I'm looking to set-up traffic shaping program that limits both incoming and outgoing traffic based on 6-bit DSCP field in IPv4 packet header. The user should be able to specify different rates for different DSCP values. I am using tc and iptables to do so.
So far, I've tried the following process for shaping outgoing traffic. I mark incoming packets based on their DSCP values and then filter these packets to specific classes with different rates that would be specified by the user. I would have a marking and class for each of the possible DSCP values. Is the following method for shaping outgoing traffic valid?
iptables -t mangle -A PREROUTING -m dscp --dscp <value> -j MARK --set-mark <value>
tc filter add dev eth0 parent 1:0 protocol ip handle <value> fw classid 1:<value>
tc qdisc add dev eth0 root handle 1: htb default <default class>
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit ceil 100mbit
tc class add dev eth0 parent 1:1 classid 1:<value> htb rate <user specified rate>mbit ceil 100mbit
However, I'm having some difficulty shaping incoming traffic using a similar process. The approaches I have so far are described in this link: Tc: ingress policing and ifb mirroring. However, my concern seems to that ingress traffic is forwarded before the marking done by iptables. This would mean all the traffic for ifb0 would be forwarded to the default class.
Is there a way to filter packets based on their DSCP marks without using iptables, just using tc (or a different process)?
Furthermore, are there other methods to limit incoming traffic? I believe that the ingress qdisc does not have class capabilities, which makes it difficult for me to have specific rates for different DSCP values.
