diff options
author | Patrick McHardy <kaber@trash.net> | 2008-01-31 21:37:42 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:28:36 -0500 |
commit | e5dfb815181fcb186d6080ac3a091eadff2d98fe (patch) | |
tree | 25ec6cc5b3c75536dc45a14089ca14fc8bd67938 /include/linux | |
parent | 94de78d19580143c407ff2492edf2410d0e7d48c (diff) |
[NET_SCHED]: Add flow classifier
Add new "flow" classifier, which is meant to extend the SFQ hashing
capabilities without hard-coding new hash functions and also allows
deterministic mappings of keys to classes, replacing some out of tree
iptables patches like IPCLASSIFY (maps IPs to classes), IPMARK (maps
IPs to marks, with fw filters to classes), ...
Some examples:
- Classic SFQ hash:
tc filter add ... flow hash \
keys src,dst,proto,proto-src,proto-dst divisor 1024
- Classic SFQ hash, but using information from conntrack to work properly in
combination with NAT:
tc filter add ... flow hash \
keys nfct-src,nfct-dst,proto,nfct-proto-src,nfct-proto-dst divisor 1024
- Map destination IPs of 192.168.0.0/24 to classids 1-257:
tc filter add ... flow map \
key dst addend -192.168.0.0 divisor 256
- alternatively:
tc filter add ... flow map \
key dst and 0xff
- similar, but reverse ordered:
tc filter add ... flow map \
key dst and 0xff xor 0xff
Perturbation is currently not supported because we can't reliable kill the
timer on destruction.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/pkt_cls.h | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h index 30b8571e6b34..1c1dba9ea5fb 100644 --- a/include/linux/pkt_cls.h +++ b/include/linux/pkt_cls.h | |||
@@ -328,6 +328,56 @@ enum | |||
328 | 328 | ||
329 | #define TCA_TCINDEX_MAX (__TCA_TCINDEX_MAX - 1) | 329 | #define TCA_TCINDEX_MAX (__TCA_TCINDEX_MAX - 1) |
330 | 330 | ||
331 | /* Flow filter */ | ||
332 | |||
333 | enum | ||
334 | { | ||
335 | FLOW_KEY_SRC, | ||
336 | FLOW_KEY_DST, | ||
337 | FLOW_KEY_PROTO, | ||
338 | FLOW_KEY_PROTO_SRC, | ||
339 | FLOW_KEY_PROTO_DST, | ||
340 | FLOW_KEY_IIF, | ||
341 | FLOW_KEY_PRIORITY, | ||
342 | FLOW_KEY_MARK, | ||
343 | FLOW_KEY_NFCT, | ||
344 | FLOW_KEY_NFCT_SRC, | ||
345 | FLOW_KEY_NFCT_DST, | ||
346 | FLOW_KEY_NFCT_PROTO_SRC, | ||
347 | FLOW_KEY_NFCT_PROTO_DST, | ||
348 | FLOW_KEY_RTCLASSID, | ||
349 | FLOW_KEY_SKUID, | ||
350 | FLOW_KEY_SKGID, | ||
351 | __FLOW_KEY_MAX, | ||
352 | }; | ||
353 | |||
354 | #define FLOW_KEY_MAX (__FLOW_KEY_MAX - 1) | ||
355 | |||
356 | enum | ||
357 | { | ||
358 | FLOW_MODE_MAP, | ||
359 | FLOW_MODE_HASH, | ||
360 | }; | ||
361 | |||
362 | enum | ||
363 | { | ||
364 | TCA_FLOW_UNSPEC, | ||
365 | TCA_FLOW_KEYS, | ||
366 | TCA_FLOW_MODE, | ||
367 | TCA_FLOW_BASECLASS, | ||
368 | TCA_FLOW_RSHIFT, | ||
369 | TCA_FLOW_ADDEND, | ||
370 | TCA_FLOW_MASK, | ||
371 | TCA_FLOW_XOR, | ||
372 | TCA_FLOW_DIVISOR, | ||
373 | TCA_FLOW_ACT, | ||
374 | TCA_FLOW_POLICE, | ||
375 | TCA_FLOW_EMATCHES, | ||
376 | __TCA_FLOW_MAX | ||
377 | }; | ||
378 | |||
379 | #define TCA_FLOW_MAX (__TCA_FLOW_MAX - 1) | ||
380 | |||
331 | /* Basic filter */ | 381 | /* Basic filter */ |
332 | 382 | ||
333 | enum | 383 | enum |