| .TH "Flower filter in tc" 8 "22 Oct 2015" "iproute2" "Linux" |
| |
| .SH NAME |
| flower \- flow based traffic control filter |
| .SH SYNOPSIS |
| .in +8 |
| .ti -8 |
| .BR tc " " filter " ... " flower " [ " |
| .IR MATCH_LIST " ] [ " |
| .B action |
| .IR ACTION_SPEC " ] [ " |
| .B classid |
| .IR CLASSID " ]" |
| |
| .ti -8 |
| .IR MATCH_LIST " := [ " MATCH_LIST " ] " MATCH |
| |
| .ti -8 |
| .IR MATCH " := { " |
| .B indev |
| .IR ifname " | { " |
| .BR dst_mac " | " src_mac " } " |
| .IR mac_address " | " |
| .BR eth_type " { " ipv4 " | " ipv6 " | " |
| .IR ETH_TYPE " } | " |
| .BR ip_proto " { " tcp " | " udp " | " |
| .IR IP_PROTO " } | { " |
| .BR dst_ip " | " src_ip " } { " |
| .IR ipv4_address " | " ipv6_address " } | { " |
| .BR dst_port " | " src_port " } " |
| .IR port_number " }" |
| .SH DESCRIPTION |
| The |
| .B flower |
| filter matches flows to the set of keys specified and assigns an arbitrarily |
| chosen class ID to packets belonging to them. Additionally (or alternatively) an |
| action from the generic action framework may be called. |
| .SH OPTIONS |
| .TP |
| .BI action " ACTION_SPEC" |
| Apply an action from the generic actions framework on matching packets. |
| .TP |
| .BI classid " CLASSID" |
| Specify a class to pass matching packets on to. |
| .I CLASSID |
| is in the form |
| .BR X : Y ", while " X " and " Y |
| are interpreted as numbers in hexadecimal format. |
| .TP |
| .BI indev " ifname" |
| Match on incoming interface name. Obviously this makes sense only for forwarded |
| flows. |
| .I ifname |
| is the name of an interface which must exist at the time of |
| .B tc |
| invocation. |
| .TP |
| .BI dst_mac " mac_address" |
| .TQ |
| .BI src_mac " mac_address" |
| Match on source or destination MAC address. |
| .TP |
| .BI eth_type " ETH_TYPE" |
| Match on layer three protocol. |
| .I ETH_TYPE |
| may be either |
| .BR ipv4 , ipv6 |
| or an unsigned 16bit value in hexadecimal format. |
| .TP |
| .BI ip_proto " IP_PROTO" |
| Match on layer four protocol. |
| .I IP_PROTO |
| may be either |
| .BR tcp , udp |
| or an unsigned 8bit value in hexadecimal format. |
| .TP |
| .BI dst_ip " ADDRESS" |
| .TQ |
| .BI src_ip " ADDRESS" |
| Match on source or destination IP address. |
| .I ADDRESS |
| must be a valid IPv4 or IPv6 address, depending on |
| .BR ether_type , |
| which has to be specified in beforehand. |
| .TP |
| .BI dst_port " NUMBER" |
| .TQ |
| .BI src_port " NUMBER" |
| Match on layer 4 protocol source or destination port number. Only available for |
| .BR ip_proto " values " udp " and " tcp , |
| which has to be specified in beforehand. |
| .SH NOTES |
| As stated above where applicable, matches of a certain layer implicitly depend |
| on the matches of the next lower layer. Precisely, layer one and two matches ( |
| .BR indev , dst_mac , src_mac " and " eth_type ) |
| have no dependency, layer three matches ( |
| .BR ip_proto , dst_ip " and " src_ip ) |
| require |
| .B eth_type |
| being set to either |
| .BR ipv4 " or " ipv6 , |
| and finally layer four matches ( |
| .BR dst_port " and " src_port ) |
| depend on |
| .B ip_proto |
| being set to either |
| .BR tcp " or " udp . |
| .P |
| There can be only used one mask per one prio. If user needs to specify different |
| mask, he has to use different prio. |
| .SH SEE ALSO |
| .BR tc (8), |
| .BR tc-flow (8) |