verze.1:
Pro shapovani 'downstreamu' pridat dalsi IMQ zarizeni a presmerovat na nej vsechny pakety odchazejici ne-inetovymi zarizenimi. Na toto IMQ pak povesit qdiscy pro download(htb - omezit pod 2mbit + esfq hash dst).
Shapovani pro upstream:
- markovat packety+htb?
- patchnout jadro, aby paket prosel IMQ jeste pred natem a pouzit esfq?
- udelat to stejne jak pro downstream -> pridat na ne-inetove ifacy pravidla co hodi traffic na public adresy na dalsi IMQ na kterem se pouzije esfq(+htb strop)?
verze.2:
Patchnout jadro tak, aby v postroutingu sly pakety na IMQ jeste pred NATem a v preroutingu az po NATu. Pridat zvlast IMQ pro ingress a egress na eth5 a povesit na to htb, ktere se vygeneruje ze seznamu IP.
postup:
- kernel 2.4.29 patchnout: IMQ, IMQnat(asi rucne), esfq
- make oldconfig + make menuconfig, prohlidnout to a pridat initrd
- ...
[http://www.shorewall.net/images/Netfilter.png]
- Linux IMQ http://www.linuximq.net
- Kernel Packet Traveling Diagram http://www.docum.org/docum.org/kptd/
- IMQ Alternative Hooking Patch http://www.linuximq.net/patchs/imq-nat.diff
- IMQ FAQ http://wiki.nix.hu/cgi-bin/twiki/view/IMQ/ImqFaq#NeedAltHooking