[LARTC] Problems matching by mac address
Adam M. Towarnyckyj
adamt at commspeed.net
Tue Apr 4 19:54:27 CEST 2006
Hey all,
I recently read on a prior post as well as the FAQ that
packets can be limited by mac address using the u32 filter. I attempted
this and, while all the commands went through with no errors, it is not
limiting at all. I'm attempting to limit all IP traffic to a specific
destination mac address (00:12:3f:05:43:7f). Here is a quick rundown of
the commands I've used:
tc qdisc add dev eth1 root handle 1: prio
tc qdisc add dev eth1 parent 1:1 handle 11: pfifo
tc qdisc add dev eth1 parent 1:2 handle 12: htb
tc class add dev eth1 parent 12: classid 12:10 htb rate 128kbit
tc qdisc add dev eth1 parent 12:10 sfq quantum 1514 perturb 15
tc filter add dev eth1 protocol ip parent 12: prio 5 u32 match u16
0x0800 0xFFFF at -2 match u32 0x3f05437f 0xFFFFFF at -12 match u16
0x0012 0xFFFF at -14 flowid 12:10
eth1 is the outgoing interface on a bridge I have setup.
When I download a large file through the bridge, it is still showing
7Mbit on a 10Mbit network. The weird part is, everything limits just
fine if I change the filter to match by IP destination instead of mac
address destination. The only problem with this is that I require it be
done by mac address. The filter by ip I use is:
tc filter add dev eth1 protocol ip parent 12: prio 5 u32 match ip dst
xxx.xxx.xxx.xxx/32 flowid 12:10
Filtering by destination IP has worked for me for months now just fine.
The only problem is, I'm opening up DHCP to a pool and want to limit by
destination mac address since I can't be sure what IP someone is getting
without interaction with the dhcp lease file. Does anyone notice
anything I may be doing wrong? Your help would be much appreciated.
Thanks.
Adam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ds9a.nl/pipermail/lartc/attachments/20060404/4f0499c6/attachment.htm
More information about the LARTC
mailing list