Re: using tc to drop packets based on the diffserc or tos value

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Raghuvendra Kumar wrote:
Hi all,

> [...]

[root@scotch src]#tc filter add dev eth0 protocol ip u32 match ip dsfield 8 police drop

its showing error "Illegal "match".

Can any one of you guide me , what is the correct way of doing it.
Its imporatnt, Please post reply ASAP.


For instance:

tc qdisc add dev eth0 root handle 1: hfsc default 99
# (.. remaining classes / etc. ..)

tc filter add dev eth0 parent 1:0 protocol ip  prio 1 u32 \
	match ip dsfield 0x08 0xff action drop

Remember that mask is mandatory.

Also check out doc/actions directory for info about extended actions in iproute tarball.


Out of curiosity - why not just:

iptables -A OUTPUT -o eth0 -p udp --sport 5060 -j DROP

... or with something like -j REJECT --reject-with icmp-port-unreachable, depending on your needs. Assuming it's not just for testing purposes, and you actually want to drop the traffic generated by your host from that particular port.


_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux