-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Lars,
It's about the discussion of "deleting filter rules", and this "method" (using handle) was explaned by Patrick (see the list history).
Telles
Lars Landmark wrote: | Hi; | | no clue :-( | May I ask why you are using "handle" and not "parent" since HTB is used? | And what eventually are the differences? | | Lars | | | |>-----BEGIN PGP SIGNED MESSAGE----- |>Hash: SHA1 |> |>Lars, |> |>I knew that (I use this form, but with handle, it doesn't work), but if what you |>said is truth, the folowing command would have work: |> |>tc filter del dev eth0 parent 1:0 protocol ip prio 1 handle ::12 u32 match ip |>src 10.10.10.10 flowid 1:12 |>RTNETLINK answers: No such file or directory |> |>|>tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle ::12 u32 match ip |>src 10.10.10.11 flowid 1:12 |> |>What you thing about that ? |> |>Telles |> |>Lars Landmark wrote: |>| |>| Hi Rodrigo; |>| |>| When you add a new filter rule, you write "tc filter add .....". If you |>| now substitute add with del, you are able to delete the right filter |>| without any other filters being deleted. |>| |>| Hope this helps. |>| |>| Lars |>| |>| |>| On Thu, 8 Jan 2004, Rodrigo P. Telles wrote: |>| |>| |>|>-----BEGIN PGP SIGNED MESSAGE----- |>|>Hash: SHA1 |>|> |>|>Patrick, |>|> |>|>Based in your explanation, I tried that: |>|> |>|># adding root qdisc, class and filters |>|>tc qdisc add dev eth0 root handle 1: htb |>|>tc class add dev eth0 parent 1: classid 1:10 htb rate 768Kbit |>|>tc class add dev eth0 parent 1:1 classid 1:11 htb rate 512Kbit |>|>tc class add dev eth0 parent 1:1 classid 1:12 htb rate 256Kbit |>|> |>|>tc qdisc add dev eth0 parent 1:11 handle 11: sfq |>|>tc qdisc add dev eth0 parent 1:12 handle 12: sfq |>|> |>|>tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle ::11 u32 match ip |>|>src 10.10.10.10 flowid 1:11 |>|>tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle ::12 u32 match ip |>|>src 10.10.10.11 flowid 1:12 |>|> |>|># tc filter show dev eth0 |>|>filter parent 1: protocol ip pref 1 u32 |>|>filter parent 1: protocol ip pref 1 u32 fh 800: ht divisor 1 |>|>filter parent 1: protocol ip pref 1 u32 fh 800::11 order 17 key ht 800 bkt 0 |>|>flowid 1:11 |>|>~ match 0a0a0a0a/ffffffff at 12 |>|>filter parent 1: protocol ip pref 1 u32 fh 800::12 order 18 key ht 800 bkt 0 |>|>flowid 1:12 |>|>~ match 0a0a0a0b/ffffffff at 12 |>|> |>|># deleting a rule |>|>tc filter del dev eth0 parent 1:0 protocol ip prio 1 handle ::12 |>|>Must specify filter type when using "handle" |>|> |>|>Humm, I got back to LARTC Howto, but I can't found anything about "filter type" ! |>|> |>|>What's wrong ? |>|> |>|>Telles |>|> |>|> |>|>Patrick McHardy wrote: |>|>| Andre Correa wrote: |>|>| |>|>|> |>|>|> Patrick, tks for the info but I'm sure I got your idea. |>|>|> |>|>|> A filter handle is something like: "804::800" right? |>|>| |>|>| |>|>| Not exactly. How handles are handled depends on the classifier, |>|>| fw classifier for example uses its own handle to match the nfmark, |>|>| route creates handles of its own and errors if the handle supplied |>|>| from userspace differs. |>|>| |>|>| Maybe a example clears things up: |>|>| <add filters> |>|>| tc filter add dev lo protocol ip parent 1: pref 1 route from 4 flowid 1:100 |>|>| tc filter add dev lo protocol ip parent 1: pref 1 route from 5 flowid 1:200 |>|>| tc filter add dev lo protocol ip parent 1: pref 1 route from 6 flowid 1:300 |>|>| tc filter add dev lo protocol ip parent 1: pref 1 route from 7 flowid 1:400 |>|>| tc filter add dev lo protocol ip parent 1: pref 1 route from 8 flowid 1:500 |>|>| |>|>| <show filters> |>|>| filter protocol ip pref 1 route |>|>| filter protocol ip pref 1 route fh 0x00048000 