hi martin, Martin A. Brown wrote: > Seems like he needs a "protocol generic" (or better yet for him, "protocol > ipx"), which would allow him to count byte offsets in the manner of u32. > > I know of no such tool. i just quote what julian wrote some time ago, seems as if it would possible what griff wants to do: --snip-- > Hello, > > On Sun, 22 Dec 2002, Nickola Kolev wrote: > > >>>> > I need to classified the traffic by looking at the packet destination >>>> > and source MAC address. Can anyone here suggest ways to do this. >>>> > >>>> > I have read through the HOWTO documentation, from there I know that >>>> > U32 filter can only filter out IP or higher layer. May I know why U32 >>>> > filter did not support datalink layer (MAC address)? Is it that when > > > This is a lie. > > >>>> > packet entering TC, the datalink layer no longer there? Are there any >>>> > filter which can filter the MAC address? > > > You can filter with U32 by src/dst MAC on ingress and > by dst MAC on egress. On egress the src MAC is replaced with > new one and there is no good reason to apply U32 filters for sender's > MAC. > > >>>> > Before this, I have successfully implement QoS through source and >>>> > destination IP address using CBQ. Here I would like to thanks LARTC >>>> > for the help. >>>> > >> >>> >>> Yes, you can do this, but using fw marking, not u32 classifier. Just > > > Why not, just use negative offsets with U32 to access > the 14-byte eth frame header before the IP header: > > Decimal Ofs Description > ----------------------------------- > -14: DST MAC, 6 bytes > -8: SRC MAC, 6 bytes > -2: Eth PROTO, 2 bytes, eg. ETH_P_IP > 0: Protocol header (IP Header) > > >>> search through the various >>> netfilter extensions - you really can do miracles with them :)) >>> >>> E-gards, >>> Nickola > > > Regards > > -- > Julian Anastasov <ja@ssi.bg> --snap-- regards, hannes
