[Openswan Users] Netkey and traffic shaping

Tomasz Grzelak tgrzelak at gmail.com
Thu Mar 26 04:57:13 EDT 2009

2009/3/26 Danilo Godec <danilo.godec at agenda.si>

> Hi,
> we have several hundred machines acting as xDSL routers (among other
> things). These machines are running 2.4.27+ kernels, OpenSwan with KLIPS
> and TC to reserve some bandwidth for mission critical traffic. All
> traffic is encrypted and we also use iptables for more selective access
> control (not everything from and to remote network is allowed).
> For reasons that are out of our hands we will need to move to a more
> recent kernel - 2.6.xx and NETKEY. However the need for bandwidth
> reservation and refined access control is still there.
> Is it possible to use TC to shape traffic before it is encrypted?


Just an idea - how about marking incoming packets, and shaping the outgoing
traffic basing upon the marks?
This should do the work.
In iptables the MARK target should be used, and in tc the fw filter.

B. Regards,
Tomasz Grzelak
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090326/6b0b9bd6/attachment.html 

More information about the Users mailing list