From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Davidson Date: Tue, 13 Dec 2005 10:17:32 +0000 Subject: Re: [LARTC] Marking packets by mac addr using tc filter u32 match? Message-Id: <439E9FBC.4060701@bbd.co.za> List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Hi, Forgive me if I point out the obvious. Remember that ARP isn't an IP protocol it's a peer protocol to IP. In the tc filters shown below the protocol is IP and the negative offset works on a IP packet but I suspect that an ARP packet isn't accessible with this technique. If I ubstitute IP for ARP in the filter statement it isn't accepted. Regards Mike D. Kristiadi Himawan wrote: > > it's should be 0x0806 0xffff ? > or you have the example how to catch that kind of traffic > > gypsy wrote: > >> Kristiadi Himawan wrote: >> >> >>> It's also match to this kind of traffic ? >>> >>> 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 >>> 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 >>> 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 >>> 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 >>> >> >> >> No. The 'match u16 0x0800 0xffff' says to ignore ARP. >> >> >> >>> Lee Sanders wrote: >>> >>> >>> >>>> You haven't done a search on past posts... >>>> >>>> the u32 can be used to match any bit in the ip header. Before the >>>> ip header, >>>> there is a frame header. In that frame header you can find the src >>>> and dst >>>> mac address. You can trick the u32 filter in using the frame header >>>> if you >>>> use negative offsets. >>>> >>>> Decimal Offset Description >>>> -14: DST MAC, 6 bytes >>>> -8: SRC MAC, 6 bytes >>>> -2: Eth PROTO, 2 bytes, eg. ETH_P_IP >>>> 0: Protocol header (IP Header) >>>> >>>> Where PPPP is the Eth Proto Code (from >>>> linux/include/linux/if_ether.h): >>>> ETH_P_IP= IP = match u16 0x0800 >>>> Where your MAC = M0M1M2M3M4M5 >>>> >>>> Egress (match Dst MAC): >>>> ... match u16 0xPPPP 0xFFFF at -2 match u32 0xM2M3M4M5 0xFFFFFFFF >>>> at -12 match >>>> u16 0xM0M1 0xFFFF at -14 >>>> >>>> Ingress (match Src MAC): >>>> ... match u16 0xPPPP 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 >>>> match u32 >>>> 0xM0M1M2M3 0xFFFFFFFF at -8 >>>> >>>> The below is simplistic but it works to demonstrate the above. >>>> >>>> tc qdisc add dev ppp0 root handle 1:0 htb default 20 >>>> tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil >>>> 128kbit >>>> >>>> tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil >>>> 128kbit >>>> tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil >>>> 128kbit >>>> >>>> tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 >>>> tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 >>>> >>>> # My Laptop >>>> tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 >>>> 0x0800 >>>> 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 >>>> 0xFFFFFFFF >>>> at -8 flowid 1:10 >>>> # My Desktop >>>> tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 >>>> 0x0800 >>>> 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 >>>> 0xFFFFFFFF >>>> at -8 flowid 1:20 >>>> # change the MAC's of course. >>>> >>>> tc -s -d class show dev ppp0 >>>> tc -s -d qdisc show dev ppp0 >>>> tc -s -d filter show dev ppp0 >>>> >>>> There you have it. >>>> >>>> :L >>>> _______________________________________________ >>>> LARTC mailing list >>>> LARTC@mailman.ds9a.nl >>>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >>>> >>>> >>>> >>> >>> _______________________________________________ >>> LARTC mailing list >>> LARTC@mailman.ds9a.nl >>> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >>> >> > > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > -- Regards Mike. Michael Davidson Barone Budge & Dominick Email: michael@bbd.co.za Office: +27 11 532 8380 BB&D : +27 11 532 8300 Fax: +27 11 532 8400 Mobile: +27 82 650 5707 Home: +27 11 452 4423 This e-mail is confidential and subject to the disclaimer published at http://www.bbd.co.za _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc