ingress rate limiting weirdness (?)

• Next message: syam: "RE: Kernel 2.4.19 Oops error"
• Previous message: Thunder from the hill: "Re: [RFC] Raceless module interface"
• Next in thread: Andrei Ivanov: "Re: ingress rate limiting weirdness (?)"
• Reply: Andrei Ivanov: "Re: ingress rate limiting weirdness (?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,
I've been trying to rate limit my incomming connections, and, as I
understand, I can do that only with ingress.
So I did a litle test:

tc qdisc add dev eth1 handle ffff: ingress
tc filter add dev eth1 protocol ip parent ffff: prio 50 u32 match ip src \
204.152.189.116 police rate 128kbit burst 10k drop flowid :1

tc qdisc list dev eth1
qdisc ingress ffff: ----------------

tc filter ls dev eth1 parent ffff:
filter protocol ip pref 50 u32
filter protocol ip pref 50 u32 fh 800: ht divisor 1
filter protocol ip pref 50 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid :1
  match cc98bd74/ffffffff at 12

The outside interface is eth1.

After I do this, any connection to ftp.kernel.org doesn't work.

Attached is a dump of a connection try to ftp.kernel.org.

Am I doing something wrong here or the problem comes from somewhere else ?

Distrib: gentoo
Kernel ver: 2.4.20-pre6
iproute-20010824 (also tried with iproute2-2.4.7-now-ss020116-try)

• TEXT/plain attachment: trace dump

• Next message: syam: "RE: Kernel 2.4.19 Oops error"
• Previous message: Thunder from the hill: "Re: [RFC] Raceless module interface"
• Next in thread: Andrei Ivanov: "Re: ingress rate limiting weirdness (?)"
• Reply: Andrei Ivanov: "Re: ingress rate limiting weirdness (?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Sep 15 2002 - 22:00:33 EST