Next in Thread>