flowid 1:100 from 4 |>|>| filter protocol ip pref 1 route fh 0x00058000 flowid 1:200 from 5 |>|>| filter protocol ip pref 1 route fh 0x00068000 flowid 1:300 from 6 |>|>| filter protocol ip pref 1 route fh 0x00078000 flowid 1:400 from 7 |>|>| filter protocol ip pref 1 route fh 0x00088000 flowid 1:500 from 8 |>|>| |>|>| As you can see the route classifier uses realm | 0x8000. |>|>| |>|>| <delete filters> |>|>| tc filter del dev lo pref 1 handle 0x00048000 route |>|>| tc filter del dev lo pref 1 handle 0x00058000 route |>|>| tc filter del dev lo pref 1 handle 0x00068000 route |>|>| tc filter del dev lo pref 1 handle 0x00078000 route |>|>| tc filter del dev lo pref 1 handle 0x00088000 route |>|>| |>|>| <show filters again> |>|>| filter protocol ip pref 1 route |>|>| |>|>| Only the container of the single filters is left. To destroy it, delete by |>|>| priority: "tc filter del dev lo pref 1". |>|>| |>|>| Hope that helps. |>|>| |>|>| Patrick |>|>| |>|>| |>|>|> I've tried this (supose classes 1:1 and 1:2 exist): |>|>|> |>|>|> tc filter add dev eth1 parent 1: protocol ip prio 1 handle ::10 u32 |>|>|> match ip src 10.10.10.10 flowid 1:1 |>|>|> tc filter add dev eth1 parent 1: protocol ip prio 1 handle ::11 u32 |>|>|> match ip src 10.10.10.11 flowid 1:2 |>|>|> |>|>|> and then: |>|>|> |>|>|> tc filter del dev eth1 parent 1: protocol ip prio 1 handle ::11 |>|>|> |>|>|> but both filter are deleted... |>|>|> |>|>|> Am I missing something? |>|>|> |>|>|> tks a lot... |>|>|> |>|>|> Andre |>|>|> |>|>| |>|>| |>|>| _______________________________________________ |>|>| LARTC mailing list / LARTC@xxxxxxxxxxxxxxx |>|>| http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ |>|>| |>|>| |>|> |>|>- -- |>|>- ------------------------------------------------------ |>|>Rodrigo P. Telles <telles@xxxxxxxxxxxxxxx> |>|>Gerente de Projetos - http://www.devel-it.com.br |>|>Devel-IT - Uma empresa do Grupo TDKOM |>|>- ------------------------------------------------------ |>|>-----BEGIN PGP SIGNATURE----- |>|>Version: GnuPG v1.0.7 (GNU/Linux) |>|>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |>|> |>|>iD8DBQE//eiViLK8unYgEMQRAv1PAJ96witXRlYUwPW5fqDySWURu3VLcQCdGrx3 |>|>Ly6eZtiaSTtrWMrpPm9MxnQ= |>|>=rhE2 |>|>-----END PGP SIGNATURE----- |>|> |>|>_______________________________________________ |>|>LARTC mailing list / LARTC@xxxxxxxxxxxxxxx |>|>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ |>|> |>| |>| |>| |> |>- -- |>- ------------------------------------------------------ |>Rodrigo P. Telles <telles@xxxxxxxxxxxxxxx> |>Gerente de Projetos - http://www.devel-it.com.br |>Devel-IT - Uma empresa do Grupo TDKOM |>- ------------------------------------------------------ |>-----BEGIN PGP SIGNATURE----- |>Version: GnuPG v1.0.7 (GNU/Linux) |>Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org |> |>iD8DBQE//oZRiLK8unYgEMQRArqRAJwN4Ho/a7sQHVQAejb32iIdNbKYqACdG7kI |>C+1AYYFiTKvXabVcluSnR6E= |>=C9Xe |>-----END PGP SIGNATURE----- |> |>_______________________________________________ |>LARTC mailing list / LARTC@xxxxxxxxxxxxxxx |>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ |> | | _______________________________________________ | LARTC mailing list / LARTC@xxxxxxxxxxxxxxx | http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ | |
- -- - ------------------------------------------------------ Rodrigo P. Telles <telles@xxxxxxxxxxxxxxx> Gerente de Projetos - http://www.devel-it.com.br Devel-IT - Uma empresa do Grupo TDKOM - ------------------------------------------------------ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE//pAUiLK8unYgEMQRAjeLAJ9ZCyPiKNcoENEgcCvfzIF1wJ2IlgCfel0D BmAJ97csB8BxXywGwmLVrDM= =JpSS -----END PGP SIGNATURE-----
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
