hi all i want help in managing icmp traffic. this is what i tried --> iptables -t mangle -A PREROUTING -d 10.0.0.0/8 -p 1 -j MARK --set-mark 4001 tc filter add dev eth4 parent 5:0 match protocol ip 1 prio 2 handle 4001 fw classid 5:105 i tried permutaion of >> match protocol ip 1 << but always getting different errors. i want to know whats the syntax for tc when i mark packets with iptables of icmp type ! iptables -nvL PREROUTING -t mangle does shows figures indicating icmp packets r inded being marked ! thanx in advance A.H
eth wrote:> Arindam Haldar wrote: > >> i want help in managing icmp traffic. this is what i tried --> >> iptables -t mangle -A PREROUTING -d 10.0.0.0/8 -p 1 -j MARK --set-mark >> 4001 >> >> tc filter add dev eth4 parent 5:0 match protocol ip 1 prio 2 handle >> 4001 fw classid 5:105 >> >> i tried permutaion of >> match protocol ip 1 << but always getting >> different errors. >> i want to know whats the syntax for tc when i mark packets with >> iptables of icmp type ! >> iptables -nvL PREROUTING -t mangle does shows figures indicating icmp >> packets r inded being marked ! > > If only ICMP is the criterion why bother with iptables? Afterwall the > u32 filter of tc can match pretty anything in terms of tcp/ip... > > If I''m not wrong for example > > tc filter add dev eth1 protocol ip parent 5:0 prio 2 match ip dst > 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105 > > ... would create a filter to match all ICMP traffic destined to 10.0.0.0 ># tc filter add dev eth4 parent 5:0 protocol ip prio 2 match ip dst 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105 Unknown filter "match", hence "ip" is unparsable A.H
Arindam Haldar wrote:> eth wrote: > >> Arindam Haldar wrote: >> >>> i want help in managing icmp traffic. this is what i tried --> >>> iptables -t mangle -A PREROUTING -d 10.0.0.0/8 -p 1 -j MARK >>> --set-mark 4001 >>> >>> tc filter add dev eth4 parent 5:0 match protocol ip 1 prio 2 handle >>> 4001 fw classid 5:105 >>> >>> i tried permutaion of >> match protocol ip 1 << but always getting >>> different errors. >>> i want to know whats the syntax for tc when i mark packets with >>> iptables of icmp type ! >>> iptables -nvL PREROUTING -t mangle does shows figures indicating icmp >>> packets r inded being marked ! >> >> >> If only ICMP is the criterion why bother with iptables? Afterwall the >> u32 filter of tc can match pretty anything in terms of tcp/ip... >> >> If I''m not wrong for example >> >> tc filter add dev eth1 protocol ip parent 5:0 prio 2 match ip dst >> 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105 >> >> ... would create a filter to match all ICMP traffic destined to 10.0.0.0 >> > > # tc filter add dev eth4 parent 5:0 protocol ip prio 2 match ip dst > 10.0.0.0/8 match ip protocol 1 0xff flowid 5:105 > Unknown filter "match", hence "ip" is unparsable > > A.H >I AM EXTREMLY SORRY !! ... didnt add u32 to the above !.. :-( thanx 4 ur help !