I've read many things on this forum and I've track carefully the packet flow, but one thing are still missing. The physical interface rules. Probably it's on the hardware, but try to figure out how can I bridge 5 interfaces on a CCR-1036 6.7, setup a DHCP Server attached to the bridge and control the HTB using the etherX entry. Refering to the scenario PacketFlowDiagram_v6_example1.2.jpg, I've put somes traces (packet log) following the decisions:
There is my config, it's a vanilla one
add l2mtu=1590 name=BR_TEST
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/interface bridge filter
add action=mark-packet chain=input in-interface=ether1 new-packet-mark=PACKET_ETH1_UPLOAD
add action=mark-packet chain=output new-packet-mark=PACKET_ETH1_DOWNLOAD out-interface=ether1
/interface bridge port
add bridge=BR_TEST interface=ether1
add bridge=BR_TEST interface=ether3
add bridge=BR_TEST interface=ether4
add bridge=BR_TEST interface=ether5
/interface bridge settings
set allow-fast-path=no use-ip-firewall=yes use-ip-firewall-for-pppoe=no use-ip-firewall-for-vlan=yes
add address=192.168.88.1/24 comment="default configuration" interface=BR_TEST network=192.168.88.0
add default-route-distance=0 dhcp-options=hostname,clientid disabled=no interface=ether2
/ip dns static
add address=192.168.88.1 name=router
/ip firewall filter
add action=log chain=forward log-prefix=FILTER
/ip firewall mangle
add action=log chain=forward log-prefix=PREROUTING
/ip firewall nat
add action=masquerade chain=srcnat
So quickly, I've add a Bridge interface name BR_TEST, with eth1,3,4 and 5, eth2 are my dhcp client into my personal network and I masquerade anything trough this interface.
I've disabled the fast path for the bridge and enabled the IP Firewall options to enter into the ip mangle table and grab somes packets log output, log that I have seen into the LOG window.
I've just realized that the represented interface are the bridge interface BR_TEST and not ether2...
I mean, the traffic are still handled by the physical port, not really, but mabe, the virtual BR_TEST port.
Question #1: It is the chipset who do this?
Always referring the chart, I've add two filter rules into the bridge management and now I can track my interface management.
So I've mark my packets, add it on seperated HTB rules and my download queue dont work...
What I'Ve missing?