blob: df4d8e1977866b4b81b2f4499a339b9cf0c4124b [file] [log] [blame] [edit]
.TH "Flower filter in tc" 8 "22 Oct 2015" "iproute2" "Linux"
.SH NAME
flower \- flow based traffic control filter
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " " filter " ... " flower " [ "
.IR MATCH_LIST " ] [ "
.B action
.IR ACTION_SPEC " ] [ "
.B classid
.IR CLASSID " ]"
.ti -8
.IR MATCH_LIST " := [ " MATCH_LIST " ] " MATCH
.ti -8
.IR MATCH " := { "
.B indev
.IR ifname " | { "
.BR dst_mac " | " src_mac " } "
.IR mac_address " | "
.BR eth_type " { " ipv4 " | " ipv6 " | "
.IR ETH_TYPE " } | "
.BR ip_proto " { " tcp " | " udp " | "
.IR IP_PROTO " } | { "
.BR dst_ip " | " src_ip " } { "
.IR ipv4_address " | " ipv6_address " } | { "
.BR dst_port " | " src_port " } "
.IR port_number " }"
.SH DESCRIPTION
The
.B flower
filter matches flows to the set of keys specified and assigns an arbitrarily
chosen class ID to packets belonging to them. Additionally (or alternatively) an
action from the generic action framework may be called.
.SH OPTIONS
.TP
.BI action " ACTION_SPEC"
Apply an action from the generic actions framework on matching packets.
.TP
.BI classid " CLASSID"
Specify a class to pass matching packets on to.
.I CLASSID
is in the form
.BR X : Y ", while " X " and " Y
are interpreted as numbers in hexadecimal format.
.TP
.BI indev " ifname"
Match on incoming interface name. Obviously this makes sense only for forwarded
flows.
.I ifname
is the name of an interface which must exist at the time of
.B tc
invocation.
.TP
.BI dst_mac " mac_address"
.TQ
.BI src_mac " mac_address"
Match on source or destination MAC address.
.TP
.BI eth_type " ETH_TYPE"
Match on layer three protocol.
.I ETH_TYPE
may be either
.BR ipv4 , ipv6
or an unsigned 16bit value in hexadecimal format.
.TP
.BI ip_proto " IP_PROTO"
Match on layer four protocol.
.I IP_PROTO
may be either
.BR tcp , udp
or an unsigned 8bit value in hexadecimal format.
.TP
.BI dst_ip " ADDRESS"
.TQ
.BI src_ip " ADDRESS"
Match on source or destination IP address.
.I ADDRESS
must be a valid IPv4 or IPv6 address, depending on
.BR ether_type ,
which has to be specified in beforehand.
.TP
.BI dst_port " NUMBER"
.TQ
.BI src_port " NUMBER"
Match on layer 4 protocol source or destination port number. Only available for
.BR ip_proto " values " udp " and " tcp ,
which has to be specified in beforehand.
.SH NOTES
As stated above where applicable, matches of a certain layer implicitly depend
on the matches of the next lower layer. Precisely, layer one and two matches (
.BR indev , dst_mac , src_mac " and " eth_type )
have no dependency, layer three matches (
.BR ip_proto , dst_ip " and " src_ip )
require
.B eth_type
being set to either
.BR ipv4 " or " ipv6 ,
and finally layer four matches (
.BR dst_port " and " src_port )
depend on
.B ip_proto
being set to either
.BR tcp " or " udp .
.P
There can be only used one mask per one prio. If user needs to specify different
mask, he has to use different prio.
.SH SEE ALSO
.BR tc (8),
.BR tc-flow (8)