From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michal Soltys <nozo@ziu.info>
Date: Sun, 16 Sep 2007 20:36:33 +0000
Subject: Re: [LARTC] using tc to drop packets based on the diffserc or tos
Message-Id: <46ED93D1.3090703@ziu.info>
List-Id: <lartc.vger.kernel.org>
References: <ED9CC011977FDA4BAB13266D271118E6102B8A449F@BTSLMAIL.bhartitelesoft.com>
In-Reply-To: <ED9CC011977FDA4BAB13266D271118E6102B8A449F@BTSLMAIL.bhartitelesoft.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Raghuvendra Kumar wrote:
> Hi all,
> 
 > [...]
> 
> [root@scotch src]#tc filter add dev eth0 protocol ip u32 match ip dsfield 8 police drop
> 
> its showing error "Illegal "match".
> 
> Can any one of you guide me , what is the correct way of doing it.
> Its imporatnt, Please post reply ASAP.
> 

For instance:

tc qdisc add dev eth0 root handle 1: hfsc default 99
# (.. remaining classes / etc. ..)

tc filter add dev eth0 parent 1:0 protocol ip  prio 1 u32 \
	match ip dsfield 0x08 0xff action drop

Remember that mask is mandatory.

Also check out doc/actions directory for info about extended actions in 
iproute tarball.


Out of curiosity - why not just:

iptables -A OUTPUT -o eth0 -p udp --sport 5060 -j DROP

... or with something like -j REJECT --reject-with icmp-port-unreachable, 
depending on your needs. Assuming it's not just for testing purposes, and 
you actually want to drop the traffic generated by your host from that 
particular port.


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc