I could not get u32 filter work with ingress qdisc.
I tried the following commands to limit the incoming rate from 10.1.1.1 to
10kbit/s.
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 u32 match ip
src 10.1.1.1 police rate 10kbit burst 10kbit mtu 1500 drop
But looks like the filter is not matching any incoming packets from
10.1.1.1
tc -d -s filter is not showing any matched packets.
I was able to get this work using iptables and fw filter with the following
commands.
iptables -A PREROUTING -t mangle -p tcp -s 10.1.1.1 -j MARK --set-mark
1
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 handle 1 fw
police rate 10kbit burst 10kbit mtu 1500 drop
Is there any restriction that u32 filter cannot be attached to ingress
qdisc? Or am i missing something in my configuration.
Thanks
Sridhar
