Showing posts with label u32. Show all posts
Showing posts with label u32. Show all posts

Friday, October 7, 2011

The u32 filter


The u32 filter

Overview

The u32 filter allows you to match on any bit field within a packet, so it is in some ways the most powerful filter provided by the Linux traffic control engine. It is also the most complex, and by far the hardest to use. To explain it I will start with a bit of a tutorial.

Read more »
Posted by at No comments:
Labels: ,

Thursday, October 6, 2011

U32 tips tricks

Chaining u32 example 

# Root rule, for Gigabit interface
tc class add dev ${IFACE} parent 1: classid 1:2 htb rate 950Mbit ceil 950Mbit quantum 1514

# For "other" mac addresses
tc class add dev ${IFACE} parent 1:2 classid 1:3 htb rate 680Mbit ceil 950Mbit quantum 1514
tc qdisc add dev ${IFACE} handle 3: parent 1:3 bfifo limit 3000000

# For "our" mac address
tc class add dev ${IFACE} parent 1:2 classid 1:10 htb rate 260Mbit ceil 260Mbit quantum 1514
tc qdisc add dev ${IFACE} handle 10: parent 1:10 bfifo limit 3000000

# High priority for specific MAC
tc class add dev ${IFACE} parent 1:10 classid 1:20 htb rate 200Mbit ceil 260Mbit quantum 1514
tc qdisc add dev ${IFACE} handle 20: parent 1:20 bfifo limit 3000000

#Create handle 1:

tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: handle 1: u32 divisor 1

# Filter all traffic to specific MAC to handle 1
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 800:: match u16 0x0800 0xFFFF at -2 match u32 0x23af02ca 0xFFFFFFFF at -12 match u16 0x0004 0xFFFF at -14 link 1:

# Filter traffic of handle 1 (it means to specific MAC)
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip sport 22 0xff flowid 1:20
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip dport 22 0xff flowid 1:20
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip sport 53 0xff flowid 1:20
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip dport 53 0xff flowid 1:20
tc filter add dev ${IFACE} protocol ip pref 10 parent 1: u32 ht 1: match ip sport 80 0xff flowid 1:20

# Low priority class for specific MAC
tc class add dev ${IFACE} parent 1:10 classid 1:30 htb rate 60Mbit ceil 260Mbit quantum 1514
tc qdisc add dev ${IFACE} handle 30: parent 1:30 bfifo limit 300000
tc filter add dev ${IFACE} protocol ip pref 100 parent 1: u32 ht 1: match ip dst 0.0.0.0/0 flowid 1:30

#DEFAULT FOR ALL REMAINING
tc filter add dev ${IFACE} protocol ip pref 1000 parent 1: u32 match ip dst 0.0.0.0/0 flowid 1:3

Read more »
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)