Re: Some more test on ingress, ifb, fwmark

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Kernel, iproute and iptables are steadily *in sync* with debian
> packages and are patched with:

I've rethinked a bit my setup, and at least i can give ifb a try.

Simply because ''complex'' traffic goes into some OpenVPN tunnels,
where i can precisely control flow, using the opposite end.

So, suffices to me to filter based on TCP port and protocol, and so
seems also that u32 suffices.


I've setup a test script, but:

 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 1 u32 match ip protocol 17 0xff match udp dport 22001 0xfff flowid 1:10
 Illegal "match"
 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 1 u32 match ip protocol 17 0xff match udp dport 22027 0xfff flowid 1:10
 Illegal "match"
 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 2 u32 match ip protocol 17 0xff match udp sport 22005 0xfff flowid 1:10
 Illegal "match"
 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 2 u32 match ip protocol 6 0xff match tcp port 22 0xfff flowid 1:20
 Illegal "match"
 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 3 u32 match ip protocol 17 0xff match tcp port 80 0xfff flowid 1:30
 Illegal "match"
 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 3 u32 match ip protocol 17 0xff match tcp port 443 0xfff flowid 1:30
 Illegal "match"
 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 3 u32 match tcp port 53 0xfff flowid 1:30
 Illegal "match"
 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 4 u32 match ip protocol 6 0xff match tcp port 25 0xfff flowid 1:40
 Illegal "match"
 /sbin/tc filter add dev ifb2 parent 1:0 protocol ip prio 5 flowid 1:50
 Unknown filter "flowid", hence option "1:50" is unparsable

I've google around a bit, but i'm a bit confused on tc command line
syntiax.

Someone can point me to a tc/u32 reference, or at least to my mistakes?


Tnx.

-- 
dott. Marco Gaiarin				    GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''                http://www.sv.lnf.it/
  Polo FVG  -  Via della Bontà, 7 - 33078  -  San Vito al Tagliamento (PN)
  marco.gaiarin(at)sv.lnf.it	  tel +39-0434-842711  fax +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
	   http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
--
To unsubscribe from this list: send the line "unsubscribe lartc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux