After looking at the example scripts, the only difference i noticed was
that i was not specifying the
flowid in my tc filter add command. When i specified the flowid as :1, i
was able to get ingress policing
work with u32 filter.
If flowid is a required field for a u32 filter, maybe tc command should
return an error.
On a unrelated note, i found that nexthdr option was not working.
To match a syn packet, i was able to specify
match u8 0x02 0xff at 33
I expected that using nexthdr, this can be specifed as
match u8 0x02 0xff at nexthdr+13
I am using 2.4.2 kernel, with the latest iproute2 (001007)
Thanks
Sridhar
Sent by: lartc-admin@xxxxxxxxxxxxxxx
To: lartc@xxxxxxxxxxxxxxx, linux-diffserv@xxxxxxxxxxxxxx
cc:
Subject: [LARTC] ingress with u32 filter
I could not get u32 filter work with ingress qdisc.
I tried the following commands to limit the incoming rate from 10.1.1.1 to
10kbit/s.
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 u32 match ip
src 10.1.1.1 police rate 10kbit burst 10kbit mtu 1500 drop
But looks like the filter is not matching any incoming packets from
10.1.1.1
tc -d -s filter is not showing any matched packets.
I was able to get this work using iptables and fw filter with the following
commands.
iptables -A PREROUTING -t mangle -p tcp -s 10.1.1.1 -j MARK --set-mark
1
tc qdisc add dev eth1 handle ffff:0 ingress
tc filter add dev eth1 parent ffff:0 protocol ip prio 50 handle 1 fw
police rate 10kbit burst 10kbit mtu 1500 drop
Is there any restriction that u32 filter cannot be attached to ingress
qdisc? Or am i missing something in my configuration.
Thanks
Sridhar
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/
