From mboxrd@z Thu Jan  1 00:00:00 1970
From: bert hubert <ahu@ds9a.nl>
Date: Wed, 08 Jan 2003 18:29:41 +0000
Subject: Re: [LARTC] U32 filter for IPSEC (ESP)
Message-Id: <marc-lartc-104205065011701@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-104180993325505@msgid-missing>
In-Reply-To: <marc-lartc-104180993325505@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Mon, Jan 06, 2003 at 12:49:54AM +0100, Gilles Douillet wrote:

> so this u32 filter should work ? (I can use fw filter because the
> firewall/VPN can't mark pakets :-(
> 
> tc filter add dev ethX parent X:0 protocol ip prio X u32 match ip protocol
> 50 0xff flowid X:XX ?

Looks fine, but try proving it - just send this traffic to anotherwise empty
class and run 'tc -s qdisc ls dev eth0' and 'tc -s class ls dev eth0' to see
if the counters change.

Regards,

bert

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
http://netherlabs.nl                         Consulting
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/