Re: tc del filter

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* ncrfgs <20041130162601.GB1470@xxxxxxxxxxxxxx> 2004-11-30 17:26
> Hi,
> 
> How can I delete an existing filter? Is it possible?

You must at least provide the following:
  dev
  parent (qdisc or class)
  prio
  kind (filter type)
  handle

The kernel will then lookup the device, find the qdisc or class
according to your parent, lookup the filter ops according to the kind
and prio and then calls get() in the filter to look it up. The get() is
dependant on the filter type and thus deleting may vary from filter to
filter.

handle == 0 will destroy the whole filter tree

example 1: (destroying the whole tree)
# tc filter add dev eth0 parent 10:0 prio 10 protocol all u32 match \
      ip tos 1 0 flowid 10:12
# tc filter list dev eth0 parent 10:0
filter protocol all pref 10 u32 
filter protocol all pref 10 u32 fh 800: ht divisor 1 
filter protocol all pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 10:12 
  match 00000000/00000000 at 0
# tc filter del dev eth0 parent 10:0 prio 10 u32
# tc filter list dev eth0 parent 10:0
#

example 2: (destroying a single filter)
# tc filter add dev eth0 parent 10:0 prio 10 protocol all u32 match \
      ip tos 1 0 flowid 10:12
# tc filter add dev eth0 parent 10:0 prio 10 protocol all u32 match \
      ip tos 1 0 flowid 10:12
# tc filter list dev eth0 parent 10:0
filter protocol all pref 10 u32 
filter protocol all pref 10 u32 fh 800: ht divisor 1 
filter protocol all pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 10:12 
  match 00000000/00000000 at 0
filter protocol all pref 10 u32 fh 800::801 order 2049 key ht 800 bkt 0 flowid 10:12 
  match 00000000/00000000 at 0
# tc filter del dev eth0 parent 10:0 prio 10 handle 800::801 u32
# tc filter list dev eth0 parent 10:0
filter protocol all pref 10 u32 
filter protocol all pref 10 u32 fh 800: ht divisor 1 
filter protocol all pref 10 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 10:12 
  match 00000000/00000000 at 0
#

rule of thumb:
- deleting a filter with handle NOT specified deletes whole filter tree
- deleting a filter with handle specified deletes only the filter with
  the given handle

This does not apply to all filters though.
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux