[netfilter-cvslog] r6422 - in trunk/patch-o-matic-ng/patchlets/IPMARK: . linux/Documentation linux/include/linux/netfilter_ipv4 linux/net/ipv4/netfilter linux-2.6/include/linux/netfilter_ipv4 linux-2.6/net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Sat Jan 21 16:13:47 CET 2006


Author: laforge at netfilter.org
Date: 2006-01-21 16:13:44 +0100 (Sat, 21 Jan 2006)
New Revision: 6422

Modified:
   trunk/patch-o-matic-ng/patchlets/IPMARK/help
   trunk/patch-o-matic-ng/patchlets/IPMARK/info
   trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h
   trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd
   trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c
   trunk/patch-o-matic-ng/patchlets/IPMARK/linux/Documentation/Configure.help.ladd
   trunk/patch-o-matic-ng/patchlets/IPMARK/linux/include/linux/netfilter_ipv4/ipt_IPMARK.h
   trunk/patch-o-matic-ng/patchlets/IPMARK/linux/net/ipv4/netfilter/ipt_IPMARK.c
Log:
IPMARK update (Grzegorz Janoszka)


Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/help
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/help	2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/help	2006-01-21 15:13:44 UTC (rev 6422)
@@ -1,8 +1,7 @@
 
   This option adds a `IPMARK' target, which allows you to mark
-  a received packet basing on its IP address. This can replace many
-  mangle/mark entries with only one, if you use firewall based
-  classifier.
+  a received packet basing on its IP address. This can replace even
+  thousands of mangle/mark or tc entries with only one.
 
   This target is to be used inside the mangle table, in the PREROUTING,
   POSTROUTING or FORWARD hooks.
@@ -22,19 +21,24 @@
   to the IP address of the user, e.g.: all packets going to/from 192.168.5.2
   are directed to 1:0502 queue, 192.168.5.12 -> 1:050c etc.
 
-  We have one classifier rule:
-  tc filter add dev eth3 parent 1:0 protocol ip fw
 
-  Earlier we had many rules just like below:
+  Earlier we had thousands of tc filter rules:
+  tc filter add dev eth3 parent 1:0 prio 10 u32 match ip dst 192.168.5.2 flowid 1:502
+  tc filter add dev eth3 parent 1:0 prio 10 u32 match ip dst 192.168.5.3 flowid 1:503
+  ...
+  or thousands of MARK rules (with tc fw classifier):
   iptables -t mangle -A POSTROUTING -o eth3 -d 192.168.5.2 -j MARK
     --set-mark 0x10502
   iptables -t mangle -A POSTROUTING -o eth3 -d 192.168.5.3 -j MARK
     --set-mark 0x10503
   ...
 
-  Using IPMARK target we can replace all the mangle/mark rules with only one:
+  Using IPMARK target we can replace all the mangle/mark rules with ONLY ONE:
   iptables -t mangle -A POSTROUTING -o eth3 -j IPMARK --addr=dst
     --and-mask=0xffff --or-mask=0x10000
+  and all previous tc filter classifier rules with ONLY ONE:
+  tc filter add dev eth3 parent 1:0 protocol ip fw
 
+
   On the routers with hundreds of users there should be significant load
   decrease (e.g. twice).

Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/info
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/info	2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/info	2006-01-21 15:13:44 UTC (rev 6422)
@@ -1,4 +1,6 @@
 Title: iptables IPMARK target
-Author: Grzegorz Janoszka <Grzegorz.Janoszka at pro.onet.pl>
-Status: Works for me
+Author: Grzegorz Janoszka <Grzegorz at Janoszka.pl>
+Status: Stable
 Repository: extra
+Recompile: kernel
+

Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux/Documentation/Configure.help.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux/Documentation/Configure.help.ladd	2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux/Documentation/Configure.help.ladd	2006-01-21 15:13:44 UTC (rev 6422)
@@ -2,11 +2,15 @@
 IPMARK target support
 CONFIG_IP_NF_TARGET_IPMARK
   This option adds a `IPMARK' target, which allows you to create rules
-  in the `mangle' table which alter the netfilter mark (nfmark) field
-  basing on the source or destination ip address of the packet.
-  This is very useful for very fast massive mangling and marking.
+  in the `mangle' table which alter the netfilter mark field basing
+  on the source or destination ip address of the packet.
+  This is very useful for very fast massive shaping - using only one rule
+  you can direct packets to houndreds different queues.
+  You will probably find it helpful only if your linux machine acts as
+  a shaper for many others computers.
 
   If you want to compile it as a module, say M here and read
-  <file:Documentation/modules.txt>.  If unsure, say `N'.
+  <file:Documentation/modules.txt>. The module will be called
+  ipt_IPMARK.o.  If unsure, say `N'.
 
 

Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux/include/linux/netfilter_ipv4/ipt_IPMARK.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux/include/linux/netfilter_ipv4/ipt_IPMARK.h	2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux/include/linux/netfilter_ipv4/ipt_IPMARK.h	2006-01-21 15:13:44 UTC (rev 6422)
@@ -4,7 +4,7 @@
 struct ipt_ipmark_target_info {
 	unsigned long andmask;
 	unsigned long ormask;
-	unsigned int addr;
+	unsigned char addr;
 };
 
 #define IPT_IPMARK_SRC    0

Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux/net/ipv4/netfilter/ipt_IPMARK.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux/net/ipv4/netfilter/ipt_IPMARK.c	2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux/net/ipv4/netfilter/ipt_IPMARK.c	2006-01-21 15:13:44 UTC (rev 6422)
@@ -1,4 +1,3 @@
-/* This is a module which is used for setting the NFMARK field of an skb. */
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
@@ -7,7 +6,7 @@
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_IPMARK.h>
 
-MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz.Janoszka at pro.onet.pl>");
+MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz at Janoszka.pl>");
 MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
 MODULE_LICENSE("GPL");
 

Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h	2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/include/linux/netfilter_ipv4/ipt_IPMARK.h	2006-01-21 15:13:44 UTC (rev 6422)
@@ -4,7 +4,7 @@
 struct ipt_ipmark_target_info {
 	unsigned long andmask;
 	unsigned long ormask;
-	unsigned int addr;
+	unsigned char addr;
 };
 
 #define IPT_IPMARK_SRC    0

Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd	2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/Kconfig.ladd	2006-01-21 15:13:44 UTC (rev 6422)
@@ -3,9 +3,15 @@
 	depends on IP_NF_MANGLE
 	help
 	  This option adds a `IPMARK' target, which allows you to create rules
-	  in the `mangle' table which alter the netfilter mark (nfmark) field
-	  basing on the source or destination ip address of the packet.
-	  This is very useful for very fast massive mangling and marking.
-	
+	  in the `mangle' table which alter the netfilter mark field basing
+	  on the source or destination ip address of the packet.
+	  This is very useful for very fast massive shaping - using only one
+	  rule you can direct packets to houndreds different queues.
+	  You will probably find it helpful only if your linux machine acts as
+	  a shaper for many others computers.
+
 	  If you want to compile it as a module, say M here and read
-	  <file:Documentation/modules.txt>.  If unsure, say `N'.
+	  <file:Documentation/modules.txt>. The module will be called
+	  ipt_IPMARK.o.  If unsure, say `N'.
+
+

Modified: trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c	2006-01-20 10:12:06 UTC (rev 6421)
+++ trunk/patch-o-matic-ng/patchlets/IPMARK/linux-2.6/net/ipv4/netfilter/ipt_IPMARK.c	2006-01-21 15:13:44 UTC (rev 6422)
@@ -1,4 +1,3 @@
-/* This is a module which is used for setting the NFMARK field of an skb. */
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
@@ -7,7 +6,7 @@
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_IPMARK.h>
 
-MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz.Janoszka at pro.onet.pl>");
+MODULE_AUTHOR("Grzegorz Janoszka <Grzegorz at Janoszka.pl>");
 MODULE_DESCRIPTION("IP tables IPMARK: mark based on ip address");
 MODULE_LICENSE("GPL");
 




More information about the netfilter-cvslog mailing list