[mirror_iproute2.git] / man / man8 / tc-flower.8

.TH "Flower filter in tc" 8 "22 Oct 2015" "iproute2" "Linux"

.SH NAME
flower \- flow based traffic control filter
.SH SYNOPSIS
.in +8
.ti -8
.BR tc " " filter " ... " flower " [ "
.IR MATCH_LIST " ] [ "
.B action
.IR ACTION_SPEC " ] [ "
.B classid
.IR CLASSID " ]"

.ti -8
.IR MATCH_LIST " := [ " MATCH_LIST " ] " MATCH

.ti -8
.IR MATCH " := { "
.B indev
.IR ifname " | "
.BR skip_sw " | " skip_hw
.R " | { "
.BR dst_mac " | " src_mac " } "
.IR mac_address " | "
.B vlan_id
.IR VID " | "
.B vlan_prio
.IR PRIORITY " | "
.BR vlan_ethtype " { " ipv4 " | " ipv6 " | "
.IR ETH_TYPE " } | "
.BR ip_proto " { " tcp " | " udp " | " sctp " | " icmp " | " icmpv6 " | "
.IR IP_PROTO " } | { "
.BR dst_ip " | " src_ip " } "
.IR PREFIX " | { "
.BR dst_port " | " src_port " } "
.IR port_number " } | "
.B enc_key_id
.IR KEY-ID " | {"
.BR enc_dst_ip " | " enc_src_ip " } { "
.IR ipv4_address " | " ipv6_address " } | "
.B enc_dst_port
.IR UDP-PORT " | "
.SH DESCRIPTION
The
.B flower
filter matches flows to the set of keys specified and assigns an arbitrarily
chosen class ID to packets belonging to them. Additionally (or alternatively) an
action from the generic action framework may be called.
.SH OPTIONS
.TP
.BI action " ACTION_SPEC"
Apply an action from the generic actions framework on matching packets.
.TP
.BI classid " CLASSID"
Specify a class to pass matching packets on to.
.I CLASSID
is in the form
.BR X : Y ", while " X " and " Y
are interpreted as numbers in hexadecimal format.
.TP
.BI indev " ifname"
Match on incoming interface name. Obviously this makes sense only for forwarded
flows.
.I ifname
is the name of an interface which must exist at the time of
.B tc
invocation.
.TP
.BI skip_sw
Do not process filter by software. If hardware has no offload support for this
filter, or TC offload is not enabled for the interface, operation will fail.
.TP
.BI skip_hw
Do not process filter by hardware.
.TP
.BI dst_mac " mac_address"
.TQ
.BI src_mac " mac_address"
Match on source or destination MAC address.
.TP
.BI vlan_id " VID"
Match on vlan tag id.
.I VID
is an unsigned 12bit value in decimal format.
.TP
.BI vlan_prio " PRIORITY"
Match on vlan tag priority.
.I PRIORITY
is an unsigned 3bit value in decimal format.
.TP
.BI vlan_ethtype " VLAN_ETH_TYPE"
Match on layer three protocol.
.I VLAN_ETH_TYPE
may be either
.BR ipv4 ", " ipv6
or an unsigned 16bit value in hexadecimal format.
.TP
.BI ip_proto " IP_PROTO"
Match on layer four protocol.
.I IP_PROTO
may be
.BR tcp ", " udp ", " sctp ", " icmp ", " icmpv6
or an unsigned 8bit value in hexadecimal format.
.TP
.BI dst_ip " PREFIX"
.TQ
.BI src_ip " PREFIX"
Match on source or destination IP address.
.I PREFIX
must be a valid IPv4 or IPv6 address, depending on the \fBprotocol\fR
option to tc filter, optionally followed by a slash and the prefix length.
If the prefix is missing, \fBtc\fR assumes a full-length host match.
.TP
.BI dst_port " NUMBER"
.TQ
.BI src_port " NUMBER"
Match on layer 4 protocol source or destination port number. Only available for
.BR ip_proto " values " udp ", " tcp  " and " sctp
which have to be specified in beforehand.
.TP
.BI type " NUMBER"
.TQ
.BI code " NUMBER"
Match on ICMP type or code. Only available for
.BR ip_proto " values " icmp  " and " icmpv6
which have to be specified in beforehand.
.TP
