|
 |
4aca6e |
From 86bb5cf1e2dacf9c3710e272da719149e94fcfec Mon Sep 17 00:00:00 2001
|
|
|
4aca6e |
From: Phil Sutter <psutter@redhat.com>
|
|
|
4aca6e |
Date: Fri, 17 Mar 2017 13:23:34 +0100
|
|
|
4aca6e |
Subject: [PATCH] tc: flower: document that *_ip parameters take a PREFIX as an
|
|
|
4aca6e |
argument.
|
|
|
4aca6e |
|
|
|
4aca6e |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1422629
|
|
|
4aca6e |
Upstream Status: iproute2.git commit b2a1f740aa4d3
|
|
|
4aca6e |
Conflicts: Adjusted patch to include changes added by Stephen Hemminger
|
|
|
4aca6e |
in a later merge commit.
|
|
|
4aca6e |
|
|
|
4aca6e |
commit b2a1f740aa4d37b0a15a1a8ea866a29d5fab4591
|
|
|
4aca6e |
Author: Simon Horman <simon.horman@netronome.com>
|
|
|
4aca6e |
Date: Fri Dec 16 14:54:36 2016 +0100
|
|
|
4aca6e |
|
|
|
4aca6e |
tc: flower: document that *_ip parameters take a PREFIX as an argument.
|
|
|
4aca6e |
|
|
|
4aca6e |
* The argument to src_ip, dst_ip, enc_src_ip and enc_dst_ip take an
|
|
|
4aca6e |
optional prefix length which is used to provide a mask to limit the scope
|
|
|
4aca6e |
of matching.
|
|
|
4aca6e |
* This is documented as a PREFIX in keeping with ip-route(8).
|
|
|
4aca6e |
|
|
|
4aca6e |
Example of uses of IPv4 and IPv6 prefixes
|
|
|
4aca6e |
|
|
|
4aca6e |
tc qdisc add dev eth0 ingress
|
|
|
4aca6e |
tc filter add dev eth0 protocol ip parent ffff: flower \
|
|
|
4aca6e |
indev eth0 dst_ip 192.168.1.1 action drop
|
|
|
4aca6e |
tc filter add dev eth0 protocol ip parent ffff: flower \
|
|
|
4aca6e |
indev eth0 src_ip 10.0.0.0/8 action drop
|
|
|
4aca6e |
tc filter add dev eth0 protocol ipv6 parent ffff: flower \
|
|
|
4aca6e |
indev eth0 src_ip 2001:DB8:1::/48 action drop
|
|
|
4aca6e |
tc filter add dev eth0 protocol ipv6 parent ffff: flower \
|
|
|
4aca6e |
indev eth0 dst_ip 2001:DB8::1 action drop
|
|
|
4aca6e |
|
|
|
4aca6e |
Signed-off-by: Simon Horman <simon.horman@netronome.com>
|
|
|
4aca6e |
---
|
|
|
4aca6e |
man/man8/tc-flower.8 | 28 ++++++++++++++--------------
|
|
|
4aca6e |
tc/f_flower.c | 4 ++--
|
|
|
4aca6e |
2 files changed, 16 insertions(+), 16 deletions(-)
|
|
|
4aca6e |
|
|
|
4aca6e |
diff --git a/man/man8/tc-flower.8 b/man/man8/tc-flower.8
|
|
|
4aca6e |
index c5ddf3c..3841ff2 100644
|
|
|
4aca6e |
--- a/man/man8/tc-flower.8
|
|
|
4aca6e |
+++ b/man/man8/tc-flower.8
|
|
|
4aca6e |
@@ -31,8 +31,8 @@ flower \- flow based traffic control filter
|
|
|
4aca6e |
.IR ETH_TYPE " } | "
|
|
|
4aca6e |
.BR ip_proto " { " tcp " | " udp " | " sctp " | " icmp " | " icmpv6 " | "
|
|
|
4aca6e |
.IR IP_PROTO " } | { "
|
|
|
4aca6e |
-.BR dst_ip " | " src_ip " } { "
|
|
|
4aca6e |
-.IR ipv4_address " | " ipv6_address " } | { "
|
|
|
4aca6e |
+.BR dst_ip " | " src_ip " } "
|
|
|
4aca6e |
+.IR PREFIX " | { "
|
|
|
4aca6e |
.BR dst_port " | " src_port " } "
|
|
|
4aca6e |
.IR port_number " } | "
|
|
|
4aca6e |
.B enc_key_id
|
|
|
4aca6e |
@@ -103,14 +103,14 @@ may be
|
|
|
4aca6e |
.BR tcp ", " udp ", " sctp ", " icmp ", " icmpv6
|
|
|
4aca6e |
or an unsigned 8bit value in hexadecimal format.
