[netfilter-cvslog] r6422 - in
trunk/patch-o-matic-ng/patchlets/IPMARK: .
linux/Documentation linux/include/linux/netfilter_ipv4
linux/net/ipv4/netfilter linux-2.6/include/linux/netfilter_ipv4
linux-2.6/net/ipv4/netfilter
laforge at netfilter.org
laforge at netfilter.org
Sat Jan 21 16:13:47 CET 2006
Author: laforge at netfilter.org
Date: 2006-01-21 16:13:44 +0100 (Sat, 21 Jan 2006)
New Revision: 6422
Modified:
trunk/patch-o-matic-ng/patchlets/IPMARK/help
trunk/patch-o-matic-ng/patchlets/IPMARK/info
trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h
trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd
trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c
trunk/patch-o-matic-ng/patchlets/IPMARK/linux/Documentation/Configure.help.ladd
trunk/patch-o-matic-ng/patchlets/IPMARK/linux/include/linux/netfilter_ipv4/ipt_IPMARK.h
trunk/patch-o-matic-ng/patchlets/IPMARK/linux/net/ipv4/netfilter/ipt_IPMARK.c
Log:
IPMARK update (Grzegorz Janoszka)
Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/help
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/help 2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/help 2006-01-21 15:13:44 UTC (rev 6422)
@@ -1,8 +1,7 @@
This option adds a `IPMARK' target, which allows you to mark
- a received packet basing on its IP address. This can replace many
- mangle/mark entries with only one, if you use firewall based
- classifier.
+ a received packet basing on its IP address. This can replace even
+ thousands of mangle/mark or tc entries with only one.
This target is to be used inside the mangle table, in the PREROUTING,
POSTROUTING or FORWARD hooks.
@@ -22,19 +21,24 @@
to the IP address of the user, e.g.: all packets going to/from 192.168.5.2
are directed to 1:0502 queue, 192.168.5.12 -> 1:050c etc.
- We have one classifier rule:
- tc filter add dev eth3 parent 1:0 protocol ip fw
- Earlier we had many rules just like below:
+ Earlier we had thousands of tc filter rules:
+ tc filter add dev eth3 parent 1:0 prio 10 u32 match ip dst 192.168.5.2 flowid 1:502
+ tc filter add dev eth3 parent 1:0 prio 10 u32 match ip dst 192.168.5.3 flowid 1:503
+ ...
+ or thousands of MARK rules (with tc fw classifier):
iptables -t mangle -A POSTROUTING -o eth3 -d 192.168.5.2 -j MARK
--set-mark 0x10502
iptables -t mangle -A POSTROUTING -o eth3 -d 192.168.5.3 -j MARK
--set-mark 0x10503
...
- Using IPMARK target we can replace all the mangle/mark rules with only one:
+ Using IPMARK target we can replace all the mangle/mark rules with ONLY ONE:
iptables -t mangle -A POSTROUTING -o eth3 -j IPMARK --addr=dst
--and-mask=0xffff --or-mask=0x10000
+ and all previous tc filter classifier rules with ONLY ONE:
+ tc filter add dev eth3 parent 1:0 protocol ip fw
+
On the routers with hundreds of users there should be significant load
decrease (e.g. twice).
Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/info
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/info 2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/info 2006-01-21 15:13:44 UTC (rev 6422)
@@ -1,4 +1,6 @@
Title: iptables IPMARK target
-Author: Grzegorz Janoszka <Grzegorz.Janoszka at pro.onet.pl>
-Status: Works for me
+Author: Grzegorz Janoszka <Grzegorz at Janoszka.pl>
+Status: Stable
Repository: extra
+Recompile: kernel
+
Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux/Documentation/Configure.help.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux/Documentation/Configure.help.ladd 2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux/Documentation/Configure.help.ladd 2006-01-21 15:13:44 UTC (rev 6422)
@@ -2,11 +2,15 @@
IPMARK target support
CONFIG_IP_NF_TARGET_IPMARK
This option adds a `IPMARK' target, which allows you to create rules
- in the `mangle' table which alter the netfilter mark (nfmark) field
- basing on the source or destination ip address of the packet.
- This is very useful for very fast massive mangling and marking.
+ in the `mangle' table which alter the netfilter mark field basing
+ on the source or destination ip address of the packet.
+ This is very useful for very fast massive shaping - using only one rule
+ you can direct packets to houndreds different queues.
+ You will probably find it helpful only if your linux machine acts as
+ a shaper for many others computers.
If you want to compile it as a module, say M here and read
- <file:Documentation/modules.txt>. If unsure, say `N'.
+ <file:Documentation/modules.txt>. The module will be called
+ ipt_IPMARK.o. If unsure, say `N'.
Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux/include/linux/netfilter_ipv4/ipt_IPMARK.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux/include/linux/netfilter_ipv4/ipt_IPMARK.h 2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux/include/linux/netfilter_ipv4/ipt_IPMARK.h 2006-01-21 15:13:44 UTC (rev 6422)
@@ -4,7 +4,7 @@
struct ipt_ipmark_target_info {
unsigned long andmask;
unsigned long ormask;
- unsigned int addr;
+ unsigned char addr;
};
#define IPT_IPMARK_SRC 0
Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux/net/ipv4/netfilter/ipt_IPMARK.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux/net/ipv4/netfilter/ipt_IPMARK.c 2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux/net/ipv4/netfilter/ipt_IPMARK.c 2006-01-21 15:13:44 UTC (rev 6422)
@@ -1,4 +1,3 @@
-/* This is a module which is used for setting the NFMARK field of an skb. */
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
@@ -7,7 +6,7 @@
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_IPMARK.h>
-MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz.Janoszka at pro.onet.pl>");
+MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz at Janoszka.pl>");
MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
MODULE_LICENSE("GPL");
Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h 2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h 2006-01-21 15:13:44 UTC (rev 6422)
@@ -4,7 +4,7 @@
struct ipt_ipmark_target_info {
unsigned long andmask;
unsigned long ormask;
- unsigned int addr;
+ unsigned char addr;
};
#define IPT_IPMARK_SRC 0
Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd 2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd 2006-01-21 15:13:44 UTC (rev 6422)
@@ -3,9 +3,15 @@
depends on IP_NF_MANGLE
help
This option adds a `IPMARK' target, which allows you to create rules
- in the `mangle' table which alter the netfilter mark (nfmark) field
- basing on the source or destination ip address of the packet.
- This is very useful for very fast massive mangling and marking.
-
+ in the `mangle' table which alter the netfilter mark field basing
+ on the source or destination ip address of the packet.
+ This is very useful for very fast massive shaping - using only one
+ rule you can direct packets to houndreds different queues.
+ You will probably find it helpful only if your linux machine acts as
+ a shaper for many others computers.
+
If you want to compile it as a module, say M here and read
- <file:Documentation/modules.txt>. If unsure, say `N'.
+ <file:Documentation/modules.txt>. The module will be called
+ ipt_IPMARK.o. If unsure, say `N'.
+
+
Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c 2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c 2006-01-21 15:13:44 UTC (rev 6422)
@@ -1,4 +1,3 @@
-/* This is a module which is used for setting the NFMARK field of an skb. */
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
@@ -7,7 +6,7 @@
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_IPMARK.h>
-MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz.Janoszka at pro.onet.pl>");
+MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz at Janoszka.pl>");
MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
MODULE_LICENSE("GPL");
More information about the netfilter-cvslog
mailing list