mirror of
https://git.proxmox.com/git/mirror_iproute2
synced 2025-10-27 17:47:25 +00:00
2e67b57a43
Add details explaining the hw_tc option. Signed-off-by: Amritha Nambiar <amritha.nambiar@intel.com>
290 lines
8.5 KiB
Groff
290 lines
8.5 KiB
Groff
.TH "Flower filter in tc" 8 "22 Oct 2015" "iproute2" "Linux"
|
|
|
|
.SH NAME
|
|
flower \- flow based traffic control filter
|
|
.SH SYNOPSIS
|
|
.in +8
|
|
.ti -8
|
|
.BR tc " " filter " ... " flower " [ "
|
|
.IR MATCH_LIST " ] [ "
|
|
.B action
|
|
.IR ACTION_SPEC " ] [ "
|
|
.B classid
|
|
.IR CLASSID " ] [ "
|
|
.B hw_tc
|
|
.IR TCID " ]"
|
|
|
|
|
|
.ti -8
|
|
.IR MATCH_LIST " := [ " MATCH_LIST " ] " MATCH
|
|
|
|
.ti -8
|
|
.IR MATCH " := { "
|
|
.B indev
|
|
.IR ifname " | "
|
|
.BR skip_sw " | " skip_hw
|
|
.RI " | { "
|
|
.BR dst_mac " | " src_mac " } "
|
|
.IR MASKED_LLADDR " | "
|
|
.B vlan_id
|
|
.IR VID " | "
|
|
.B vlan_prio
|
|
.IR PRIORITY " | "
|
|
.BR vlan_ethtype " { " ipv4 " | " ipv6 " | "
|
|
.IR ETH_TYPE " } | "
|
|
.B mpls_label
|
|
.IR LABEL " | "
|
|
.B mpls_tc
|
|
.IR TC " | "
|
|
.B mpls_bos
|
|
.IR BOS " | "
|
|
.B mpls_ttl
|
|
.IR TTL " | "
|
|
.BR ip_proto " { " tcp " | " udp " | " sctp " | " icmp " | " icmpv6 " | "
|
|
.IR IP_PROTO " } | "
|
|
.B ip_tos
|
|
.IR MASKED_IP_TOS " | "
|
|
.B ip_ttl
|
|
.IR MASKED_IP_TTL " | { "
|
|
.BR dst_ip " | " src_ip " } "
|
|
.IR PREFIX " | { "
|
|
.BR dst_port " | " src_port " } "
|
|
.IR port_number " } | "
|
|
.B tcp_flags
|
|
.IR MASKED_TCP_FLAGS " | "
|
|
.B type
|
|
.IR MASKED_TYPE " | "
|
|
.B code
|
|
.IR MASKED_CODE " | { "
|
|
.BR arp_tip " | " arp_sip " } "
|
|
.IR IPV4_PREFIX " | "
|
|
.BR arp_op " { " request " | " reply " | "
|
|
.IR OP " } | { "
|
|
.BR arp_tha " | " arp_sha " } "
|
|
.IR MASKED_LLADDR " | "
|
|
.B enc_key_id
|
|
.IR KEY-ID " | {"
|
|
.BR enc_dst_ip " | " enc_src_ip " } { "
|
|
.IR ipv4_address " | " ipv6_address " } | "
|
|
.B enc_dst_port
|
|
.IR port_number " | "
|
|
.BR ip_flags
|
|
.IR IP_FLAGS
|
|
.SH DESCRIPTION
|
|
The
|
|
.B flower
|
|
filter matches flows to the set of keys specified and assigns an arbitrarily
|
|
chosen class ID to packets belonging to them. Additionally (or alternatively) an
|
|
action from the generic action framework may be called.
|
|
.SH OPTIONS
|
|
.TP
|
|
.BI action " ACTION_SPEC"
|
|
Apply an action from the generic actions framework on matching packets.
|
|
.TP
|
|
.BI classid " CLASSID"
|
|
Specify a class to pass matching packets on to.
|
|
.I CLASSID
|
|
is in the form
|
|
.BR X : Y ", while " X " and " Y
|
|
are interpreted as numbers in hexadecimal format.
|
|
.TP
|
|
.BI hw_tc " TCID"
|
|
Specify a hardware traffic class to pass matching packets on to. TCID is in the
|
|
range 0 through 15.
|
|
.TP
|
|
.BI indev " ifname"
|
|
Match on incoming interface name. Obviously this makes sense only for forwarded
|
|
flows.
|
|
.I ifname
|
|
is the name of an interface which must exist at the time of
|
|
.B tc
|
|
invocation.
