| First thing to be noted here is the use of iptables instead of
ipchains. In the original example they use
ipchains -A input, but in our
implementation we use iptables -A
FORWARD because we are trying to implement a router. Packets,
then, are not going to enter the router to the upper layers, but instead
they will be forwarded directly from interface eth2 to interface
eth1. In the FORWARD's iptables chain, every packet coming from
the network selected will be marked (not the packet itself, but the fw
field in the packet's buffer) as 1, 2 or 3 to indicate its origin.
iptables rules are treated in the same sequence as they were included.
Then, first command marks all packets from network 10.2/24 as fw 3;
second command picks just packets from host 10.2.0.24 and mark them
as fw 1; and third command picks just packets from host 10.2.0.3
and mark them as fw 2. |
| |
| In the eth1 output interface a DSMARK queuing discipline is
configured. When a packet enters this discipline its DS field value
is copied onto the skb->tc_index
field. This is not really necessary in this case because the final class
selection will be done using the fw classifier, not the tcindex
classifier. This example then goes fine by omitting set_tc_index in
the DSMARK's command. |
| |
| To continue, the fw classifier is invoked now. This classifier reads
the fw field on the packet's buffer and depending of its value (1,
2, or 3), returns classes 1, 2, or 3 to the dsmark queuing
discipline respectively, which in turn sets the
skb->tc_index value as 1,
2 or 3 respectively. This because according to the filter commands
above, the fw value was set the same as the minor part of the
classid value. |
| |
| Let's explain this very clearly, the command:
...handle 1 fw classid 1:1,
returns the classid 1:1, which dsmark uses to set the
skb->tc_index field as 1
for packets whose fw field value is 1. But, we could have
written: ...handle 1 fw classid
1:2, and then the classid 1:2 will be returned, which
dsmark will use to set the
skb->tc_index field as 2 for packets whose fw field
value is 1. Be very careful with this. |
| |
| Well, being here our assignment has been fulfilled; i.e.,
skb->tc_index field value is
set according to the packet's source network. This means, any packet from
host 10.2.0.24 has its
skb->tc_index field set to 1, any packet from host
10.2.0.3 has its skb->tc_index
field set to 2, and rest of packets from network 10.2/24 have
their skb->tc_index field
set to 3. |
| |
| Final work is done by the DSMARK queuing discipline classes. Packets
having marked their skb->tc_index
field as 1, 2, or 3 will be placed in the corresponding dsmark
classes 1:1, 1:2, or 1:3 respectively. Being in the classes, when
they leave the dsmark queuing discipline, their DS field will
be set to 0xb8, 0x28, or 0x48, respectively (but
preserving the ecn bits), which will correspond to differentiated service
classes EF, AF11 and AF21, again, respectively. |
|
|
|
|
