[LARTC] iptables mark and u32 filter

[LARTC] iptables mark and u32 filter

[Ethy H. Brito]

Hi All

I'd like to use an iptables mark together with u32 filter. Something like this, for instance:

tc filter add dev imq0 protocol ip parent 1:0\
prio 2 handle 55\
u32 match u8 1 0xff at 0x09 flowid 1:22

(all icmp packets marked with 55 goes to class 1:22)

But I got 'Illegal filter ID' as answer. Is this combination possible?

-- 

Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil   / \ 
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Re: [LARTC] iptables mark and u32 filter

[Andy Furniss]

Ethy H. Brito wrote:
> Hi All
> 
> I'd like to use an iptables mark together with u32 filter. Something like this, for instance:
> 
> tc filter add dev imq0 protocol ip parent 1:0\
> prio 2 handle 55\
> u32 match u8 1 0xff at 0x09 flowid 1:22
> 
> (all icmp packets marked with 55 goes to class 1:22)
> 
> But I got 'Illegal filter ID' as answer. Is this combination possible?
> 

You missed fw - handle 55 fw should match mark 55 but it still may not 
work unless alone.

Instead use ... match mark 55 0xffffffff ... (you can get away with less 
"f"s for the mask depending on your highest mark value.

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc