Rudy,
Fist: I’m neither a linux guru nor a network guru. And my English is very bad but maybe you and other people could use my experience.
I’ve written my own QoS script because I have a slow ADSL connection (6144kbit / 640kbit) and I would prioritize HTTP and VoIP. The default OpenWRT script isn’t documented, Service curves are wrong calculated (in my vieuw) and it isn’t possible to configure the leaf Qdisc. Tomato doesn’t use a good download QoS. The leaf Qdisc of DD-wrt also aren’t configurable.
Instead of writing your own script, it’s maybe possible to change the default OpenWrt script and make some documentation? If there are some good Qos configfiles with a good documentation, it isn’t necessary to write another script. I’m not capable to modify the default QoS script because I’m not a linux programmer. I understand most of the default QoS script but as already told I’m not capable to modify the default QoS script. Maybe you can change the QoS script of nbd? I would like to help make some wiki documentation (i know people who will translate in English)
Change requests rudy’s and nbd’s QoS script
1) Use the TC stab option if you use the thrunk version of OpenWrt. It really works With the stab option, TC calculate the (ATM, PPP,…) overhead. So it’s not necessary to set upload 90% of your linespeed.
tc qdisc add dev $iface stab overhead 44 linklayer atm root handle 1: hfsc default 50
I guess, it's not difficult to implement the stab option in the default QoS script. Just add 2 configrules and some code.
suggestion of the extra configrules:
option linklayer_adaptation "ATM" or "ethernet"
option overhead "44" (per ethernet packet 44 bytes overhead) link
2) The default QoS of the thrunk version of OpenWrt use a ack_conntrack patch and the IFB interface. Maybe you could use IFB and act_conntrack?
3) In your script you say not to use “length of burst buffers lower than 10 ms) => timer resolution is 100HZ. Is it possible to find out the timer resolution of the kernel? I don’t know which timer resolution openwrt use. A cat of the /proc/timer_list shows me a timer resolution of 1ns (WNDR 3700v2)
/proc$ cat /proc/timer_list
Timer List Version: v0.6
HRTIMER_MAX_CLOCK_BASES: 3
now at 785328994524672 nsecs
cpu: 0
clock 0:
.base: 802c7fa0
.index: 0
.resolution: 1 nsecs
.get_time: <80095004>
.offset: 1326047247244582392 nsecs
active timers:
clock 1:
.base: 802c7fd0
.index: 1
.resolution: 1 nsecs
.get_time: <800952e0>
.offset: 0 nsecs
active timers:
#0: <8399fb98>, <801f20dc>, S:01
# expires at 785328994924288-785328994924288 nsecs [in 399616 to 399616 nsecs]
#1: <830ff798>, <801f20dc>, S:01
# expires at 785328996922816-785328996922816 nsecs [in 2398144 to 2398144 nsecs]
#2: <8030b6c0>, <800700ec>, S:01
# expires at 785329000000000-785329000000000 nsecs [in 5475328 to 5475328 nsecs]
#3: <802c84b0>, <8009ac40>, S:01
# expires at 785329000000000-785329000000000 nsecs [in 5475328 to 5475328 nsecs]
#4: <8381deb8>, <80090244>, S:01
# expires at 785329047731730-785329047781730 nsecs [in 53207058 to 53257058 nsecs]
#5: <83355a48>, <80090244>, S:01
# expires at 785329074610491-785329075568298 nsecs [in 80085819 to 81043626 nsecs]
#6: <8385deb8>, <80090244>, S:01
# expires at 785330038946170-785330038996170 nsecs [in 1044421498 to 1044471498 nsecs]
#7: <83203a48>, <80090244>, S:01
# expires at 785336390075945-785336400075938 nsecs [in 7395551273 to 7405551266 nsecs]
#8: <82569a48>, <80090244>, S:01
