* [LARTC] Re: Order of 'tc filer'
@ 2007-02-17 18:14 Martin Schiøtz
2007-02-17 18:33 ` Bob Puff
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Martin Schiøtz @ 2007-02-17 18:14 UTC (permalink / raw)
To: lartc
OK - I solved the thing. Using 'prio 0' actually gives the filter a
low priority.
I just used 'prio 1' instead and know I can control the order :-)
- Martin
On 2/17/07, Martin Schiøtz <malinux@gmail.com> wrote:
> Hi
>
> How can I control which filter a packet will meet first?
>
> I have tried changing the order of applying the tc filter scripts and
> switching flowid number, but 'protocol ip u32 match ip src <ip net>
> match ip src 0.0.0.0/0' always kicks in first?
>
> From my script
> --------------------
> # All traffic - Priority: Low
> tc filter add dev eth0 parent 1:0 prio 2 protocol ip u32 match ip src
> <ip net> match ip src 0.0.0.0/0 flowid 1:21
> # Traffic between offices (IPSEC) - Priority: High
> tc filter add dev eth0 parent 1:0 prio 0 protocol ip u32 match ip src
> <ip net> match ip protocol 50 0xff flowid 1:22
>
>
> # tc -s filter show dev eth0
> ----------------------------------
> filter parent 1: protocol ip pref 2 u32
> filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1
> filter parent 1: protocol ip pref 2 u32 fh 800::802 order 2050 key ht
> 800 bkt 0 flowid 1:21 (rule hit 428 success 426)
> match c0000000/e0000000 at 16 (success 426 )
> match 00000000/00000000 at 12 (success 426 )
> filter parent 1: protocol ip pref 49151 u32
> filter parent 1: protocol ip pref 49151 u32 fh 803: ht divisor 1
> filter parent 1: protocol ip pref 49151 u32 fh 803::800 order 2048 key
> ht 803 bkt 0 flowid 1:22 (rule hit 3 success 0)
> match c0000000/e0000000 at 16 (success 0 )
> match 00320000/00ff0000 at 8 (success 0 )
>
> - Martin
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [LARTC] Re: Order of 'tc filer'
2007-02-17 18:14 [LARTC] Re: Order of 'tc filer' Martin Schiøtz
@ 2007-02-17 18:33 ` Bob Puff
2007-02-17 21:39 ` Martin Schiøtz
2007-02-17 22:45 ` Georgy Zhukov
2 siblings, 0 replies; 4+ messages in thread
From: Bob Puff @ 2007-02-17 18:33 UTC (permalink / raw)
To: lartc
This is the reverse of what I believe I have read - you may want to continue
looking. Prio 0 is supposed to be the highest, i believe.
Bob
---------- Original Message -----------
From: "Martin Schiøtz" <malinux@gmail.com>
To: lartc@mailman.ds9a.nl
Sent: Sat, 17 Feb 2007 19:14:46 +0100
Subject: [LARTC] Re: Order of 'tc filer'
> OK - I solved the thing. Using 'prio 0' actually gives the filter a
> low priority.
>
> I just used 'prio 1' instead and know I can control the order :-)
>
> - Martin
>
> On 2/17/07, Martin Schiøtz <malinux@gmail.com> wrote:
> > Hi
> >
> > How can I control which filter a packet will meet first?
> >
> > I have tried changing the order of applying the tc filter scripts and
> > switching flowid number, but 'protocol ip u32 match ip src <ip net>
> > match ip src 0.0.0.0/0' always kicks in first?