|
|
.TP
|
|
.BI skip_sw
|
|
Do not process filter by software. If hardware has no offload support for this
|
|
filter, or TC offload is not enabled for the interface, operation will fail.
|
|
.TP
|
|
.BI skip_hw
|
|
Do not process filter by hardware.
|
|
.TP
|
|
.BI dst_mac " MASKED_LLADDR"
|
|
.TQ
|
|
.BI src_mac " MASKED_LLADDR"
|
|
Match on source or destination MAC address. A mask may be optionally
|
|
provided to limit the bits of the address which are matched. A mask is
|
|
provided by following the address with a slash and then the mask. It may be
|
|
provided in LLADDR format, in which case it is a bitwise mask, or as a
|
|
number of high bits to match. If the mask is missing then a match on all
|
|
bits is assumed.
|
|
.TP
|
|
.BI vlan_id " VID"
|
|
Match on vlan tag id.
|
|
.I VID
|
|
is an unsigned 12bit value in decimal format.
|
|
.TP
|
|
.BI vlan_prio " PRIORITY"
|
|
Match on vlan tag priority.
|
|
.I PRIORITY
|
|
is an unsigned 3bit value in decimal format.
|
|
.TP
|
|
.BI vlan_ethtype " VLAN_ETH_TYPE"
|
|
Match on layer three protocol.
|
|
.I VLAN_ETH_TYPE
|
|
may be either
|
|
.BR ipv4 ", " ipv6
|
|
or an unsigned 16bit value in hexadecimal format.
|
|
.TP
|
|
.BI mpls_label " LABEL"
|
|
Match the label id in the outermost MPLS label stack entry.
|
|
.I LABEL
|
|
is an unsigned 20 bit value in decimal format.
|
|
.TP
|
|
.BI mpls_tc " TC"
|
|
Match on the MPLS TC field, which is typically used for packet priority,
|
|
in the outermost MPLS label stack entry.
|
|
.I TC
|
|
is an unsigned 3 bit value in decimal format.
|
|
.TP
|
|
.BI mpls_bos " BOS"
|
|
Match on the MPLS Bottom Of Stack field in the outermost MPLS label stack
|
|
entry.
|
|
.I BOS
|
|
is a 1 bit value in decimal format.
|
|
.TP
|
|
.BI mpls_ttl " TTL"
|
|
Match on the MPLS Time To Live field in the outermost MPLS label stack
|
|
entry.
|
|
.I TTL
|
|
is an unsigned 8 bit value in decimal format.
|
|
.TP
|
|
.BI ip_proto " IP_PROTO"
|
|
Match on layer four protocol.
|
|
.I IP_PROTO
|
|
may be
|
|
.BR tcp ", " udp ", " sctp ", " icmp ", " icmpv6
|
|
or an unsigned 8bit value in hexadecimal format.
|
|
.TP
|
|
.BI ip_tos " MASKED_IP_TOS"
|
|
Match on ipv4 TOS or ipv6 traffic-class - eight bits in hexadecimal format.
|
|
A mask may be optionally provided to limit the bits which are matched. A mask
|
|
is provided by following the value with a slash and then the mask. If the mask
|
|
is missing then a match on all bits is assumed.
|
|
.TP
|
|
.BI ip_ttl " MASKED_IP_TTL"
|
|
Match on ipv4 TTL or ipv6 hop-limit - eight bits value in decimal or hexadecimal format.
|
|
A mask may be optionally provided to limit the bits which are matched. Same
|
|
logic is used for the mask as with matching on ip_tos.
|
|
.TP
|
|
.BI dst_ip " PREFIX"
|
|
.TQ
|
|
.BI src_ip " PREFIX"
|
|
Match on source or destination IP address.
|
|
.I PREFIX
|
|
must be a valid IPv4 or IPv6 address, depending on the \fBprotocol\fR
|
|
option to tc filter, optionally followed by a slash and the prefix length.
|
|
If the prefix is missing, \fBtc\fR assumes a full-length host match.
|
|
.TP
|
|
.BI dst_port " NUMBER"
|
|
.TQ
|
|
.BI src_port " NUMBER"
|
|
Match on layer 4 protocol source or destination port number. Only available for
|
|
.BR ip_proto " values " udp ", " tcp " and " sctp
|
|
which have to be specified in beforehand.
|
|
.TP
|
|
.BI tcp_flags " MASKED_TCP_FLAGS"
|
|
Match on TCP flags represented as 12bit bitfield in in hexadecimal format.
|
|
A mask may be optionally provided to limit the bits which are matched. A mask
|
|
is provided by following the value with a slash and then the mask. If the mask
|
|
is missing then a match on all bits is assumed.