# expires at 785628990456272-785629090456272 nsecs [in 299995931600 to 300095931600 nsecs]
#9: <83351ae0>, <80090244>, S:01
# expires at 786283993381947-786284093381947 nsecs [in 954998857275 to 955098857275 nsecs]
#10: <83a31e50>, <80079598>, S:01
# expires at 811277106541532-811277106541532 nsecs [in 25948112016860 to 25948112016860 nsecs]
clock 2:
.base: 802c8000
.index: 7
.resolution: 1 nsecs
.get_time: <80094d08>
.offset: 0 nsecs
active timers:
.expires_next : 785328994924288 nsecs
.hres_active : 1
.nr_events : 154691328
.nr_retries : 486291
.nr_hangs : 1
.max_hang_time : 17803 nsecs
.nohz_mode : 0
.idle_tick : 0 nsecs
.tick_stopped : 0
.idle_jiffies : 0
.idle_calls : 0
.idle_sleeps : 0
.idle_entrytime : 0 nsecs
.idle_waketime : 0 nsecs
.idle_exittime : 0 nsecs
.idle_sleeptime : 0 nsecs
.iowait_sleeptime: 0 nsecs
.last_jiffies : 0
.next_jiffies : 0
.idle_expires : 0 nsecs
jiffies: 78502899
Tick Device: mode: 1
Per CPU device: 0
Clock Event Device: MIPS
max_delta_ns: 6316128371
min_delta_ns: 2258
mult: 1460288881
shift: 32
mode: 3
next_event: 785328994924288 nsecs
set_next_event: <800684f0>
set_mode: <80068514>
event_handler: <80090e9c>
retries: 1
4) it should be possible to set each parameter of the HFSC class. Maybe this is possible in the default openwrt QoS script but I have not studied the entire script.
5) it should be possible to set each parameter of the leaf qdisc. The most home computer do not support ECN by default. I also thing the most webservers don't support ECN. So it should be possible to disable ECN.
It’s possible to limit P2P traffic with a large leaf red qdisc (300 ms). I’ve read that P2P congestion control algorithms take RTT of the packets into account. In my case, it works . No packets are dropped and the RTT of ICMP packets are very good. So make it possible to the user to change the leaf qdisc parameters.
I test this situation by sending ICMP packets to the priority class. the RTT of the ICMP packets are good. RTT of ICMP packets while downloading HTTP content (youtube, vimeo,...) are extremely good.
My script (based on rudy’s and nbd’s one):
#!/bin/sh -x
#qos script by TomVH
DEBUG=0
# To enable logging (requires iptables-mod-extra package)
[ $DEBUG -eq 1 ] && insmod ipt_LOG >&- 2>&-
#######################################################
DOWNLOAD=5000 #download speed in kbit. set xx% of real download speed
UPLOAD=600 # set xx% of real upload speed
# multiports = up to 15 ports
# ports to be classified as bulk #set after connection mark save and after connection mark restore
TCP_BULK="1024:" #S and D ports
UDP_BULK="1024:" #S and D ports
# Destination ports to be classified as P2P
TCP_P2P="13769" #D ports
UDP_P2P="13769" #D ports
IP_P2P="192.168.0.133"
# Destination ports to be classified as normal
TCP_NORMAL="80,443,25,20,21,110,993,995" # D ports
UDP_NORMAL=""
# Destination ports to be classified as Prio (overules bulk ports)
TCP_PRIO="22,53" #destination ports
UDP_PRIO="22,53" #destination ports
# Destination ports to be classified as VoIP (overules bulk ports)
TCP_VOIP=""
UDP_VOIP="18080"
IP_VOIP="192.168.0.226" #destination and source IP
IP_VOIP="192.168.0.226" #destination and source IP
#######################################################
iface="pppoe-wan"
#####################################################
#!!!!!uplink leaf class parameters!!!!!!!!!
