Using netem on traffic filtered by iptables
Clash Royale CLAN TAG#URR8PPP
0
I would like to use netem for only partion of the traffic on bridge.
Edit 1
So, I was able to figure out at least something.
tc qdisc del dev eth0.1 root
tc qdisc add dev eth0.1 root handle 1: prio
tc qdisc add dev eth0.1 parent 1:3 handle 30: netem delay 500ms
Hovewer, I'm not able to make a fwmark filter on this. If I try to -j MARK --set-mark 6, I'm unable to filter it using tc filter:
tc filter add dev eth0.1 parent 1:0 u32 match mark 0x0006 0x0006 flowid 1:3
When I enter filter directly into tc filter, packets are being delayed (proof that that filtering works). When I use -j DROP in iptables, the packets are being dropped (proof that iptables is matching the packets).
But still, I'm not able to combine it.
linux iptables tc
asked Jan 7 at 14:32
Mike S.Mike S.
1011
|
show 2 more comments
0
I would like to use netem for only partion of the traffic on bridge.
Edit 1
So, I was able to figure out at least something.
tc qdisc del dev eth0.1 root
tc qdisc add dev eth0.1 root handle 1: prio
tc qdisc add dev eth0.1 parent 1:3 handle 30: netem delay 500ms
Hovewer, I'm not able to make a fwmark filter on this. If I try to -j MARK --set-mark 6, I'm unable to filter it using tc filter:
tc filter add dev eth0.1 parent 1:0 u32 match mark 0x0006 0x0006 flowid 1:3
When I enter filter directly into tc filter, packets are being delayed (proof that that filtering works). When I use -j DROP in iptables, the packets are being dropped (proof that iptables is matching the packets).
But still, I'm not able to combine it.
linux iptables tc
asked Jan 7 at 14:32
Mike S.Mike S.
1011
Are you aware that netem is working on egress (output) only (workarounds exist)? Hoping this can be done with iptables alone (ie: without ebtables), your iptables rule must match outgoing packets
– A.B
Jan 7 at 18:17
Hello. The problem is not in iptables rule or in netem. The problem is matching packets in iptables to be processed by netem. iptables as such works (I can drop packets without problem) and also netem works OK (I can delay all passing packets). So, the only thing I want to solve is marking packet in iptables and delaying that marked packet.
– Mike S.
Jan 7 at 22:09
all you said is true. that doesn't change what I said. Please add your (complete) iptables rules in the question.
– A.B
Jan 7 at 22:25
Okay, your question was on the right place. I came to it few minutes ago, flushed all iptables (I wanted to test it simple) and ... then I realized I'm marking packets matched by physdev-in and trying to delay them by qdisc - thus on output. Why I'm always making so stupid mistakes? :)
– Mike S.
Jan 8 at 17:08
Should I make an answer or should I just delete this?
– Mike S.
Jan 8 at 17:08
|
show 2 more comments
0
0
0
I would like to use netem for only partion of the traffic on bridge.
Edit 1
So, I was able to figure out at least something.
tc qdisc del dev eth0.1 root
tc qdisc add dev eth0.1 root handle 1: prio
tc qdisc add dev eth0.1 parent 1:3 handle 30: netem delay 500ms
Hovewer, I'm not able to make a fwmark filter on this. If I try to -j MARK --set-mark 6, I'm unable to filter it using tc filter:
tc filter add dev eth0.1 parent 1:0 u32 match mark 0x0006 0x0006 flowid 1:3
When I enter filter directly into tc filter, packets are being delayed (proof that that filtering works). When I use -j DROP in iptables, the packets are being dropped (proof that iptables is matching the packets).
But still, I'm not able to combine it.
linux iptables tc
asked Jan 7 at 14:32
Mike S.Mike S.
1011
I would like to use netem for only partion of the traffic on bridge.
Edit 1
So, I was able to figure out at least something.
tc qdisc del dev eth0.1 root
tc qdisc add dev eth0.1 root handle 1: prio
tc qdisc add dev eth0.1 parent 1:3 handle 30: netem delay 500ms
Hovewer, I'm not able to make a fwmark filter on this. If I try to -j MARK --set-mark 6, I'm unable to filter it using tc filter:
tc filter add dev eth0.1 parent 1:0 u32 match mark 0x0006 0x0006 flowid 1:3
When I enter filter directly into tc filter, packets are being delayed (proof that that filtering works). When I use -j DROP in iptables, the packets are being dropped (proof that iptables is matching the packets).
But still, I'm not able to combine it.
linux iptables tc
linux iptables tc
asked Jan 7 at 14:32
Mike S.Mike S.
1011
asked Jan 7 at 14:32
Mike S.Mike S.
1011
edited Jan 7 at 16:43
Mike S.
asked Jan 7 at 14:32
Mike S.Mike S.
1011
asked Jan 7 at 14:32
Mike S.Mike S.
1011
asked Jan 7 at 14:32
Mike S.Mike S.
1011
1011
Are you aware that netem is working on egress (output) only (workarounds exist)? Hoping this can be done with iptables alone (ie: without ebtables), your iptables rule must match outgoing packets
– A.B
Jan 7 at 18:17
Hello. The problem is not in iptables rule or in netem. The problem is matching packets in iptables to be processed by netem. iptables as such works (I can drop packets without problem) and also netem works OK (I can delay all passing packets). So, the only thing I want to solve is marking packet in iptables and delaying that marked packet.
– Mike S.
Jan 7 at 22:09
all you said is true. that doesn't change what I said. Please add your (complete) iptables rules in the question.
– A.B
Jan 7 at 22:25
Okay, your question was on the right place. I came to it few minutes ago, flushed all iptables (I wanted to test it simple) and ... then I realized I'm marking packets matched by physdev-in and trying to delay them by qdisc - thus on output. Why I'm always making so stupid mistakes? :)
– Mike S.
Jan 8 at 17:08
Should I make an answer or should I just delete this?
– Mike S.
Jan 8 at 17:08
|
show 2 more comments
Are you aware that netem is working on egress (output) only (workarounds exist)? Hoping this can be done with iptables alone (ie: without ebtables), your iptables rule must match outgoing packets
– A.B
Jan 7 at 18:17
Hello. The problem is not in iptables rule or in netem. The problem is matching packets in iptables to be processed by netem. iptables as such works (I can drop packets without problem) and also netem works OK (I can delay all passing packets). So, the only thing I want to solve is marking packet in iptables and delaying that marked packet.
– Mike S.
Jan 7 at 22:09
all you said is true. that doesn't change what I said. Please add your (complete) iptables rules in the question.
– A.B
Jan 7 at 22:25
Okay, your question was on the right place. I came to it few minutes ago, flushed all iptables (I wanted to test it simple) and ... then I realized I'm marking packets matched by physdev-in and trying to delay them by qdisc - thus on output. Why I'm always making so stupid mistakes? :)
– Mike S.
Jan 8 at 17:08
Should I make an answer or should I just delete this?
– Mike S.
Jan 8 at 17:08
Are you aware that netem is working on egress (output) only (workarounds exist)? Hoping this can be done with iptables alone (ie: without ebtables), your iptables rule must match outgoing packets
– A.B
Jan 7 at 18:17
Are you aware that netem is working on egress (output) only (workarounds exist)? Hoping this can be done with iptables alone (ie: without ebtables), your iptables rule must match outgoing packets
– A.B
Jan 7 at 18:17
Hello. The problem is not in iptables rule or in netem. The problem is matching packets in iptables to be processed by netem. iptables as such works (I can drop packets without problem) and also netem works OK (I can delay all passing packets). So, the only thing I want to solve is marking packet in iptables and delaying that marked packet.
– Mike S.
Jan 7 at 22:09
Hello. The problem is not in iptables rule or in netem. The problem is matching packets in iptables to be processed by netem. iptables as such works (I can drop packets without problem) and also netem works OK (I can delay all passing packets). So, the only thing I want to solve is marking packet in iptables and delaying that marked packet.
– Mike S.
Jan 7 at 22:09
all you said is true. that doesn't change what I said. Please add your (complete) iptables rules in the question.
– A.B
Jan 7 at 22:25
all you said is true. that doesn't change what I said. Please add your (complete) iptables rules in the question.
– A.B
Jan 7 at 22:25
Okay, your question was on the right place. I came to it few minutes ago, flushed all iptables (I wanted to test it simple) and ... then I realized I'm marking packets matched by physdev-in and trying to delay them by qdisc - thus on output. Why I'm always making so stupid mistakes? :)
– Mike S.
Jan 8 at 17:08
Okay, your question was on the right place. I came to it few minutes ago, flushed all iptables (I wanted to test it simple) and ... then I realized I'm marking packets matched by physdev-in and trying to delay them by qdisc - thus on output. Why I'm always making so stupid mistakes? :)
– Mike S.
Jan 8 at 17:08
Should I make an answer or should I just delete this?
– Mike S.
Jan 8 at 17:08
Should I make an answer or should I just delete this?
– Mike S.
Jan 8 at 17:08
|
show 2 more comments
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493007%2fusing-netem-on-traffic-filtered-by-iptables%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f493007%2fusing-netem-on-traffic-filtered-by-iptables%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Are you aware that netem is working on egress (output) only (workarounds exist)? Hoping this can be done with iptables alone (ie: without ebtables), your iptables rule must match outgoing packets
– A.B
Jan 7 at 18:17
Hello. The problem is not in iptables rule or in netem. The problem is matching packets in iptables to be processed by netem. iptables as such works (I can drop packets without problem) and also netem works OK (I can delay all passing packets). So, the only thing I want to solve is marking packet in iptables and delaying that marked packet.
– Mike S.
Jan 7 at 22:09
all you said is true. that doesn't change what I said. Please add your (complete) iptables rules in the question.
– A.B
Jan 7 at 22:25
Okay, your question was on the right place. I came to it few minutes ago, flushed all iptables (I wanted to test it simple) and ... then I realized I'm marking packets matched by physdev-in and trying to delay them by qdisc - thus on output. Why I'm always making so stupid mistakes? :)
– Mike S.
Jan 8 at 17:08
Should I make an answer or should I just delete this?
– Mike S.
Jan 8 at 17:08