The idea is to create a set of iptables TARGETS that classifies the packets.
When a packet is classified, a classification / Values is associated with
the packet.
This classifications can then be used on an iptable filter rule, in a
routing table selection rule or in a tc classification filter.
For example:
#iptables –A INPUT –j CLS user --classifier tcfilter --filtername u32
…
#iptables –A INPUT –j CLS quota_plan --classifier hash --table
user_to_quota --input cls user
#iptables –A INPUT –j CLS tos --classifier tos
#iptables –A FORWARD –p tcp –port 5343 –cls quota_plan=1 –j DROP
So in this example when a packet arrives, the source address is taken and
translated directly to a user, and the packet is marked with the userid.
I.e. The packed has an associated classification user = 23
In the second line a hash table classifies the packet. The user is taken
from input and a quota plan is taken as an output.
So after the second rule, the packet has associated 2 classifications:
user=23
quota_plan=2
The 3rd line classifies the packet by TOS so the packet has 3
classifications
User=23
Quota_plan=2
Tos=0
Once a packet is classified, those classifications can be used in a filter
rule or can be used in a routing rule or in a traffic shaping queue
classification.
A packet can have many classifications
Those classifications can be used any time in the packet live.
In the 4th line in th example, the rule drops all tcp packets with port 5343
and had been classified as quota_plan
The 1st line in the rule uses a tc filter wrapper to classify the packet.
This idea would be an extesion of the MARK target.
I am planning to make a patch to implement a couple of functions to insert
classifications to the sk_buff structure and to consult classifications of
a sk_buff.
Do you believe that it is interesting or are you planning to do packet
classifications in another way and doing that I would lose the time.
Thank you,
Jordi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
|
|