#bulk
UP_LS_BULK_RATE=$(($UPLOAD*5/100))
UP_UL_BULK_RATE=$UPLOAD
#settings leaf qdisc
UP_BULK_RED_PROB=0.05 #red drob probability
UP_BULK_RED_min=6250 #real limit. To limit BULK traffic
UP_BULK_RED_min2=6250 #min for doing the calculations (burst and etc)
UP_BULK_RED_max=$((2 * $UP_BULK_RED_min2 + $UP_BULK_RED_min))
UP_BULK_RED_burst=$(((5 * $UP_BULK_RED_min2) / (3 * 1000)))
UP_BULK_RED_limit=$(($UP_BULK_RED_max * 5))
#P2P
UP_LS_P2P_RATE=$(($UPLOAD * 5 / 100))
UP_UL_P2P_RATE=$UPLOAD
#settings leaf qdisc
UP_P2P_RED_PROB=0.05 #red drob probability
UP_P2P_RED_min=32000 #real limit. To limit P2P traffic
UP_P2P_RED_min2=32000 #min for doing the calculations (burst and etc)
UP_P2P_RED_max=$((5 * $UP_P2P_RED_min2 + $UP_P2P_RED_min))
UP_P2P_RED_burst=$(((5 * $UP_P2P_RED_min2) / (3 * 1000)))
UP_P2P_RED_limit=$(($UP_P2P_RED_max * 5))
#normal class
UP_LS_NORMAL_RATE=$(($UPLOAD * 40 / 100))
UP_UL_NORMAL_RATE=$UPLOAD
#settings leaf qdisc
UP_NORMAL_RED_PROB=0.05 #red drob probability
UP_NORMAL_RED_min=6250 #real limit. To limit NORMAL traffic
UP_NORMAL_RED_min2=6250 #min for doing the calculations (burst and etc)
UP_NORMAL_RED_max=$((2 * $UP_NORMAL_RED_min2 + $UP_NORMAL_RED_min))
UP_NORMAL_RED_burst=$(((5 * $UP_NORMAL_RED_min2) / (3 * 1000)))
UP_NORMAL_RED_limit=$(($UP_NORMAL_RED_max * 5))
#prio
UP_LS_PRIO_RATE=$(($UPLOAD*50/100))
UP_RT_PRIO_RATE="200" #rate in kbit
UP_RT_PRIO_UMAX="400" #lengte of the packets [byte]
UP_RT_PRIO_DMAX="15" #delay in ms
UP_UL_PRIO_RATE=$UPLOAD
#Voip
UP_UL_VOIP_RATE=$UPLOAD
UP_SC_VOIP_RATE="200"
UP_SC_VOIP_UMAX="350" #length of the voip packets [byte]
UP_SC_VOIP_DMAX="10" #delay in ms
#!!!!!DOWNLIK leaf class parameters!!!!!!!!!
#bulk
DOWN_LS_BULK_RATE=$(($DOWNLOAD*5/100))
DOWN_UL_BULK_RATE=$DOWNLOAD
#leaf qdisc parameters
DOWN_BULK_RED_PROB=0.05 #red drob probability
DOWN_BULK_RED_min=62500 #real limit. To limit BULK traffic
DOWN_BULK_RED_min2=62500 #min for doing the calculations (burst and etc)
DOWN_BULK_RED_max=$((2 * $DOWN_BULK_RED_min2 + $DOWN_BULK_RED_min))
DOWN_BULK_RED_burst=$(((5 * $DOWN_BULK_RED_min2) / (3 * 1000)))
DOWN_BULK_RED_limit=$(($DOWN_BULK_RED_max * 5))
#P2P
DOWN_LS_P2P_RATE=$(($DOWNLOAD*5/100))
DOWN_UL_P2P_RATE=4000
#leaf qdisc parameters
DOWN_P2P_RED_PROB=0.05 #red drob probability
DOWN_P2P_RED_min=200000 #real limit. To limit P2P traffic
DOWN_P2P_RED_min2=200000 #min for doing the calculations (burst and etc)
DOWN_P2P_RED_max=$((2 * $DOWN_P2P_RED_min2 + $DOWN_P2P_RED_min))
DOWN_P2P_RED_burst=$(((5 * $DOWN_P2P_RED_min2) / (3 * 1000)))
DOWN_P2P_RED_limit=$(($DOWN_P2P_RED_max * 5))
#normal class
DOWN_LS_NORMAL_RATE=$(($DOWNLOAD*75/100))
DOWN_UL_NORMAL_RATE=$DOWNLOAD
#leaf qdisc parameters
DOWN_NORMAL_RED_PROB=0.05 #red drob probability
DOWN_NORMAL_RED_min=62500 #real limit. To limit NORMAL traffic
DOWN_NORMAL_RED_min2=62500 #min for doing the calculations (burst and etc)
DOWN_NORMAL_RED_max=$((2 * $DOWN_NORMAL_RED_min2 + $DOWN_NORMAL_RED_min))
DOWN_NORMAL_RED_burst=$(((5 * $DOWN_NORMAL_RED_min2) / (3 * 1000)))
