m.dages@xxxxxxx writes:
> wningtung.leung wrote:
> > The solution I propose (haven't tested it though):
> >
> > Don't use firewall marks, but use the u32 filter instead.
> >
> > Look at the source and target IP and redirect the pakket to the
> > correct class.
> >
> > (source != router && dest = low_prio_host) -> slow_class
> > (source != router && dest = hi_prio_host) -> no_limit
> > (source == router) -> no_limit
> >
> > This is only an idea for the downstream, I haven't been thinking
> > about limitimg the upstream.
> ... looking also at the source ip with the u32 filter works very
> well.
I would like to do just that, but I can't figure out how to specify
multiple conditions for u32 filtering. Could you give an example?
Currently I have specified filters like:
tc filter add dev eth2 parent 2:0 protocol ip prio 20 u32 \
match ip dst 192.168.2.12 flowid 2:212
Also, I assume lower ``prio'' values mean the rule takes preference
over rules with higher values?
--
Manfred
