From: Michael Davidson <michael@bbd.co.za>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Marking packets by mac addr using tc filter u32 match?
Date: Tue, 13 Dec 2005 10:17:32 +0000 [thread overview]
Message-ID: <439E9FBC.4060701@bbd.co.za> (raw)
In-Reply-To: <BAY107-F3151E7335EBD3E34F2786BD5440@phx.gbl>
Hi,
Forgive me if I point out the obvious. Remember that ARP isn't an
IP protocol it's a peer protocol to IP. In the tc filters shown below
the protocol is IP and the negative offset works on a IP packet but I
suspect that an ARP packet isn't accessible with this technique. If I
ubstitute IP for ARP in the filter statement it isn't accepted.
Regards Mike D.
Kristiadi Himawan wrote:
>
> it's should be 0x0806 0xffff ?
> or you have the example how to catch that kind of traffic
>
> gypsy wrote:
>
>> Kristiadi Himawan wrote:
>>
>>
>>> It's also match to this kind of traffic ?
>>>
>>> 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30
>>> 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1
>>> 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193
>>> 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17
>>>
>>
>>
>> No. The 'match u16 0x0800 0xffff' says to ignore ARP.
>>
>>
>>
>>> Lee Sanders wrote:
>>>
>>>
>>>
>>>> You haven't done a search on past posts...
>>>>
>>>> the u32 can be used to match any bit in the ip header. Before the
>>>> ip header,
>>>> there is a frame header. In that frame header you can find the src
>>>> and dst
>>>> mac address. You can trick the u32 filter in using the frame header
>>>> if you
>>>> use negative offsets.
>>>>
>>>> Decimal Offset Description
>>>> -14: DST MAC, 6 bytes
>>>> -8: SRC MAC, 6 bytes
>>>> -2: Eth PROTO, 2 bytes, eg. ETH_P_IP
>>>> 0: Protocol header (IP Header)
>>>>
>>>> Where PPPP is the Eth Proto Code (from
>>>> linux/include/linux/if_ether.h):
>>>> ETH_P_IP= IP = match u16 0x0800
>>>> Where your MAC = M0M1M2M3M4M5
>>>>
>>>> Egress (match Dst MAC):
>>>> ... match u16 0xPPPP 0xFFFF at -2 match u32 0xM2M3M4M5 0xFFFFFFFF
>>>> at -12 match
>>>> u16 0xM0M1 0xFFFF at -14
>>>>
>>>> Ingress (match Src MAC):
>>>> ... match u16 0xPPPP 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4
>>>> match u32
>>>> 0xM0M1M2M3 0xFFFFFFFF at -8
>>>>
>>>> The below is simplistic but it works to demonstrate the above.
>>>>
>>>> tc qdisc add dev ppp0 root handle 1:0 htb default 20
>>>> tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil
>>>> 128kbit
>>>>
>>>> tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil
>>>> 128kbit
>>>> tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil
>>>> 128kbit
>>>>
>>>> tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10
>>>> tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10
>>>>
>>>> # My Laptop
>>>> tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16
>>>> 0x0800
>>>> 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3
>>>> 0xFFFFFFFF
>>>> at -8 flowid 1:10
>>>> # My Desktop
>>>> tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16
>>>> 0x0800
>>>> 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3
>>>> 0xFFFFFFFF
>>>> at -8 flowid 1:20
>>>> # change the MAC's of course.
>>>>
>>>> tc -s -d class show dev ppp0
>>>> tc -s -d qdisc show dev ppp0
>>>> tc -s -d filter show dev ppp0
>>>>
>>>> There you have it.
>>>>
>>>> :L
>>>> _______________________________________________
>>>> LARTC mailing list
>>>> LARTC@mailman.ds9a.nl
>>>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>>>>
>>>>
>>>>
>>>
>>> _______________________________________________
>>> LARTC mailing list
>>> LARTC@mailman.ds9a.nl
>>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>>>
>>
>
>
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
--
Regards Mike.
Michael Davidson
Barone Budge & Dominick
Email: michael@bbd.co.za
Office: +27 11 532 8380
BB&D : +27 11 532 8300
Fax: +27 11 532 8400
Mobile: +27 82 650 5707
Home: +27 11 452 4423
This e-mail is confidential and subject to the disclaimer published at
http://www.bbd.co.za
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2005-12-13 10:17 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-10 1:07 [LARTC] Marking packets by mac addr using tc filter u32 match? Juan Pizarro
2005-12-10 17:12 ` gypsy
2005-12-11 7:46 ` brick
2005-12-11 8:28 ` Lee Sanders
2005-12-12 10:19 ` Kristiadi Himawan
2005-12-12 14:44 ` gypsy
2005-12-13 2:27 ` Kristiadi Himawan
2005-12-13 10:17 ` Michael Davidson [this message]
2005-12-13 10:50 ` Kristiadi Himawan
2005-12-13 15:04 ` gypsy
2005-12-15 14:45 ` gypsy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=439E9FBC.4060701@bbd.co.za \
--to=michael@bbd.co.za \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.