From: samudrala@us.ibm.com
To: lartc@vger.kernel.org
Subject: Re: [LARTC] ingress with u32 filter
Date: Fri, 23 Mar 2001 21:49:07 +0000 [thread overview]
Message-ID: <marc-lartc-98538419916834@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98522309605860@msgid-missing>
After looking at the example scripts, the only difference i noticed was
that i was not specifying the
flowid in my tc filter add command. When i specified the flowid as :1, i
was able to get ingress policing
work with u32 filter.
If flowid is a required field for a u32 filter, maybe tc command should
return an error.
On a unrelated note, i found that nexthdr option was not working.
To match a syn packet, i was able to specify
match u8 0x02 0xff at 33
I expected that using nexthdr, this can be specifed as
match u8 0x02 0xff at nexthdr+13
I am using 2.4.2 kernel, with the latest iproute2 (001007)
Thanks
Sridhar
Sent by: lartc-admin@mailman.ds9a.nl
To: lartc@mailman.ds9a.nl, linux-diffserv@lrc.di.epfl.ch
cc:
Subject: [LARTC] ingress with u32 filter
I could not get u32 filter work with ingress qdisc.
I tried the following commands to limit the incoming rate from 10.1.1.1 to
10kbit/s.
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 u32 match ip
src 10.1.1.1 police rate 10kbit burst 10kbit mtu 1500 drop
But looks like the filter is not matching any incoming packets from
10.1.1.1
tc -d -s filter is not showing any matched packets.
I was able to get this work using iptables and fw filter with the following
commands.
iptables -A PREROUTING -t mangle -p tcp -s 10.1.1.1 -j MARK --set-mark
1
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 handle 1 fw
police rate 10kbit burst 10kbit mtu 1500 drop
Is there any restriction that u32 filter cannot be attached to ingress
qdisc? Or am i missing something in my configuration.
Thanks
Sridhar
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
prev parent reply other threads:[~2001-03-23 21:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-03-22 1:04 [LARTC] ingress with u32 filter samudrala
2001-03-23 21:49 ` samudrala [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-98538419916834@msgid-missing \
--to=samudrala@us.ibm.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox