From: Alejandro Ramos Encinosa <alex@uh.cu>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] tc u32 match !port
Date: Wed, 02 May 2007 15:20:58 +0000 [thread overview]
Message-ID: <200705021520.58773.alex@uh.cu> (raw)
In-Reply-To: <beb91d720705020336u3eaa87bdo25038b72d06dac53@mail.gmail.com>
On Wednesday 02 May 2007 10:36, Salatiel Filho wrote:
> How can i redirect all traffic that not come from port 80 to a flow ?
>
> i was thing about some like
>
> tc filter add dev imq1 parent 1: protocol ip prio 7 u32 match ip sport
> !80 ......
Maybe you should try with iptables/tc solution:
iptables -t <table> -A <chain> -p tcp --sport ! 80 0xffff -j MARK --set-mark 5
tc filter add dev imq1 parent 1: handle 5 fw flowid ...
>
> But this not work.
>
> Another doubt, if i have two rules that intersects , for example ,
> one filter with u32 match ip src 10.10.10.10 flowid 1:10
> and other with u32 match sport 80 0xffff flowid 1:11 , which one will
> work in case of a packet to 10.10.10.10 with sport 80 ???
From all filters in the current tc node, those with current priority, will
match in the same order you declare them. Maybe you want to do something
like:
|-------------|
| 10.10.10.10 |
|-------------|
/ \
/ \
|---------| |----------|
| default | | sport 80 |
|---------| |----------|
then you will have the traffic from 10.10.10.10 going to the subtree root, and
the traffic that also has port 80 as source, will go to the right child of
the tree. Maybe the rules will like as the following:
iptables -t mangle -A PREROUTING -s 10.10.10.10 -j MARK --set-mark 4
...
// parent (node 10.10.10.10 on *figure*)
tc class add dev imq1 parent 1:1 classid 1:10 htb rate ...
// "default" node
tc class add dev imq1 parent 1:10 classid 1:11 htb rate ...
// "sport 80" node
tc class add dev imq1 parent 1:10 classid 1:12 htb rate ...
...
// filter to match the traffic that will go to "sport 80" node
tc filter add dev imq1 protocol ip parent 1: prio 1 u32 match ip src
10.10.10.10 match ip sport 80 0xffff flowid 1:20
// filter to match the rest of the traffic from 10.10.10.10 (going
to "default")
tc filter add dev imq1 protocol ip parent 1: prio 1 u32 match ip src
10.10.10.10 flowid 1:20
--
Alejandro Ramos Encinosa <alex@uh.cu>
Fac. Matemática Computación
Universidad de La Habana
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2007-05-02 15:20 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-02 10:36 [LARTC] tc u32 match !port Salatiel Filho
2007-05-02 15:20 ` Alejandro Ramos Encinosa [this message]
2007-05-03 12:57 ` Andy Furniss
2007-05-05 17:28 ` Salatiel Filho
2007-05-05 18:56 ` Andy Furniss
2007-05-05 19:21 ` Salatiel Filho
2007-05-05 21:38 ` Andy Furniss
2007-05-06 3:29 ` Salatiel Filho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200705021520.58773.alex@uh.cu \
--to=alex@uh.cu \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.