eth wrote: > Arindam Haldar wrote: > >> i want help in managing icmp traffic. this is what i tried --> >> iptables -t mangle -A PREROUTING -d 10.0.0.0/8 -p 1 -j MARK --set-mark >> 4001 >> >> tc filter add dev eth4 parent 5:0 match protocol ip 1 prio 2 handle >> 4001 fw classid 5:105 >> >> i tried permutaion of >> match protocol ip 1 << but always getting >> different errors. >> i want to know whats the syntax for tc when i mark packets with >> iptables of icmp type ! >> iptables -nvL PREROUTING -t mangle does shows figures indicating icmp >> packets r inded being marked ! > > If only ICMP is the criterion why bother with iptables? Afterwall the > u32 filter of tc can match pretty anything in terms of tcp/ip... > > If I'm not wrong for example > > tc filter add dev eth1 protocol ip parent 5:0 prio 2 match ip dst > 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105 > > ... would create a filter to match all ICMP traffic destined to 10.0.0.0 > # tc filter add dev eth4 parent 5:0 protocol ip prio 2 match ip dst 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105 Unknown filter "match", hence "ip" is unparsable A.H
