With u32 you cannot negate, that's why it is lame...
Use iptables for marking packets
$TC filter add dev ${DEV_IFB} parent 1:0 prio 2 protocol ip handle 14 fw
classid 1:14
Iptables -t mangle -A PREROUTING -p TCP --dport 80 -d ! 1.2.3.4 -j MARK
--set-mark 14
-----Original Message-----
From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx]
On Behalf Of richard lucassen
Sent: 2006 m. vasario 21 d. 18:25
To: lartc@xxxxxxxxxxxxxxx
Subject: invert u32 match selector
Is it possible to negate the "match" to the ip? I want to match all
traffic to dport 80 NOT going to dst 1.2.3.4:
$TC filter add dev ${DEV_IFB} parent 1:0 prio 2 protocol ip u32 \
match ip protocol 0x6 0xff \
match ip dport 80 0xffff \
match ip dst 1.2.3.4/32 \
classid 1:14
I can't find it in the docs. I tried "!" "\!" and "not" in several
places, but always resulting in a "illegal match".
R.
--
___________________________________________________________________
It is better to remain silent and be thought a fool, than to speak
aloud and remove all doubt.
+------------------------------------------------------------------+
| Richard Lucassen, Utrecht |
| Public key and email address: |
| http://www.lucassen.org/mail-pubkey.html |
+------------------------------------------------------------------+
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
__________ NOD32 1.1415 (20060221) Information __________
This message was checked by NOD32 antivirus system.
http://www.nod32.com
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