|
|
|
4aca6e |
.TP
|
|
|
4aca6e |
-.BI dst_ip " ADDRESS"
|
|
|
4aca6e |
+.BI dst_ip " PREFIX"
|
|
|
4aca6e |
.TQ
|
|
|
4aca6e |
-.BI src_ip " ADDRESS"
|
|
|
4aca6e |
+.BI src_ip " PREFIX"
|
|
|
4aca6e |
Match on source or destination IP address.
|
|
|
4aca6e |
-.I ADDRESS
|
|
|
4aca6e |
-must be a valid IPv4 or IPv6 address, depending on
|
|
|
4aca6e |
-.BR protocol
|
|
|
4aca6e |
-option of tc filter.
|
|
|
4aca6e |
+.I PREFIX
|
|
|
4aca6e |
+must be a valid IPv4 or IPv6 address, depending on the \fBprotocol\fR
|
|
|
4aca6e |
+option to tc filter, optionally followed by a slash and the prefix length.
|
|
|
4aca6e |
+If the prefix is missing, \fBtc\fR assumes a full-length host match.
|
|
|
4aca6e |
.TP
|
|
|
4aca6e |
.BI dst_port " NUMBER"
|
|
|
4aca6e |
.TQ
|
|
|
4aca6e |
@@ -128,16 +128,16 @@ which have to be specified in beforehand.
|
|
|
4aca6e |
.TP
|
|
|
4aca6e |
.BI enc_key_id " NUMBER"
|
|
|
4aca6e |
.TQ
|
|
|
4aca6e |
-.BI enc_dst_ip " ADDRESS"
|
|
|
4aca6e |
+.BI enc_dst_ip " PREFIX"
|
|
|
4aca6e |
.TQ
|
|
|
4aca6e |
-.BI enc_src_ip " ADDRESS"
|
|
|
4aca6e |
-.TQ
|
|
|
4aca6e |
-.BI enc_dst_port " NUMBER"
|
|
|
4aca6e |
+.BI enc_src_ip " PREFIX"
|
|
|
4aca6e |
Match on IP tunnel metadata. Key id
|
|
|
4aca6e |
.I NUMBER
|
|
|
4aca6e |
is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).
|
|
|
4aca6e |
-.I ADDRESS
|
|
|
4aca6e |
-must be a valid IPv4 or IPv6 address. Dst port
|
|
|
4aca6e |
+.I PREFIX
|
|
|
4aca6e |
+must be a valid IPv4 or IPv6 address optionally followed by a slash and the
|
|
|
4aca6e |
+prefix length. If the prefix is missing, \fBtc\fR assumes a full-length
|
|
|
4aca6e |
+host match. Dst port
|
|
|
4aca6e |
.I NUMBER
|
|
|
4aca6e |
is a 16 bit UDP dst port.
|
|
|
4aca6e |
.SH NOTES
|
|
|
4aca6e |
diff --git a/tc/f_flower.c b/tc/f_flower.c
|
|
|
4aca6e |
index 00e3ea6..5d93568 100644
|
|
|
4aca6e |
--- a/tc/f_flower.c
|
|
|
4aca6e |
+++ b/tc/f_flower.c
|
|
|
4aca6e |
@@ -48,8 +48,8 @@ static void explain(void)
|
|
|
4aca6e |
" dst_mac MAC-ADDR |\n"
|
|
|
4aca6e |
" src_mac MAC-ADDR |\n"
|
|
|
4aca6e |
" ip_proto [tcp | udp | sctp | icmp | icmpv6 | IP-PROTO ] |\n"
|
|
|
4aca6e |
- " dst_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
|
|
|
4aca6e |
- " src_ip [ IPV4-ADDR | IPV6-ADDR ] |\n"
|
|
|
4aca6e |
+ " dst_ip PREFIX |\n"
|
|
|
4aca6e |
+ " src_ip PREFIX |\n"
|
|
|
4aca6e |
" dst_port PORT-NUMBER |\n"
|
|
|
4aca6e |
" src_port PORT-NUMBER |\n"
|
|
|
4aca6e |
" type ICMP-TYPE |\n"
|
|
|
4aca6e |
--
|
|
|
4aca6e |
1.8.3.1
|
|
|
4aca6e |
|