I thought so too - maybe I was too fast. I want too be sure that a packet always first is checked/filtered against src <ip net> and protocol 50 and if it matches it goes to flowid 1:21 (prio 0 - high). Then if it does not match above - it is checked/filtered against src <ip net> and dst <any ip> and goes to flowid 1:22 (prio 2 - low). But it seems that a filter with prio 0 always is the last filter to be checked and filters with prio 1,2,3.... is checked in that same order. It seem that the order has something to do with the pref value the filter gets. prio 1 = pref 1 prio 2 = pref 2 prio 3 = pref 3 ... prio 0 = pref 49151 Anyway I don't think that the prio should have anything to do with the order of the filtering. If it had I guess that a filter with prio 0 would be first filter to be check. The question is can I somehow in some reasonable way control the order of the filtering? - Martin On 2/17/07, Bob Puff <bob@xxxxxxxxxxxx> wrote:
This is the reverse of what I believe I have read - you may want to continue looking. Prio 0 is supposed to be the highest, i believe. Bob ---------- Original Message ----------- From: "Martin Schiøtz" <malinux@xxxxxxxxx> To: lartc@xxxxxxxxxxxxxxx Sent: Sat, 17 Feb 2007 19:14:46 +0100 Subject: Re: Order of 'tc filer' > OK - I solved the thing. Using 'prio 0' actually gives the filter a > low priority. > > I just used 'prio 1' instead and know I can control the order :-) > > - Martin > > On 2/17/07, Martin Schiøtz <malinux@xxxxxxxxx> wrote: > > Hi > > > > How can I control which filter a packet will meet first? > > > > I have tried changing the order of applying the tc filter scripts and > > switching flowid number, but 'protocol ip u32 match ip src <ip net> > > match ip src 0.0.0.0/0' always kicks in first? > > > > From my script > > -------------------- > > # All traffic - Priority: Low > > tc filter add dev eth0 parent 1:0 prio 2 protocol ip u32 match ip src > > <ip net> match ip src 0.0.0.0/0 flowid 1:21 > > # Traffic between offices (IPSEC) - Priority: High > > tc filter add dev eth0 parent 1:0 prio 0 protocol ip u32 match ip src > > <ip net> match ip protocol 50 0xff flowid 1:22 > > > > > > # tc -s filter show dev eth0 > > ---------------------------------- > > filter parent 1: protocol ip pref 2 u32 > > filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1 > > filter parent 1: protocol ip pref 2 u32 fh 800::802 order 2050 key ht > > 800 bkt 0 flowid 1:21 (rule hit 428 success 426) > > match c0000000/e0000000 at 16 (success 426 ) > > match 00000000/00000000 at 12 (success 426 ) > > filter parent 1: protocol ip pref 49151 u32 > > filter parent 1: protocol ip pref 49151 u32 fh 803: ht divisor 1 > > filter parent 1: protocol ip pref 49151 u32 fh 803::800 order 2048 key > > ht 803 bkt 0 flowid 1:22 (rule hit 3 success 0) > > match c0000000/e0000000 at 16 (success 0 ) > > match 00320000/00ff0000 at 8 (success 0 ) > > > > - Martin > > > _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc ------- End of Original Message -------
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
