From: Andy Furniss <lists@andyfurniss.entadsl.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Policing based on port numbers
Date: Wed, 11 Apr 2007 19:28:29 +0000 [thread overview]
Message-ID: <461D36DD.2010301@andyfurniss.entadsl.com> (raw)
In-Reply-To: <c24555040704110853i7407d503u2d8bfbe423580bdb@mail.gmail.com>
Shuveb Hussain wrote:
> Hi,
>
> I'm trying to police ingress traffic based on port numbers and IP
> addresses. The u32 match based on IP addresses seems to work without
> issues and I'm am able to police incoming packets. However, the same
> isn't working with u32 matches based on TCP port numbers. For port
> numbers, I added exactly one 'u32 match' rule:
>
> common for both:
> # tc qdisc add dev eth0 handle ffff: ingress
>
> And then:
>
> # tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip
> src \
> 0.0.0.0/0 police rate 128kbit burst 10k drop flowid :1
>
> The rule above works, but the same with a port match does not:
>
> # tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match
> tcp dport 0xXYZ 0xFFFF police rate 128kbit burst 10k drop flowid :1
>
> Is there anything I am missing?
I've never managed to find a way to use the word tcp in a filter without
getting an illegal match - I know it's in the help.
If you want to match tcp use the ip protocol match
tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match
ip dport 0xXYZ 0xFFFF match ip protocol 0x06 0xff police .....
Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
prev parent reply other threads:[~2007-04-11 19:28 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-11 15:48 [LARTC] Policing based on port numbers Shuveb Hussain
2007-04-11 19:28 ` Andy Furniss [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=461D36DD.2010301@andyfurniss.entadsl.com \
--to=lists@andyfurniss.entadsl.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.