Leigh Sharpe wrote:
Try protocol 8021q or whatever its number is -
Thanks Andy, this did the trick. And now for the next question.
802.1q is protocol number 0x8100. Therefore my filter lines look like this:
Tc filter add dev eth3 parent ffff: protocol 0x8100 prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0
What is the u32 matching on? Is it matching on IP headers, or is it matching on the protocol specified, ie the VLAN header?
It's the ethertype protocol number in ethernet frames - you can also
match it with a u32 offset of -2.
For my particular application, I need to decide which IFB to redirect to based on combinations of both VLAN ID and IP src/dst addresses. Can I specify matches for the VLAN ID here? If so, I would presume that I can then use an Iptables mark to filter on, with that mark based on IP address? (ebtables can't match the IP address of a tagged packet, unfortunately.) Otherwise, I'm going to have to mark the packets with a VLAN ID using ebtables and then another mark from Iptables based on src/dst IP address. What a sodding nightmare.
I've never used ebtables - I also haven't played with xtables yet -
infact I've barely touched my PC since xmas and am not up on what's
changed yet.
If you plan on marking with tc actions you'll need to be lucky with
kernel versions - maybe it's OK now, I need to get upto date.
I think to match vlan tags/ips you will have workout u32
offsets/masks/hex matches etc tcpdump -e and test alot - Ouch.
Looks like Patrick McHardy is in the process of changing all the qdiscs
to use hi res timers - cool I'll have to try that aswell.
Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
