From mboxrd@z Thu Jan 1 00:00:00 1970 From: Kristiadi Himawan Date: Tue, 13 Dec 2005 02:27:05 +0000 Subject: Re: [LARTC] Marking packets by mac addr using tc filter u32 match? Message-Id: <439E3179.2060402@dtp.net.id> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org it's should be 0x0806 0xffff ? or you have the example how to catch that kind of traffic gypsy wrote: >Kristiadi Himawan wrote: > > >>It's also match to this kind of traffic ? >> >>17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 >>17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 >>17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 >>17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 >> >> > >No. The 'match u16 0x0800 0xffff' says to ignore ARP. > > > >>Lee Sanders wrote: >> >> >> >>>You haven't done a search on past posts... >>> >>>the u32 can be used to match any bit in the ip header. Before the ip header, >>>there is a frame header. In that frame header you can find the src and dst >>>mac address. You can trick the u32 filter in using the frame header if you >>>use negative offsets. >>> >>>Decimal Offset Description >>>-14: DST MAC, 6 bytes >>>-8: SRC MAC, 6 bytes >>>-2: Eth PROTO, 2 bytes, eg. ETH_P_IP >>>0: Protocol header (IP Header) >>> >>>Where PPPP is the Eth Proto Code (from linux/include/linux/if_ether.h): >>>ETH_P_IP= IP = match u16 0x0800 >>>Where your MAC = M0M1M2M3M4M5 >>> >>>Egress (match Dst MAC): >>>... match u16 0xPPPP 0xFFFF at -2 match u32 0xM2M3M4M5 0xFFFFFFFF at -12 match >>>u16 0xM0M1 0xFFFF at -14 >>> >>>Ingress (match Src MAC): >>>... match u16 0xPPPP 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 >>>0xM0M1M2M3 0xFFFFFFFF at -8 >>> >>>The below is simplistic but it works to demonstrate the above. >>> >>>tc qdisc add dev ppp0 root handle 1:0 htb default 20 >>>tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil 128kbit >>> >>>tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit >>>tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil 128kbit >>> >>>tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 >>>tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 >>> >>># My Laptop >>>tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 >>>0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF >>>at -8 flowid 1:10 >>># My Desktop >>>tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 >>>0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF >>>at -8 flowid 1:20 >>># change the MAC's of course. >>> >>>tc -s -d class show dev ppp0 >>>tc -s -d qdisc show dev ppp0 >>>tc -s -d filter show dev ppp0 >>> >>>There you have it. >>> >>>:L >>>_______________________________________________ >>>LARTC mailing list >>>LARTC@mailman.ds9a.nl >>>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >>> >>> >>> >>> >>_______________________________________________ >>LARTC mailing list >>LARTC@mailman.ds9a.nl >>http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >> >> _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc