August 16, 2013

IFB network driver problems and questions

We are trying to use the IFB driver for ingress QoS and are having some problems getting it to work for us. Even though I have heard it described as a replacement for IMQ, it appears that it hooks the packets before netfilter and so marks set with iptables are not seen by tc filters on the ifb device. This makes it difficult, and in some cases impossible, to do any kind of complex filtering such as port ranges and many other matches that are easy to do with iptables. So my questions are:
1. Is there any way to set marks with iptables and have them seen in the IFB device after redirection?
2. Is there any way to use IFB as an iptables target the same way you can do a "-j IMQ" target?
3. If the previous answers are "no", then are there any plans to implement those features?

Thanks