Re: tc u32 match !port

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wednesday 02 May 2007 10:36, Salatiel Filho wrote:
> How can i redirect all traffic that not come from port 80 to a flow ?
>
> i was thing about some like
>
> tc filter add dev imq1 parent 1: protocol ip prio 7 u32 match ip sport
> !80 ......
Maybe you should try with iptables/tc solution:
iptables -t <table> -A <chain> -p tcp --sport ! 80 0xffff -j MARK --set-mark 5
tc filter add dev imq1 parent 1: handle 5 fw flowid ...

>
> But this not work.
>
> Another doubt, if i have two rules that intersects , for example ,
> one filter with u32 match ip src 10.10.10.10 flowid 1:10
> and other with u32 match sport 80 0xffff flowid 1:11 , which one will
> work in case of a packet to 10.10.10.10 with sport 80 ???
>From all filters in the current tc node, those with current priority, will 
match in the same order you declare them. Maybe you want to do something 
like:
     |-------------|
     | 10.10.10.10 |
     |-------------|
       /         \
      /           \
|---------|  |----------|
| default |  | sport 80 |
|---------|  |----------|
then you will have the traffic from 10.10.10.10 going to the subtree root, and 
the traffic that also has port 80 as source, will go to the right child of 
the tree. Maybe the rules will like as the following:

iptables -t mangle -A PREROUTING -s 10.10.10.10 -j MARK --set-mark 4
...
// parent (node 10.10.10.10 on *figure*)
tc class add dev imq1 parent 1:1 classid 1:10 htb rate ...
// "default" node 
tc class add dev imq1 parent 1:10 classid 1:11 htb rate ...
// "sport 80" node
tc class add dev imq1 parent 1:10 classid 1:12 htb rate ...
...
// filter to match the traffic that will go to "sport 80" node
tc filter add dev imq1 protocol ip parent 1: prio 1 u32 match ip src 
10.10.10.10 match ip sport 80 0xffff flowid 1:20
// filter to match the rest of the traffic from 10.10.10.10 (going 
to "default")
tc filter add dev imq1 protocol ip parent 1: prio 1 u32 match ip src 
10.10.10.10 flowid 1:20

-- 
Alejandro Ramos Encinosa <alex@xxxxx>
Fac. Matemática Computación
Universidad de La Habana
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux