Hi, I'm trying to police ingress traffic based on port numbers and IP addresses. The u32 match based on IP addresses seems to work without issues and I'm am able to police incoming packets. However, the same isn't working with u32 matches based on TCP port numbers. For port numbers, I added exactly one 'u32 match' rule: common for both: # tc qdisc add dev eth0 handle ffff: ingress And then: # tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src \ 0.0.0.0/0 police rate 128kbit burst 10k drop flowid :1 The rule above works, but the same with a port match does not: # tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match tcp dport 0xXYZ 0xFFFF police rate 128kbit burst 10k drop flowid :1 Is there anything I am missing? TIA, -- Shuveb Hussain. When you lose, be patient. When you achieve, be even more patient. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
