Comment 14 for bug 194623

0 root@kontiki:~/bin#cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu hardy (development branch)"
0 root@kontiki:~/bin#modprobe sch_ingress
0 root@kontiki:~/bin#modprobe cls_fw
0 root@kontiki:~/bin#tc qdisc del dev eth1 ingress
0 root@kontiki:~/bin#tc qdisc add dev eth1 handle ffff: ingress
0 root@kontiki:~/bin# tc filter add dev eth1 parent ffff: protocol ip prio 50 u32 match ip dst 192.168.172.0/16 police rate 64kbit burst 15k drop flowid :1
What is "flowid"?
Illegal "police"
0 root@kontiki:~/bin# tc filter add dev eth1 parent ffff: protocol ip prio 50 u32 match ip dst 192.168.172.0/16 police rate 64kbit burst 15k drop
0 root@kontiki:~/bin#tc filter add dev eth1 parent ffff: protocol ip prio 50 u32 match ip dst 172.18.172.0/16 police rate 128kbit burst 20k drop
0 root@kontiki:~/bin#tc -s -d qdisc
qdisc pfifo_fast 0: dev eth0 root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 771955 bytes 15652 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev eth1 root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 2036007917 bytes 6082709 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: dev eth1 parent ffff:fff1 ----------------
 Sent 1807867 bytes 3563 pkt (dropped 0, overlimits 0 requeues 0)
 rate 0bit 0pps backlog 0b 0p requeues 0

Above nevers shows dropped > 0.

References:
1 http://<email address hidden>/msg27754.html
2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=45853
3 http://bugs.gentoo.org/show_bug.cgi?id=213624
4 http://www.shorewall.com.au/3.4/shorewall-3.4.7/errata/patches/Shorewall/patch-3.4.7-2.diff

As Hardy stable release is imminent, should it not revert, patch, or upgrade this week?
A hardy LTS server should be able to use tc, wonderhsaper, especially as many people
rely on very basic ingress limiting for non port-80 traffic (which can be handled by squid buckets).