> >
> > From my script
> > --------------------
> > # All traffic - Priority: Low
> > tc filter add dev eth0 parent 1:0 prio 2 protocol ip u32 match ip src
> > <ip net> match ip src 0.0.0.0/0 flowid 1:21
> > # Traffic between offices (IPSEC) - Priority: High
> > tc filter add dev eth0 parent 1:0 prio 0 protocol ip u32 match ip src
> > <ip net> match ip protocol 50 0xff flowid 1:22
> >
> >
> > # tc -s filter show dev eth0
> > ----------------------------------
> > filter parent 1: protocol ip pref 2 u32
> > filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1
> > filter parent 1: protocol ip pref 2 u32 fh 800::802 order 2050 key ht
> > 800 bkt 0 flowid 1:21 (rule hit 428 success 426)
> > match c0000000/e0000000 at 16 (success 426 )
> > match 00000000/00000000 at 12 (success 426 )
> > filter parent 1: protocol ip pref 49151 u32
> > filter parent 1: protocol ip pref 49151 u32 fh 803: ht divisor 1
> > filter parent 1: protocol ip pref 49151 u32 fh 803::800 order 2048 key
> > ht 803 bkt 0 flowid 1:22 (rule hit 3 success 0)
> > match c0000000/e0000000 at 16 (success 0 )
> > match 00320000/00ff0000 at 8 (success 0 )
> >
> > - Martin
> >
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
------- End of Original Message -------
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Re: Order of 'tc filer'
2007-02-17 18:14 [LARTC] Re: Order of 'tc filer' Martin Schiøtz
2007-02-17 18:33 ` Bob Puff
@ 2007-02-17 21:39 ` Martin Schiøtz
2007-02-17 22:45 ` Georgy Zhukov
2 siblings, 0 replies; 4+ messages in thread
From: Martin Schiøtz @ 2007-02-17 21:39 UTC (permalink / raw)
To: lartc
I thought so too - maybe I was too fast.
I want too be sure that a packet always first is checked/filtered
against src <ip net> and protocol 50 and if it matches it goes to
flowid 1:21 (prio 0 - high).
Then if it does not match above - it is checked/filtered against src
<ip net> and dst <any ip> and goes to flowid 1:22 (prio 2 - low).
But it seems that a filter with prio 0 always is the last filter to be
checked and filters with prio 1,2,3.... is checked in that same order.
It seem that the order has something to do with the pref value the
filter gets.
prio 1 = pref 1
prio 2 = pref 2
prio 3 = pref 3
...
prio 0 = pref 49151
Anyway I don't think that the prio should have anything to do with the
order of the filtering. If it had I guess that a filter with prio 0
would be first filter to be check.
The question is can I somehow in some reasonable way control the order
of the filtering?
- Martin
On 2/17/07, Bob Puff <bob@nleaudio.com> wrote:
> This is the reverse of what I believe I have read - you may want to continue
> looking. Prio 0 is supposed to be the highest, i believe.
>
> Bob
>
>
> ---------- Original Message -----------
> From: "Martin Schiøtz" <malinux@gmail.com>
> To: lartc@mailman.ds9a.nl
> Sent: Sat, 17 Feb 2007 19:14:46 +0100
> Subject: [LARTC] Re: Order of 'tc filer'
>
> > OK - I solved the thing. Using 'prio 0' actually gives the filter a
> > low priority.
> >
> > I just used 'prio 1' instead and know I can control the order :-)
> >
> > - Martin
> >
> > On 2/17/07, Martin Schiøtz <malinux@gmail.com> wrote:
> > > Hi
> > >
> > > How can I control which filter a packet will meet first?
> > >
> > > I have tried changing the order of applying the tc filter scripts and
> > > switching flowid number, but 'protocol ip u32 match ip src <ip net>
> > > match ip src 0.0.0.0/0' always kicks in first?
