[strongSwan] question on prioritizing traffic with iproute2 tc and strongswan

lyle492 at comcast.net lyle492 at comcast.net
Tue Jun 21 00:39:43 CEST 2011

I would like to prioritize certain traffic based on transport
protocol and port number.  When I use tc filter rules that
place the filter on a non-ipsec interface, the prioritization
happens.  When I change the interface to one that has only
ipsec traffic over it, all traffic is then sent from the
"everything else" queue.  Very simple case: two queues, one 
gets priority over the other, no bandwidth metering or other
complications.  I surmised that tc filters don't
"see" outgoing packets until after encapsulation, when they
are encrypted.  Is this correct?  What is the preferred way
to do this?  Use iptables, mark the traffic and use tc rules
that choose based on this mark instead?

Thank you.


More information about the Users mailing list