curt brune wrote:> Using tc filter is there a way to direct a range of ports (say ports 5000
> to 5100) to a particular flowid ?
You can translate relational operators (<, >=, etc.) into individual
tests of bits or prefixes, which can then be used by u32.
For the algorithms, see tcng''s tcng/tcc/iflib_arith.c:rel_general
and the functions it calls.
If using tcc to generate such classifiers, you can speed up
configuration-time processing considerably with -Oprefix -Onocse
> Theoretical question: Has anyone done an experiment to test wether
> filtering with "tc" or "iptables" is more performant?
In this case, iptables should win hands down, because it uses
CPU instructions that accomplish the task much more directly.
I don''t know how iptables and tc compare in cases where the
actual classifications have similar cost. If somebody''s going
to run some comparisons, the results may be interesting,
though.
- Werner
--
_________________________________________________________________________
/ Werner Almesberger, Buenos Aires, Argentina wa@almesberger.net /
/_http://www.almesberger.net/____________________________________________/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/