LARTC
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[LARTC] Policing based on port numbers

from [Shuveb Hussain] [Permanent Link][Original]
To: lartc@mailman.ds9a.nl
Subject: [LARTC] Policing based on port numbers
From: "Shuveb Hussain" <shuveb@gmail.com>
Date: Wed, 11 Apr 2007 21:23:07 +0530
Delivered-to: sp-com-lists@consult.net
Delivered-to: lartc-list@securepoint.com
Delivered-to: lartc@outpost.ds9a.nl
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=sOCz7XLUBHBK64+DO85gI2Qv8XgSdxoFRoScODGmEixkTHg0z46d+T0kE9mU17NRdJdgCuNn2zMjuPbcPXJFXNlMR2uEbzWuSIw7lKcpEWfm+CZ610RsJ+Cru42rXqCxjknrM9QWOf1BAHRFPB+6inLGQjitEVeFYvd7ppsdEJM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=oiU2uUDE6v5TEnUPy4BhCVKbayZqojapaFwEAcxLO5utj4trKde04auV0L6b4Sy1G4tRrXnbvrI2/uKx8KXSNgJg07JfNhRa0+gWrblmjKg8mmPOdSdP/GYMN7kVQmCcRJKC95jGo2SvnsYYaGP3S9KQdNy3X5UavDaqjtaO7o8=
List-archive: <http://mailman.ds9a.nl/pipermail/lartc>
List-help: <mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id: "Mailinglist of the Linux Advanced Routing &amp; Traffic Control project" <lartc.mailman.ds9a.nl>
List-post: <mailto:lartc@mailman.ds9a.nl>
List-subscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe: <http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
Sender: lartc-bounces@mailman.ds9a.nl 
Hi,

I'm trying to police ingress traffic based on port numbers and IP
addresses. The u32 match based on IP addresses seems to work without
issues and I'm am able to police incoming packets. However, the same
isn't working with u32 matches based on TCP port numbers. For port
numbers, I added exactly one 'u32 match' rule:

common for both:
# tc qdisc add dev eth0 handle ffff: ingress

And then:

# tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match ip src \
  0.0.0.0/0 police rate 128kbit burst 10k drop flowid :1

The rule above works, but the same with a port match does not:

# tc filter add dev eth0 parent ffff: protocol ip prio 50 u32 match
tcp dport 0xXYZ 0xFFFF police rate 128kbit burst 10k drop flowid :1

Is there anything I am missing?

TIA,
--
Shuveb Hussain.
When you lose, be patient. When you achieve, be even more patient.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [LARTC] equalize / ecmp not working as expected in 2.6 vs 2.4, Andrew Lyon
Next by Date:  Re: AW: [LARTC] tc (CBQ) and UDP packets, Andy Furniss
Previous by Thread:  [LARTC] two routes, non-permanent higher proiority, Bob Beers
Next by Thread:  Re: [LARTC] Policing based on port numbers, Andy Furniss
Indexes:  [Date] [Thread] [Top] [All Lists]