proxmox-mirrors/mirror_iproute2
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_iproute2 synced 2025-10-08 05:25:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
0330f49ea0
mirror_iproute2/man/man8/tc-flower.8
Amir Vadai cfcabf18d8 tc: flower: Add skip_{hw|sw} support 
On devices that support TC flower offloads, these flags enable a filter to be
added only to HW or only to SW. skip_sw and skip_hw are mutually exclusive
flags. By default without any flags, the filter is added to both HW and SW,
but no error checks are done in case of failure to add to HW.
With skip-sw, failure to add to HW is treated as an error.

Here is a sample script that adds 2 filters, one with skip_sw and the other
with skip_hw flag.

   # add ingress qdisc
   tc qdisc add dev enp0s9 ingress

   # enable hw tc offload.
   ethtool -K enp0s9 hw-tc-offload on

   # add a flower filter with skip-sw flag.
   tc filter add dev enp0s9 protocol ip parent ffff: flower \
	   ip_proto 1 indev enp0s9 skip_sw \
	   action drop

   # add a flower filter with skip-hw flag.
   tc filter add dev enp0s9 protocol ip parent ffff: flower \
	   ip_proto 3 indev enp0s9 skip_hw \
	   action drop

Signed-off-by: Amir Vadai <amirva@mellanox.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
2016-07-06 21:24:48 -07:00

123 lines
3.1 KiB
Groff
Raw Blame History

.TH "Flower filter in tc" 8 "22 Oct 2015" "iproute2" "Linux"
.SH NAME
flower \- flow based traffic control filter
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " " filter " ... " flower " [ "
.IR MATCH_LIST " ] [ "
.B action
.IR ACTION_SPEC " ] [ "
.B classid
.IR CLASSID " ]"
.ti -8
.IR MATCH_LIST " := [ " MATCH_LIST " ] " MATCH
.ti -8
.IR MATCH " := { "
.B indev
.IR ifname " | "
.BR skip_sw " | " skip_hw
.R " | { "
.BR dst_mac " | " src_mac " } "
.IR mac_address " | "
.BR eth_type " { " ipv4 " | " ipv6 " | "
.IR ETH_TYPE " } | "
.BR ip_proto " { " tcp " | " udp " | "
.IR IP_PROTO " } | { "
.BR dst_ip " | " src_ip " } { "
.IR ipv4_address " | " ipv6_address " } | { "
.BR dst_port " | " src_port " } "
.IR port_number " }"
.SH DESCRIPTION
The
.B flower
filter matches flows to the set of keys specified and assigns an arbitrarily
chosen class ID to packets belonging to them. Additionally (or alternatively) an
action from the generic action framework may be called.
.SH OPTIONS
.TP
.BI action " ACTION_SPEC"
Apply an action from the generic actions framework on matching packets.
.TP
.BI classid " CLASSID"
Specify a class to pass matching packets on to.
.I CLASSID
is in the form
.BR X : Y ", while " X " and " Y
are interpreted as numbers in hexadecimal format.
.TP
.BI indev " ifname"
Match on incoming interface name. Obviously this makes sense only for forwarded
flows.
.I ifname
is the name of an interface which must exist at the time of
.B tc
invocation.
.TP
.BI skip_sw
Do not process filter by software. If hardware has no offload support for this
filter, or TC offload is not enabled for the interface, operation will fail.
.TP
.BI skip_hw
Do not process filter by hardware.
.TP
.BI dst_mac " mac_address"
.TQ
.BI src_mac " mac_address"
Match on source or destination MAC address.
.TP
.BI eth_type " ETH_TYPE"
Match on layer three protocol.
.I ETH_TYPE
may be either
.BR ipv4 , ipv6
or an unsigned 16bit value in hexadecimal format.
.TP
.BI ip_proto " IP_PROTO"
Match on layer four protocol.
.I IP_PROTO
may be either
.BR tcp , udp
or an unsigned 8bit value in hexadecimal format.
.TP
.BI dst_ip " ADDRESS"
.TQ
.BI src_ip " ADDRESS"
Match on source or destination IP address.
.I ADDRESS
must be a valid IPv4 or IPv6 address, depending on
.BR ether_type ,
which has to be specified in beforehand.
.TP
.BI dst_port " NUMBER"
.TQ
.BI src_port " NUMBER"
Match on layer 4 protocol source or destination port number. Only available for
.BR ip_proto " values " udp " and " tcp ,
which has to be specified in beforehand.
.SH NOTES
As stated above where applicable, matches of a certain layer implicitly depend
on the matches of the next lower layer. Precisely, layer one and two matches (
.BR indev , dst_mac , src_mac " and " eth_type )
have no dependency, layer three matches (
.BR ip_proto , dst_ip " and " src_ip )
require
.B eth_type
being set to either
.BR ipv4 " or " ipv6 ,
and finally layer four matches (
.BR dst_port " and " src_port )
depend on
.B ip_proto
being set to either
.BR tcp " or " udp .
.P
There can be only used one mask per one prio. If user needs to specify different
mask, he has to use different prio.
.SH SEE ALSO
.BR tc (8),
.BR tc-flow (8)
Reference in New Issue View Git Blame Copy Permalink