Kristiadi Himawan wrote: > > It's also match to this kind of traffic ? > > 17:16:53.740978 arp who-has 192.43.165.29 tell 192.43.165.30 > 17:16:53.752482 arp reply 192.43.165.29 is-at 00:04:c1:b5:bd:f1 > 17:16:53.812889 arp who-has 192.43.162.194 tell 192.43.162.193 > 17:16:53.812922 arp reply 192.43.162.194 is-at 00:08:c7:c9:a3:17 No. The 'match u16 0x0800 0xffff' says to ignore ARP. > Lee Sanders wrote: > > >You haven't done a search on past posts... > > > >the u32 can be used to match any bit in the ip header. Before the ip header, > >there is a frame header. In that frame header you can find the src and dst > >mac address. You can trick the u32 filter in using the frame header if you > >use negative offsets. > > > >Decimal Offset Description > >-14: DST MAC, 6 bytes > >-8: SRC MAC, 6 bytes > >-2: Eth PROTO, 2 bytes, eg. ETH_P_IP > >0: Protocol header (IP Header) > > > >Where PPPP is the Eth Proto Code (from linux/include/linux/if_ether.h): > >ETH_P_IP= IP = match u16 0x0800 > >Where your MAC = M0M1M2M3M4M5 > > > >Egress (match Dst MAC): > >... match u16 0xPPPP 0xFFFF at -2 match u32 0xM2M3M4M5 0xFFFFFFFF at -12 match > >u16 0xM0M1 0xFFFF at -14 > > > >Ingress (match Src MAC): > >... match u16 0xPPPP 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 > >0xM0M1M2M3 0xFFFFFFFF at -8 > > > >The below is simplistic but it works to demonstrate the above. > > > >tc qdisc add dev ppp0 root handle 1:0 htb default 20 > >tc class add dev ppp0 parent 1:0 classid 1:1 htb rate 128kbit ceil 128kbit > > > >tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 64kbit ceil 128kbit > >tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 64kbit ceil 128kbit > > > >tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 10 > >tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 10 > > > ># My Laptop > >tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 > >0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF > >at -8 flowid 1:10 > ># My Desktop > >tc filter add dev ppp0 parent 1:0 protocol ip prio 1 u32 match u16 0x0800 > >0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF > >at -8 flowid 1:20 > ># change the MAC's of course. > > > >tc -s -d class show dev ppp0 > >tc -s -d qdisc show dev ppp0 > >tc -s -d filter show dev ppp0 > > > >There you have it. > > > >:L > >_______________________________________________ > >LARTC mailing list > >LARTC@xxxxxxxxxxxxxxx > >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
