Hello,
I've been trying to rate limit my incomming connections, and, as I
understand, I can do that only with ingress.
So I did a litle test:
tc qdisc add dev eth1 handle ffff: ingress
tc filter add dev eth1 protocol ip parent ffff: prio 50 u32 match ip src \
204.152.189.116 police rate 128kbit burst 10k drop flowid :1
tc qdisc list dev eth1
qdisc ingress ffff: ----------------
tc filter ls dev eth1 parent ffff:
filter protocol ip pref 50 u32
filter protocol ip pref 50 u32 fh 800: ht divisor 1
filter protocol ip pref 50 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid :1
match cc98bd74/ffffffff at 12
The outside interface is eth1.
After I do this, any connection to ftp.kernel.org doesn't work.
Attached is a dump of a connection try to ftp.kernel.org.
Am I doing something wrong here or the problem comes from somewhere else ?
Distrib: gentoo
Kernel ver: 2.4.20-pre6
iproute-20010824 (also tried with iproute2-2.4.7-now-ss020116-try)
Forget about it... it seems I didn't select some options in the kernel.
But shouldn't tc warn me if I don't have them or something... ?