All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Re: tc filter
@ 2006-08-10 13:38 Jarek Poplawski
  2006-08-16 10:16 ` Jarek Poplawski
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Jarek Poplawski @ 2006-08-10 13:38 UTC (permalink / raw)
  To: lartc

On 03-08-2006 18:06, doudouyam wrote:
> Hi,
> Is it possible to make a filter with tc which exclude an IP like iptables ??
> 
> ex:
> iptable -t mangle -A PREROUTING -i eth0 -d ! 192.168.1.222 
> <http://192.168.1.222> -j MARK ...

Maybe there is something like this, I don't know, but you can try 
two filters in turn e.g.:

# tc filter add dev eth0 parent 1: proto ip pref 100 \
	u32 match ip dst 192.168.1.222 police drop

(or some other "flowid 1:xx" instead of "police drop")

# tc filter add dev eth0 parent 1: proto ip pref 101 \
	u32 match ip dst 192.168.1.0/24 flowid 1:99

Jarek P.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [LARTC] Re: tc filter
  2006-08-10 13:38 [LARTC] Re: tc filter Jarek Poplawski
@ 2006-08-16 10:16 ` Jarek Poplawski
  2006-08-18 10:28 ` Andy Furniss
  2006-08-21  7:56 ` Jarek Poplawski
  2 siblings, 0 replies; 4+ messages in thread
From: Jarek Poplawski @ 2006-08-16 10:16 UTC (permalink / raw)
  To: lartc

On 10-08-2006 15:38, Jarek Poplawski wrote:
...
> # tc filter add dev eth0 parent 1: proto ip pref 100 \
>     u32 match ip dst 192.168.1.222 police drop

Should be:
# tc filter add dev eth0 parent 1: proto ip pref 100 \
u32 match ip dst 192.168.1.222 flowid 1: police \ 
              conform-exceed drop/drop

or:
# tc filter add dev eth0 parent 1: proto ip pref 100 \
u32 match ip dst 192.168.1.222 flowid 1: action drop

Jarek P.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [LARTC] Re: tc filter
  2006-08-10 13:38 [LARTC] Re: tc filter Jarek Poplawski
  2006-08-16 10:16 ` Jarek Poplawski
@ 2006-08-18 10:28 ` Andy Furniss
  2006-08-21  7:56 ` Jarek Poplawski
  2 siblings, 0 replies; 4+ messages in thread
From: Andy Furniss @ 2006-08-18 10:28 UTC (permalink / raw)
  To: lartc

Jarek Poplawski wrote:

> Should be:
> # tc filter add dev eth0 parent 1: proto ip pref 100 \
> u32 match ip dst 192.168.1.222 flowid 1: police \              
> conform-exceed drop/drop

Looks a bit iffy but I haven't tried it - I thought that would be drop 
whether under or over - if it's valid at all without action/ a police rate.

Andy.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [LARTC] Re: tc filter
  2006-08-10 13:38 [LARTC] Re: tc filter Jarek Poplawski
  2006-08-16 10:16 ` Jarek Poplawski
  2006-08-18 10:28 ` Andy Furniss
@ 2006-08-21  7:56 ` Jarek Poplawski
  2 siblings, 0 replies; 4+ messages in thread
From: Jarek Poplawski @ 2006-08-21  7:56 UTC (permalink / raw)
  To: lartc

On 18-08-2006 12:28, Andy Furniss wrote:
> Jarek Poplawski wrote:
> 
>> Should be:
>> # tc filter add dev eth0 parent 1: proto ip pref 100 \
>> u32 match ip dst 192.168.1.222 flowid 1: police \              
>> conform-exceed drop/drop
> 
> Looks a bit iffy but I haven't tried it - I thought that would be drop 
> whether under or over - if it's valid at all without action/ a police rate.

Maybe I should have written:
"Should be with a fairly current iproute2 and kernel:".

It's so called "New syntax" ("Old syntax" didn't work for me),
to add exceed action for zero rate. According to help rate and 
burst should be included, but it works anyway.

Jarek P.

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2006-08-21  7:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-10 13:38 [LARTC] Re: tc filter Jarek Poplawski
2006-08-16 10:16 ` Jarek Poplawski
2006-08-18 10:28 ` Andy Furniss
2006-08-21  7:56 ` Jarek Poplawski

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.