From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Martin Zaharinov <micron10@gmail.com>
Cc: Florian Westphal <fw@strlen.de>,
netfilter <netfilter@vger.kernel.org>,
netfilter-devel@vger.kernel.org
Subject: Re: bug report and future request
Date: Thu, 24 Mar 2022 13:20:23 +0100 [thread overview]
Message-ID: <YjxiB6Jk4plpx48G@salvia> (raw)
In-Reply-To: <DB57EE0F-F4CE-4198-89E0-F25ED3C321A5@gmail.com>
On Thu, Mar 24, 2022 at 02:09:25PM +0200, Martin Zaharinov wrote:
> One more update
>
> I try to make rule for limiter in offload mode :
>
> table inet nft-qos-static {
> set limit_ul {
> typeof ip saddr
> flags dynamic
> }
> set limit_dl {
> typeof ip daddr
> flags dynamic
> }
>
> chain upload {
> type filter hook prerouting priority filter ; policy accept;
> ip saddr @limit_ul drop;
> }
>
> chain download {
> type filter hook postrouting priority filter; policy accept;
> ip daddr @limit_dl drop;
>
> }
> flowtable fastnat {
> hook ingress priority filter; devices = { eth0, eth1 };
> }
> chain forward {
> type filter hook forward priority filter; policy accept;
> ip protocol { tcp , udp } flow offload @fastnat;
> }
> }
>
> its not work perfect only upload limit work , download get full channel
>
> in test i set 100mbit up/down upload is stay on ~100mbit , but download up to 250-300mbit (i have this limit be my isp).
>
> the problem is limiter work only for Upload , is it posible to make work on download rule ?
If you want to combine ratelimit/policing with flowtable, then you
have to use the ingress and egress hooks, not prerouting and
postrouting.
Make sure you place the flowtable in a priority that comes after the
priority of your ingress hook.
next prev parent reply other threads:[~2022-03-24 12:20 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-21 20:44 bug report and future request Martin Zaharinov
2022-03-21 21:27 ` Florian Westphal
2022-03-22 7:14 ` Martin Zaharinov
2022-03-22 10:32 ` Florian Westphal
2022-03-22 22:55 ` Martin Zaharinov
2022-03-24 7:52 ` Martin Zaharinov
2022-03-24 12:09 ` Martin Zaharinov
2022-03-24 12:20 ` Pablo Neira Ayuso [this message]
2022-03-24 12:23 ` Martin Zaharinov
2022-03-24 21:43 ` Martin Zaharinov
2022-04-05 14:12 ` Martin Zaharinov
2022-04-05 14:12 ` Martin Zaharinov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YjxiB6Jk4plpx48G@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=micron10@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.