DOWN_NORMAL_RED_limit=$(($DOWN_NORMAL_RED_max * 5))
#prio
DOWN_RT_PRIO_RATE="500" #rate in kbit
DOWN_RT_PRIO_UMAX="400" #length of the packets [byte]
DOWN_RT_PRIO_DMAX="1.5" #delay in ms
DOWN_UL_PRIO_RATE=$DOWNLOAD
#Voip
DOWN_UL_VOIP_RATE=$DOWNLOAD
DOWN_SC_VOIP_RATE="250"
DOWN_SC_VOIP_UMAX="350" #lengt of voip packets [byte]
DOWN_SC_VOIP_DMAX="1.2" #delay in ms
# The following packages are required for the modules:
# kmod-sched
# kmod-ipt-conntrack
# iptables-mod-conntrack
# kmod-ipt-ipopt
# iptables-mod-ipopt
# kmod-ipt-extra
# iptables-mod-extra
insmod ifb
insmod sch_hfsc
insmod sch_red
insmod sch_sfq
insmod cls_fw
insmod cls_u32
insmod em_u32
insmod act_connmark
insmod act_mirred
insmod sch_ingress
tc qdisc del dev $iface ingress
tc qdisc add dev $iface ingress
ifconfig ifb0 up txqueuelen 5
tc filter add dev $iface parent ffff: protocol ip prio 1 u32 match u32 0 0 flowid 1:1 action connmark action mirred egress redirect dev ifb0
#ecn isn't supported by default in win7 winXp,... So do not enable ECN of the uplaod qdiscs!!!
ifconfig $iface up txqueuelen 5
tc qdisc add dev $iface stab overhead 44 linklayer atm root handle 1: hfsc default 50
tc class add dev $iface parent 1: classid 1:1 hfsc sc rate ${UPLOAD}kbit ul rate ${UPLOAD}kbit
tc class add dev $iface parent 1:1 classid 1:10 hfsc sc umax ${UP_SC_VOIP_UMAX}b dmax ${UP_SC_VOIP_DMAX}ms rate ${UP_SC_VOIP_RATE}kbit ul rate ${UP_UL_VOIP_RATE}kbit
tc class add dev $iface parent 1:1 classid 1:20 hfsc rt umax ${UP_RT_PRIO_UMAX}b dmax ${UP_RT_PRIO_DMAX}ms rate ${UP_RT_PRIO_RATE}kbit ls rate ${UP_LS_PRIO_RATE}kbit ul rate ${UP_UL_PRIO_RATE}kbit
tc class add dev $iface parent 1:1 classid 1:30 hfsc ls rate ${UP_LS_NORMAL_RATE}kbit ul rate ${UP_UL_NORMAL_RATE}kbit
tc class add dev $iface parent 1:1 classid 1:40 hfsc ls rate ${UP_LS_P2P_RATE}kbit ul rate ${UP_UL_P2P_RATE}kbit
tc class add dev $iface parent 1:1 classid 1:50 hfsc ls rate ${UP_LS_BULK_RATE}kbit ul rate ${UP_UL_BULK_RATE}kbit
tc qdisc add dev $iface parent 1:10 handle 100: sfq perturb 2 #limit xxx =>128 is the default limit
tc qdisc add dev $iface parent 1:20 handle 200: sfq perturb 2 #limit xxx =>128 is the default limit
tc qdisc add dev $iface parent 1:30 handle 300: red limit $UP_NORMAL_RED_limit min $UP_NORMAL_RED_min max $UP_NORMAL_RED_max avpkt 1000 burst $UP_NORMAL_RED_burst probability $UP_NORMAL_RED_PROB
tc qdisc add dev $iface parent 1:40 handle 400: red limit $UP_P2P_RED_limit min $UP_P2P_RED_min max $UP_P2P_RED_max avpkt 1000 burst $UP_P2P_RED_burst probability $UP_P2P_RED_PROB
tc qdisc add dev $iface parent 1:50 handle 500: red limit $UP_BULK_RED_limit min $UP_BULK_RED_min max $UP_BULK_RED_max avpkt 1000 burst $UP_BULK_RED_burst probability $UP_BULK_RED_PROB
tc filter add dev $iface parent 1: prio 1 protocol ip handle 1 fw flowid 1:10
tc filter add dev $iface parent 1: prio 2 protocol ip handle 2 fw flowid 1:20
tc filter add dev $iface parent 1: prio 3 protocol ip handle 3 fw flowid 1:30
tc filter add dev $iface parent 1: prio 4 protocol ip handle 4 fw flowid 1:40
