Re: Some more test on ingress, ifb, fwmark | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Mandi! John A. Sullivan III In chel di` si favelave... > tc filters can be quite daunting but a quick search on "tc u32 filter" > showed: > http://b42.cz/notes/u32_classifier/ Bingo! a good starting point/reference. I'm really astonished that there's no a real documentation for u32... > I hope that's enough to get you going. Good luck - John I've tried: /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 1 u32 match ip protocol 17 0xff match ip dport 22001 0xffff flowid 1:10 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 1 u32 match ip protocol 17 0xff match ip dport 22027 0xffff flowid 1:10 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 2 u32 match ip protocol 17 0xff match ip sport 22005 0xffff flowid 1:10 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 2 u32 match ip protocol 6 0xff match ip sport 22 0xffff flowid 1:20 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 2 u32 match ip protocol 6 0xff match ip dport 22 0xffff flowid 1:20 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 3 u32 match ip protocol 17 0xff match ip sport 80 0xffff flowid 1:30 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 3 u32 match ip protocol 17 0xff match ip dport 80 0xffff flowid 1:30 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 3 u32 match ip protocol 17 0xff match ip sport 443 0xffff flowid 1:30 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 3 u32 match ip protocol 17 0xff match ip dport 443 0xffff flowid 1:30 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 3 u32 match ip sport 53 0xffff flowid 1:30 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 3 u32 match ip dport 53 0xffff flowid 1:30 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 4 u32 match ip protocol 6 0xff match ip sport 25 0xffff flowid 1:40 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 4 u32 match ip protocol 6 0xff match ip dport 25 0xffff flowid 1:40 /sbin/tc filter add dev ifb1 parent 1:0 protocol ip prio 5 u32 match ip dst 0.0.0.0/0 flowid 1:50 but match are rather than optimal, seems to me that match on UDP protocols works on TCP not. Anyway, most of the traffic goes to last, catch-all class. I've to read carefully out link, but for now really i don't understood this ''warning'': ip sport <VALUE> <MASK> Matches the 16 bit source port in a TCP or UDP IPv4 packet. This only works if the ip header contains no options. Use the "link" and "match tcp src" or "match udp src" options if you can not be sure of that. Somenone can explain me? Thanks. PS: if i want to test the filters seems to me that the only way is redirecting traffic on a ifb interface, and looking with tcpdump what flow. There's better strategies? -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA) -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html