[LARTC] filters with multiple sport matches

[LARTC] filters with multiple sport matches

[ewan]

I want to filter traffic from source ports X and Y into a filter I try

tc filter add dev eth0 parent 1: protocol ip prio 9 u32 \
   match ip sport X 0xffff \
   flow id 1:30

and it works fine but when i add

tc filter add dev eth0 parent 1: protocol ip prio 9 u32 \
   match ip sport X 0xffff \
   match ip sport Y 0xffff \
   flow id 1:30

I get and illegal match error. whats going wrong and how to i do it
properly?

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] filters with multiple sport matches

[Nils Lichtenfeld]

Hello!

ewan wrote:
> I want to filter traffic from source ports X and Y into a filter I
> try
[...]
> tc filter add dev eth0 parent 1: protocol ip prio 9 u32 \
>    match ip sport X 0xffff \
>    match ip sport Y 0xffff \
>    flow id 1:30
>
> I get and illegal match error. whats going wrong and how to i do it
> properly?

A paket can only have one sourceport, so the match above can not work.
You will have to use one filter for each sport!

tc filter add dev eth0 parent 1: protocol ip prio 9 u32 \
   match ip sport X 0xffff \
   flow id 1:30

tc filter add dev eth0 parent 1: protocol ip prio 9 u32 \
   match ip sport Y 0xffff \
   flow id 1:30

Greetings, Nils

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] filters with multiple sport matches

[ewan]

> A paket can only have one sourceport, so the match above can not work.
> You will have to use one filter for each sport!


 does it matter that they are both prioity 9?

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] filters with multiple sport matches

[Nils Lichtenfeld]

Hello!

ewan wrote:
>> A paket can only have one sourceport, so the match above can not
>> work. You will have to use one filter for each sport!
>
>  does it matter that they are both prioity 9?

Well, as far as I know, the priority decides about on whitch filter to
check first. If there are more than one with the same priority, the
order of adding them decides witch of them to check first. So all your
filters could have the same priority (exept for different
filter-modules, a u32 can not share the same priority with a fw-filter
and so on).

Greetings, Nils

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/