tc filter add dev $iface parent 1: prio 5 protocol ip handle 5 fw flowid 1:50
tc qdisc add dev ifb0 stab overhead 44 linklayer atm root handle 1: hfsc default 50
tc class add dev ifb0 parent 1: classid 1:1 hfsc sc rate ${DOWNLOAD}kbit ul rate ${DOWNLOAD}kbit
tc class add dev ifb0 parent 1:1 classid 1:10 hfsc sc umax ${DOWN_SC_VOIP_UMAX}b dmax ${DOWN_SC_VOIP_DMAX}ms rate ${DOWN_SC_VOIP_RATE}kbit ul rate ${DOWN_UL_VOIP_RATE}kbit
tc class add dev ifb0 parent 1:1 classid 1:20 hfsc sc umax ${DOWN_RT_PRIO_UMAX}b dmax ${DOWN_RT_PRIO_DMAX}ms rate ${DOWN_RT_PRIO_RATE}kbit ul rate ${DOWN_UL_PRIO_RATE}kbit
tc class add dev ifb0 parent 1:1 classid 1:30 hfsc ls rate ${DOWN_LS_NORMAL_RATE}kbit ul rate ${DOWN_UL_NORMAL_RATE}kbit
tc class add dev ifb0 parent 1:1 classid 1:40 hfsc ls rate ${DOWN_LS_P2P_RATE}kbit ul rate ${DOWN_UL_P2P_RATE}kbit
tc class add dev ifb0 parent 1:1 classid 1:50 hfsc ls rate ${DOWN_LS_BULK_RATE}kbit ul rate ${DOWN_UL_BULK_RATE}kbit
tc qdisc add dev ifb0 parent 1:10 handle 100: sfq perturb 2 #limit xxx =>128 is the default limit
tc qdisc add dev ifb0 parent 1:20 handle 200: sfq perturb 2 #limit xxx =>128 is the default limit
tc qdisc add dev ifb0 parent 1:30 handle 300: red limit $DOWN_NORMAL_RED_limit min $DOWN_NORMAL_RED_min max $DOWN_NORMAL_RED_max avpkt 1000 burst $DOWN_NORMAL_RED_burst probability $DOWN_NORMAL_RED_PROB
tc qdisc add dev ifb0 parent 1:40 handle 400: red limit $DOWN_P2P_RED_limit min $DOWN_P2P_RED_min max $DOWN_P2P_RED_max avpkt 1000 burst $DOWN_P2P_RED_burst probability $DOWN_P2P_RED_PROB
tc qdisc add dev ifb0 parent 1:50 handle 500: red limit $DOWN_BULK_RED_limit min $DOWN_BULK_RED_min max $DOWN_BULK_RED_max avpkt 1000 burst $DOWN_BULK_RED_burst probability $DOWN_BULK_RED_PROB
tc filter add dev ifb0 parent 1: prio 1 protocol ip handle 1 fw flowid 1:10
tc filter add dev ifb0 parent 1: prio 2 protocol ip handle 2 fw flowid 1:20
tc filter add dev ifb0 parent 1: prio 3 protocol ip handle 3 fw flowid 1:30
tc filter add dev ifb0 parent 1: prio 4 protocol ip handle 4 fw flowid 1:40
tc filter add dev ifb0 parent 1: prio 5 protocol ip handle 5 fw flowid 1:50
##########################
##### IPTABLES #####
##########################
iptables -t mangle -F QOS
iptables -t mangle -D FORWARD -o $iface -j QOS
iptables -t mangle -D OUTPUT -o $iface -j QOS
iptables -t mangle -X QOS
insmod ipt_layer7
insmod xt_layer7
insmod ipt_connbytes
insmod ipt_tos
insmod ipt_dscp
insmod ipt_length
insmod ipt_CONNMARK
insmod ipt_multiport
iptables -t mangle -N QOS
iptables -t mangle -A FORWARD -o $iface -j QOS
iptables -t mangle -A OUTPUT -o $iface -j QOS
#restore connection mark
iptables -t mangle -A QOS -j CONNMARK --restore-mark
#mark everything before connection mark store
#ICMP packages must by prio
iptables -t mangle -A QOS -s 192.168.0.145 -p icmp -j MARK --set-mark 2
#VoIP packages must be marked
iptables -t mangle -A QOS -p udp -m multiport --sports ${UDP_VOIP} -j MARK --set-mark 1
iptables -t mangle -A QOS -s ${IP_VOIP} -j MARK --set-mark 1
