* [LARTC] ingress with u32 filter
@ 2001-03-22 1:04 samudrala
2001-03-23 21:49 ` samudrala
0 siblings, 1 reply; 2+ messages in thread
From: samudrala @ 2001-03-22 1:04 UTC (permalink / raw)
To: lartc
I could not get u32 filter work with ingress qdisc.
I tried the following commands to limit the incoming rate from 10.1.1.1 to
10kbit/s.
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 u32 match ip
src 10.1.1.1 police rate 10kbit burst 10kbit mtu 1500 drop
But looks like the filter is not matching any incoming packets from
10.1.1.1
tc -d -s filter is not showing any matched packets.
I was able to get this work using iptables and fw filter with the following
commands.
iptables -A PREROUTING -t mangle -p tcp -s 10.1.1.1 -j MARK --set-mark
1
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 handle 1 fw
police rate 10kbit burst 10kbit mtu 1500 drop
Is there any restriction that u32 filter cannot be attached to ingress
qdisc? Or am i missing something in my configuration.
Thanks
Sridhar
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [LARTC] ingress with u32 filter
2001-03-22 1:04 [LARTC] ingress with u32 filter samudrala
@ 2001-03-23 21:49 ` samudrala
0 siblings, 0 replies; 2+ messages in thread
From: samudrala @ 2001-03-23 21:49 UTC (permalink / raw)
To: lartc
After looking at the example scripts, the only difference i noticed was
that i was not specifying the
flowid in my tc filter add command. When i specified the flowid as :1, i
was able to get ingress policing
work with u32 filter.
If flowid is a required field for a u32 filter, maybe tc command should
return an error.
On a unrelated note, i found that nexthdr option was not working.
To match a syn packet, i was able to specify
match u8 0x02 0xff at 33
I expected that using nexthdr, this can be specifed as
match u8 0x02 0xff at nexthdr+13
I am using 2.4.2 kernel, with the latest iproute2 (001007)
Thanks
Sridhar
Sent by: lartc-admin@mailman.ds9a.nl
To: lartc@mailman.ds9a.nl, linux-diffserv@lrc.di.epfl.ch
cc:
Subject: [LARTC] ingress with u32 filter
I could not get u32 filter work with ingress qdisc.
I tried the following commands to limit the incoming rate from 10.1.1.1 to
10kbit/s.
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 u32 match ip
src 10.1.1.1 police rate 10kbit burst 10kbit mtu 1500 drop
But looks like the filter is not matching any incoming packets from
10.1.1.1
tc -d -s filter is not showing any matched packets.
I was able to get this work using iptables and fw filter with the following
commands.
iptables -A PREROUTING -t mangle -p tcp -s 10.1.1.1 -j MARK --set-mark
1
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 handle 1 fw
police rate 10kbit burst 10kbit mtu 1500 drop
Is there any restriction that u32 filter cannot be attached to ingress
qdisc? Or am i missing something in my configuration.
Thanks
Sridhar
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-03-23 21:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-03-22 1:04 [LARTC] ingress with u32 filter samudrala
2001-03-23 21:49 ` samudrala
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox