curt brune wrote: > Using tc filter is there a way to direct a range of ports (say ports 5000 > to 5100) to a particular flowid ? You can translate relational operators (<, >=, etc.) into individual tests of bits or prefixes, which can then be used by u32. For the algorithms, see tcng's tcng/tcc/iflib_arith.c:rel_general and the functions it calls. If using tcc to generate such classifiers, you can speed up configuration-time processing considerably with -Oprefix -Onocse > Theoretical question: Has anyone done an experiment to test wether > filtering with "tc" or "iptables" is more performant? In this case, iptables should win hands down, because it uses CPU instructions that accomplish the task much more directly. I don't know how iptables and tc compare in cases where the actual classifications have similar cost. If somebody's going to run some comparisons, the results may be interesting, though. - Werner -- _________________________________________________________________________ / Werner Almesberger, Buenos Aires, Argentina wa@almesberger.net / /_http://www.almesberger.net/____________________________________________/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