iptables -t mangle -A QOS -d ${IP_VOIP} -j MARK --set-mark 1
#may marked if not yet marked
iptables -t mangle -A QOS -m mark --mark 0 -p tcp -m multiport --dports ${TCP_PRIO} -j MARK --set-mark 2
iptables -t mangle -A QOS -m mark --mark 0 -p udp -m multiport --dports ${UDP_PRIO} -j MARK --set-mark 2
iptables -t mangle -A QOS -m mark --mark 0 -p tcp -m multiport --dports ${TCP_NORMAL} -j MARK --set-mark 3
#P2P traffic
iptables -t mangle -A QOS -s ${IP_P2P} -m mark --mark 0 -p tcp -m multiport --sports ${TCP_P2P} -j MARK --set-mark 4
iptables -t mangle -A QOS -s ${IP_P2P} -m mark --mark 0 -p udp -m multiport --sports ${UDP_P2P} -j MARK --set-mark 4
#bulk traffiek
iptables -t mangle -A QOS -m mark --mark 0 -p tcp --sport ${TCP_BULK} -j MARK --set-mark 5
iptables -t mangle -A QOS -m mark --mark 0 -p udp --sport ${UDP_BULK} -j MARK --set-mark 5
iptables -t mangle -A QOS -m mark --mark 0 -p tcp --dport ${TCP_BULK} -j MARK --set-mark 5
iptables -t mangle -A QOS -m mark --mark 0 -p udp --dport ${UDP_BULK} -j MARK --set-mark 5
#alles moet een mark 3 "normal" krijgen als ze nog niet gemarked zijn. Dit is de enige manier om utorrent te snoeren. By deafault moeten alle pakketen in de P2P class behalve als ze gemarked zijn.
iptables -t mangle -A QOS -m mark --mark 0 -j MARK --set-mark 3
# Save mark onto connection
iptables -t mangle -A QOS -j CONNMARK --save-mark
#reclasify any packets #zeker nog te bekijken welke flags we moeten zetten!!
#iptables -t mangle -A QOS -p tcp -m length --length :128 -m mark ! --mark 4 -m mark ! --mark 5 -m tcp --tcp-flags SYN,RST,ACK ACK -j MARK --set-mark 2
#debugging
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 0 -j LOG --log-prefix mark_0::
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 0 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 1 -j LOG --log-prefix mark_1::
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 1 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 2 -j LOG --log-prefix mark_2::
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 2 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 3 -j LOG --log-prefix mark_3::
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -m mark --mark 3 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A mark_chain -j LOG --log-prefix mark_other::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 0 -j LOG --log-prefix ingress_0::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 0 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 1 -j LOG --log-prefix ingress_1::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 1 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 2 -j LOG --log-prefix ingress_2::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 2 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 3 -j LOG --log-prefix ingress_3::
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -m mark --mark 3 -j ACCEPT
[ $DEBUG -eq 1 ] && iptables -t mangle -A ingress_chain -j LOG --log-prefix ingress_other::
Qdisc hierarchy
(Last edited by TomVH on 17 Jan 2012, 21:38)