Em 24/08/2011, às 11:28, Jared Mauch <ja...@puck.nether.net> escreveu:
> > On Aug 24, 2011, at 6:06 AM, Brian Raaen wrote: > >> The only issue with this is that the Linux box is not acting as a router, >> but as the egress devices. I'm trying to figure out how to properly get my >> application to 'color' the traffic. standard BSD sockets appear to have no >> concept of 'Labels'. Still seeing what I can do to match the traffic. I am >> probably going to see if I can work out a hack with the development team to >> use DSCP values to tag the traffic and then act accordingly on the ingress >> router. I appreciate all the ideas presented so far. >> > > You can classify this in the OUTPUT or POSTROUTING table with ipchains. Take > a look at the man page for it. There's lots of information online about how > to do this. I recall a sysadmin who I worked with 15 years ago that thought > of routers as the black boxes that got their packets around, but a little bit > of understanding of these lower levels of the kernel/networks will go a long > way. > > Some help: > > INPUT (for packets destined to local sockets) > FORWARD (for packets being routed through the box) > OUTPUT (for locally-generated packets; for altering locally-generated packets > before routing) > PREROUTING (for altering packets as soon as they come in) > POSTROUTING (for altering packets as they are about to go out) > > http://linux-ip.net/html/adv-multi-internet.html should also prove useful in > your research. You likely are going to end up using the localhost > fwmark/mark. Some tools show this number in hex, others decimal, so keep > this in mind during your debug process. More VRF info: http://lartc.org/lartc.html#LARTC.RPDB.SIMPLE -- Eduardo Schoedler