> > >
> > > From my script
> > > --------------------
> > > # All traffic - Priority: Low
> > > tc filter add dev eth0 parent 1:0 prio 2 protocol ip u32 match ip src
> > > <ip net> match ip src 0.0.0.0/0 flowid 1:21
> > > # Traffic between offices (IPSEC) - Priority: High
> > > tc filter add dev eth0 parent 1:0 prio 0 protocol ip u32 match ip src
> > > <ip net> match ip protocol 50 0xff flowid 1:22
> > >
> > >
> > > # tc -s filter show dev eth0
> > > ----------------------------------
> > > filter parent 1: protocol ip pref 2 u32
> > > filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1
> > > filter parent 1: protocol ip pref 2 u32 fh 800::802 order 2050 key ht
> > > 800 bkt 0 flowid 1:21 (rule hit 428 success 426)
> > > match c0000000/e0000000 at 16 (success 426 )
> > > match 00000000/00000000 at 12 (success 426 )
> > > filter parent 1: protocol ip pref 49151 u32
> > > filter parent 1: protocol ip pref 49151 u32 fh 803: ht divisor 1
> > > filter parent 1: protocol ip pref 49151 u32 fh 803::800 order 2048 key
> > > ht 803 bkt 0 flowid 1:22 (rule hit 3 success 0)
> > > match c0000000/e0000000 at 16 (success 0 )
> > > match 00320000/00ff0000 at 8 (success 0 )
> > >
> > > - Martin
> > >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> ------- End of Original Message -------
>
>
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [LARTC] Re: Order of 'tc filer'
2007-02-17 18:14 [LARTC] Re: Order of 'tc filer' Martin Schiøtz
2007-02-17 18:33 ` Bob Puff
2007-02-17 21:39 ` Martin Schiøtz
@ 2007-02-17 22:45 ` Georgy Zhukov
2 siblings, 0 replies; 4+ messages in thread
From: Georgy Zhukov @ 2007-02-17 22:45 UTC (permalink / raw)
To: lartc
[-- Attachment #1.1: Type: text/plain, Size: 2690 bytes --]
Same here.
In fact every article I've read recommend the use of prio 0 for
administration purposes only.
On 2/17/07, Bob Puff <bob@nleaudio.com> wrote:
>
> This is the reverse of what I believe I have read - you may want to
> continue
> looking. Prio 0 is supposed to be the highest, i believe.
>
> Bob
>
>
> ---------- Original Message -----------
> From: "Martin Schiøtz" <malinux@gmail.com>
> To: lartc@mailman.ds9a.nl
> Sent: Sat, 17 Feb 2007 19:14:46 +0100
> Subject: [LARTC] Re: Order of 'tc filer'
>
> > OK - I solved the thing. Using 'prio 0' actually gives the filter a
> > low priority.
> >
> > I just used 'prio 1' instead and know I can control the order :-)
> >
> > - Martin
> >
> > On 2/17/07, Martin Schiøtz <malinux@gmail.com> wrote:
> > > Hi
> > >
> > > How can I control which filter a packet will meet first?
> > >
> > > I have tried changing the order of applying the tc filter scripts and
> > > switching flowid number, but 'protocol ip u32 match ip src <ip net>
> > > match ip src 0.0.0.0/0' always kicks in first?
> > >
> > > From my script
> > > --------------------
> > > # All traffic - Priority: Low
> > > tc filter add dev eth0 parent 1:0 prio 2 protocol ip u32 match ip src
> > > <ip net> match ip src 0.0.0.0/0 flowid 1:21
> > > # Traffic between offices (IPSEC) - Priority: High
> > > tc filter add dev eth0 parent 1:0 prio 0 protocol ip u32 match ip src
> > > <ip net> match ip protocol 50 0xff flowid 1:22
> > >
> > >
> > > # tc -s filter show dev eth0
> > > ----------------------------------
> > > filter parent 1: protocol ip pref 2 u32
> > > filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1
> > > filter parent 1: protocol ip pref 2 u32 fh 800::802 order 2050 key ht
> > > 800 bkt 0 flowid 1:21 (rule hit 428 success 426)
> > > match c0000000/e0000000 at 16 (success 426 )
> > > match 00000000/00000000 at 12 (success 426 )
> > > filter parent 1: protocol ip pref 49151 u32
> > > filter parent 1: protocol ip pref 49151 u32 fh 803: ht divisor 1
> > > filter parent 1: protocol ip pref 49151 u32 fh 803::800 order 2048 key
> > > ht 803 bkt 0 flowid 1:22 (rule hit 3 success 0)
> > > match c0000000/e0000000 at 16 (success 0 )
> > > match 00320000/00ff0000 at 8 (success 0 )
> > >
> > > - Martin
> > >
> > _______________________________________________
> > LARTC mailing list
> > LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> ------- End of Original Message -------
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
[-- Attachment #1.2: Type: text/html, Size: 3782 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-02-17 22:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-02-17 18:14 [LARTC] Re: Order of 'tc filer' Martin Schiøtz
2007-02-17 18:33 ` Bob Puff
2007-02-17 21:39 ` Martin Schiøtz
2007-02-17 22:45 ` Georgy Zhukov
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.