From mboxrd@z Thu Jan 1 00:00:00 1970 From: Werner Almesberger Date: Sun, 15 Sep 2002 18:50:11 +0000 Subject: Re: [LARTC] marking packets vs. tc filter Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org curt brune wrote: > Using tc filter is there a way to direct a range of ports (say ports 5000 > to 5100) to a particular flowid ? You can translate relational operators (<, >=, etc.) into individual tests of bits or prefixes, which can then be used by u32. For the algorithms, see tcng's tcng/tcc/iflib_arith.c:rel_general and the functions it calls. If using tcc to generate such classifiers, you can speed up configuration-time processing considerably with -Oprefix -Onocse > Theoretical question: Has anyone done an experiment to test wether > filtering with "tc" or "iptables" is more performant? In this case, iptables should win hands down, because it uses CPU instructions that accomplish the task much more directly. I don't know how iptables and tc compare in cases where the actual classifications have similar cost. If somebody's going to run some comparisons, the results may be interesting, though. - Werner -- _________________________________________________________________________ / Werner Almesberger, Buenos Aires, Argentina wa@almesberger.net / /_http://www.almesberger.net/____________________________________________/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/