[LARTC] HTB and ARP

[LARTC] HTB and ARP

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 404 bytes --]

Hi,

I discover recently that the arp traffic is managed like any other flow.
So you get hang after a moment if you don't use a default class.

Is the any means to avoid this ? Not to have a default class is a way to
filter traffic ...

One would be to managed to class ARP request with tc but I don't know if
it is possible.

Thanks in advance,
-- 
Éric Leblond
courriel : eric@regit.org

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] HTB and ARP

[Martin A. Brown]

Eric,

We recently had a discussion here about filtering non-IP traffic.  See my
attempt here:

  http://mailman.ds9a.nl/pipermail/lartc/2003q1/006656.html

And Julian's follow-up post which closed the thread:

  http://mailman.ds9a.nl/pipermail/lartc/2003q1/006663.html

You should be able to select with something like this:

  U32="tc filter add dev $DEV parent 1:0 protocol ip u32"
  $U32 match u16 0x0806 0xFFFF at -2

where 0x0806 identifies the ethernet frame as an ARP packet, per
$LINUX_SOURCE/include/linux/if_ether.h:

#define ETH_P_ARP       0x0806          /* Address Resolution packet    */

Good luck,

-Martin

On Fri, 10 Jan 2003, Eric Leblond wrote:

 : Hi,
 :
 : I discover recently that the arp traffic is managed like any other flow.
 : So you get hang after a moment if you don't use a default class.
 :
 : Is the any means to avoid this ? Not to have a default class is a way to
 : filter traffic ...
 :
 : One would be to managed to class ARP request with tc but I don't know if
 : it is possible.
 :
 : Thanks in advance,
 :

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] HTB and ARP

[Eric Leblond]

[-- Attachment #1: Type: text/plain, Size: 668 bytes --]

On Fri, 2003-01-10 at 17:06, Martin A. Brown wrote:

>  : > We recently had a discussion here about filtering non-IP traffic.  See my
>  : > attempt here:
>  : >
>  : >   http://mailman.ds9a.nl/pipermail/lartc/2003q1/006656.html
>  :

I did not manage to push arp packet in the wanted queue. I use the
following syntax :

tc class add dev eth0 parent 1:1 classid 1:4 htb \\
	rate 512.0Kbit ceil 512.0Kbit burst 1.28Kbit prio 0
tc filter add dev eth0  protocol ip u32 \\
	match u16 0x0806 0xFFFF at -2 flowid 1:4

Do I need special options in the qos code (special modules ...)

Any Help appreciated !

-- 
Éric Leblond
courriel : eric@regit.org

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [LARTC] HTB and ARP

[Julian Anastasov]

	Hello,

On 14 Jan 2003, Eric Leblond wrote:

> I did not manage to push arp packet in the wanted queue. I use the
> following syntax :
>
> tc class add dev eth0 parent 1:1 classid 1:4 htb \\
> 	rate 512.0Kbit ceil 512.0Kbit burst 1.28Kbit prio 0
> tc filter add dev eth0  protocol ip u32 \\
> 	match u16 0x0806 0xFFFF at -2 flowid 1:4
>
> Do I need special options in the qos code (special modules ...)

	No, no more hacks, just use "protocol arp" instead of
"protocol ip". Then you can avoid matching the eth proto code at -2.
The filter's "protocol XXX" uses skb->protocol which is built
from the eth proto code for eth devices (returned from eth_type_trans).
So, "protocol ip" is ETH_P_IP, "protocol arp" is ETH_P_ARP and so on.
See the "llproto_names" array in iproute2 (lib/ll_proto.c) and
ll_proto_a2n() used from tc/tc_filter.c

Regards

--
Julian Anastasov <ja@ssi.bg>

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/