|
|
.TP
|
|
.BI type " MASKED_TYPE"
|
|
.TQ
|
|
.BI code " MASKED_CODE"
|
|
Match on ICMP type or code. A mask may be optionally provided to limit the
|
|
bits of the address which are matched. A mask is provided by following the
|
|
address with a slash and then the mask. The mask must be as a number which
|
|
represents a bitwise mask If the mask is missing then a match on all bits
|
|
is assumed. Only available for
|
|
.BR ip_proto " values " icmp " and " icmpv6
|
|
which have to be specified in beforehand.
|
|
.TP
|
|
.BI arp_tip " IPV4_PREFIX"
|
|
.TQ
|
|
.BI arp_sip " IPV4_PREFIX"
|
|
Match on ARP or RARP sender or target IP address.
|
|
.I IPV4_PREFIX
|
|
must be a valid IPv4 address optionally followed by a slash and the prefix
|
|
length. If the prefix is missing, \fBtc\fR assumes a full-length host
|
|
match.
|
|
.TP
|
|
.BI arp_op " ARP_OP"
|
|
Match on ARP or RARP operation.
|
|
.I ARP_OP
|
|
may be
|
|
.BR request ", " reply
|
|
or an integer value 0, 1 or 2. A mask may be optionally provided to limit
|
|
the bits of the operation which are matched. A mask is provided by
|
|
following the address with a slash and then the mask. It may be provided as
|
|
an unsigned 8 bit value representing a bitwise mask. If the mask is missing
|
|
then a match on all bits is assumed.
|
|
.TP
|
|
.BI arp_sha " MASKED_LLADDR"
|
|
.TQ
|
|
.BI arp_tha " MASKED_LLADDR"
|
|
Match on ARP or RARP sender or target MAC address. A mask may be optionally
|
|
provided to limit the bits of the address which are matched. A mask is
|
|
provided by following the address with a slash and then the mask. It may be
|
|
provided in LLADDR format, in which case it is a bitwise mask, or as a
|
|
number of high bits to match. If the mask is missing then a match on all
|
|
bits is assumed.
|
|
.TP
|
|
.BI enc_key_id " NUMBER"
|
|
.TQ
|
|
.BI enc_dst_ip " PREFIX"
|
|
.TQ
|
|
.BI enc_src_ip " PREFIX"
|
|
.TQ
|
|
.BI enc_dst_port " NUMBER"
|
|
Match on IP tunnel metadata. Key id
|
|
.I NUMBER
|
|
is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).
|
|
.I PREFIX
|
|
must be a valid IPv4 or IPv6 address optionally followed by a slash and the
|
|
prefix length. If the prefix is missing, \fBtc\fR assumes a full-length
|
|
host match. Dst port
|
|
.I NUMBER
|
|
is a 16 bit UDP dst port.
|
|
.TP
|
|
.BI ip_flags " IP_FLAGS"
|
|
.I IP_FLAGS
|
|
may be either
|
|
.BR frag " or " nofrag
|
|
to match on fragmented packets or not respectively.
|
|
.SH NOTES
|
|
As stated above where applicable, matches of a certain layer implicitly depend
|
|
on the matches of the next lower layer. Precisely, layer one and two matches
|
|
(\fBindev\fR, \fBdst_mac\fR and \fBsrc_mac\fR)
|
|
have no dependency,
|
|
MPLS and layer three matches
|
|
(\fBmpls_label\fR, \fBmpls_tc\fR, \fBmpls_bos\fR, \fBmpls_ttl\fR,
|
|
\fBip_proto\fR, \fBdst_ip\fR, \fBsrc_ip\fR, \fBarp_tip\fR, \fBarp_sip\fR,
|
|
\fBarp_op\fR, \fBarp_tha\fR, \fBarp_sha\fR and \fBip_flags\fR)
|
|
depend on the
|
|
.B protocol
|
|
option of tc filter, layer four port matches
|
|
(\fBdst_port\fR and \fBsrc_port\fR)
|
|
depend on
|
|
.B ip_proto
|
|
being set to
|
|
.BR tcp ", " udp " or " sctp,
|
|
and finally ICMP matches (\fBcode\fR and \fBtype\fR) depend on
|
|
.B ip_proto
|
|
being set to
|
|
.BR icmp " or " icmpv6.
|
|
.P
|
|
There can be only used one mask per one prio. If user needs to specify different
|
|
mask, he has to use different prio.
|
|
.SH SEE ALSO
|
|
.BR tc (8),
|
|
.BR tc-flow (8)
|