From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alejandro Ramos Encinosa Date: Wed, 02 May 2007 15:20:58 +0000 Subject: Re: [LARTC] tc u32 match !port Message-Id: <200705021520.58773.alex@uh.cu> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org On Wednesday 02 May 2007 10:36, Salatiel Filho wrote: > How can i redirect all traffic that not come from port 80 to a flow ? > > i was thing about some like > > tc filter add dev imq1 parent 1: protocol ip prio 7 u32 match ip sport > !80 ...... Maybe you should try with iptables/tc solution: iptables -t -A -p tcp --sport ! 80 0xffff -j MARK --set-mar= k 5 tc filter add dev imq1 parent 1: handle 5 fw flowid ... > > But this not work. > > Another doubt, if i have two rules that intersects , for example , > one filter with u32 match ip src 10.10.10.10 flowid 1:10 > and other with u32 match sport 80 0xffff flowid 1:11 , which one will > work in case of a packet to 10.10.10.10 with sport 80 ??? >From all filters in the current tc node, those with current priority, will = match in the same order you declare them. Maybe you want to do something=20 like: |-------------| | 10.10.10.10 | |-------------| / \ / \ |---------| |----------| | default | | sport 80 | |---------| |----------| then you will have the traffic from 10.10.10.10 going to the subtree root, = and=20 the traffic that also has port 80 as source, will go to the right child of = the tree. Maybe the rules will like as the following: iptables -t mangle -A PREROUTING -s 10.10.10.10 -j MARK --set-mark 4 ... // parent (node 10.10.10.10 on *figure*) tc class add dev imq1 parent 1:1 classid 1:10 htb rate ... // "default" node=20 tc class add dev imq1 parent 1:10 classid 1:11 htb rate ... // "sport 80" node tc class add dev imq1 parent 1:10 classid 1:12 htb rate ... ... // filter to match the traffic that will go to "sport 80" node tc filter add dev imq1 protocol ip parent 1: prio 1 u32 match ip src=20 10.10.10.10 match ip sport 80 0xffff flowid 1:20 // filter to match the rest of the traffic from 10.10.10.10 (going=20 to "default") tc filter add dev imq1 protocol ip parent 1: prio 1 u32 match ip src=20 10.10.10.10 flowid 1:20 --=20 Alejandro Ramos Encinosa Fac. Matem=E1tica Computaci=F3n Universidad de La Habana _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc