[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fw: [LARTC] ingress with u32 filter




----- Original Message -----
From: "Jaya" <mjay@krdl.org.sg>
To: <samudrala@us.ibm.com>
Sent: Saturday, March 24, 2001 8:24 AM
Subject: Re: [LARTC] ingress with u32 filter


> When flowid is specified for a u32 filter that is attached to ingress
qdisc,
> the tc_index will be set to this flowid value. And you can use tcindex
> filters at the egress to classify based on this value. May be that is why
> flowid is mandatory. This feature is useful if you want to remark the
excess
> packets instead of dropping them.
>
> Jaya
>
> ----- Original Message -----
> From: <samudrala@us.ibm.com>
> To: <lartc@mailman.ds9a.nl>; <linux-diffserv@lrc.di.epfl.ch>
> Sent: Saturday, March 24, 2001 5:49 AM
> Subject: Re: [LARTC] ingress with u32 filter
>
>
> >
> >
> > After looking at the example scripts,  the only difference i noticed was
> > that i was not specifying the
> > flowid in my tc filter add command.  When i specified the flowid as :1,
i
> > was able to get ingress policing
> > work with u32 filter.
> >
> > If flowid is a required field for a u32 filter, maybe tc command should
> > return an error.
> >
> > On a unrelated note,  i found that nexthdr option was not working.
> > To match a syn packet, i was able to specify
> >             match u8 0x02 0xff at 33
> > I expected that using nexthdr, this can be specifed as
> >      match u8 0x02 0xff at nexthdr+13
> >
> >
> > I am using 2.4.2 kernel, with the latest iproute2 (001007)
> >
> > Thanks
> > Sridhar
> >
> >
> >
> >
> > Sent by:  lartc-admin@mailman.ds9a.nl
> >
> >
> > To:   lartc@mailman.ds9a.nl, linux-diffserv@lrc.di.epfl.ch
> > cc:
> > Subject:  [LARTC] ingress with u32 filter
> >
> >
> >
> > I could not get u32 filter work with ingress qdisc.
> >
> > I tried the following commands to limit the incoming rate from 10.1.1.1
to
> > 10kbit/s.
> >      tc qdisc add dev eth1 handle ffff:0 ingress
> >      tc filter add dev eth1 parent ffff:0 protocol ip prio 50 u32 match
ip
> > src 10.1.1.1 police rate 10kbit burst 10kbit mtu 1500 drop
> > But looks like the filter is not matching any incoming packets from
> > 10.1.1.1
> > tc -d -s filter is not showing any matched packets.
> >
> > I was able to get this work using iptables and fw filter with the
> following
> > commands.
> >      iptables -A PREROUTING -t mangle -p tcp -s 10.1.1.1 -j
> MARK --set-mark
> > 1
> >      tc qdisc add dev eth1 handle ffff:0 ingress
> >      tc filter add dev eth1 parent ffff:0 protocol ip prio 50 handle 1
fw
> > police rate 10kbit burst 10kbit mtu 1500 drop
> >
> > Is there any restriction that u32 filter cannot be attached to ingress
> > qdisc? Or am i missing something in my configuration.
> >
> > Thanks
> > Sridhar
> >
> >
> >
> >
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
> > http://ds9a.nl/2.4Routing/
> >
> >
> >
> >
>