.BI enc_key_id " NUMBER"
.TQ
.BI enc_dst_ip " PREFIX"
.TQ
.BI enc_src_ip " PREFIX"
Match on IP tunnel metadata. Key id
.I NUMBER
is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).
.I PREFIX
must be a valid IPv4 or IPv6 address optionally followed by a slash and the
prefix length. If the prefix is missing, \fBtc\fR assumes a full-length
host match.  Dst port
.I NUMBER
is a 16 bit UDP dst port.
.SH NOTES
As stated above where applicable, matches of a certain layer implicitly depend
on the matches of the next lower layer. Precisely, layer one and two matches
(\fBindev\fR,  \fBdst_mac\fR and \fBsrc_mac\fR)
have no dependency, layer three matches
(\fBip_proto\fR, \fBdst_ip\fR and \fBsrc_ip\fR)
depend on the
.B protocol
option of tc filter, layer four port matches
(\fBdst_port\fR and \fBsrc_port\fR)
depend on
.B ip_proto
being set to
.BR tcp ", " udp " or " sctp,
and finally ICMP matches (\fBcode\fR and \fBtype\fR) depend on
.B ip_proto
being set to
.BR icmp " or " icmpv6.
.P
There can be only used one mask per one prio. If user needs to specify different
mask, he has to use different prio.
.SH SEE ALSO
.BR tc (8),
.BR tc-flow (8)
Commit	Line	Data
b3aa12a4 PS	1	.TH "Flower filter in tc" 8 "22 Oct 2015" "iproute2" "Linux"
	2
	3	.SH NAME
	4	flower \- flow based traffic control filter
	5	.SH SYNOPSIS
	6	.in +8
	7	.ti -8
	8	.BR tc " " filter " ... " flower " [ "
	9	.IR MATCH_LIST " ] [ "
	10	.B action
	11	.IR ACTION_SPEC " ] [ "
	12	.B classid
	13	.IR CLASSID " ]"
	14
	15	.ti -8
	16	.IR MATCH_LIST " := [ " MATCH_LIST " ] " MATCH
	17
	18	.ti -8
	19	.IR MATCH " := { "
	20	.B indev
cfcabf18 AV	21	.IR ifname " \| "
	22	.BR skip_sw " \| " skip_hw
	23	.R " \| { "
b3aa12a4	24	.BR dst_mac " \| " src_mac " } "
8578bb73	25	.IR mac_address " \| "
745d9172 HHZ	26	.B vlan_id
	27	.IR VID " \| "
	28	.B vlan_prio
	29	.IR PRIORITY " \| "
5c46a8fd	30	.BR vlan_ethtype " { " ipv4 " \| " ipv6 " \| "
b3aa12a4	31	.IR ETH_TYPE " } \| "
eb3b5696	32	.BR ip_proto " { " tcp " \| " udp " \| " sctp " \| " icmp " \| " icmpv6 " \| "
b3aa12a4	33	.IR IP_PROTO " } \| { "
b2a1f740 SH	34	.BR dst_ip " \| " src_ip " } "
b2a1f740 SH	35	.IR PREFIX " \| { "
b3aa12a4	36	.BR dst_port " \| " src_port " } "
bb9b63b1 AV	37	.IR port_number " } \| "
	38	.B enc_key_id
	39	.IR KEY-ID " \| {"
	40	.BR enc_dst_ip " \| " enc_src_ip " } { "
	41	.IR ipv4_address " \| " ipv6_address " } \| "
41aa17ff HHZ	42	.B enc_dst_port
41aa17ff HHZ	43	.IR UDP-PORT " \| "
b3aa12a4 PS	44	.SH DESCRIPTION
	45	The
	46	.B flower
	47	filter matches flows to the set of keys specified and assigns an arbitrarily
	48	chosen class ID to packets belonging to them. Additionally (or alternatively) an
	49	action from the generic action framework may be called.
	50	.SH OPTIONS
	51	.TP
	52	.BI action " ACTION_SPEC"
	53	Apply an action from the generic actions framework on matching packets.
	54	.TP
	55	.BI classid " CLASSID"
	56	Specify a class to pass matching packets on to.
	57	.I CLASSID
	58	is in the form
	59	.BR X : Y ", while " X " and " Y
	60	are interpreted as numbers in hexadecimal format.
	61	.TP
	62	.BI indev " ifname"
	63	Match on incoming interface name. Obviously this makes sense only for forwarded
	64	flows.
	65	.I ifname
	66	is the name of an interface which must exist at the time of
	67	.B tc
	68	invocation.
	69	.TP
cfcabf18 AV	70	.BI skip_sw
	71	Do not process filter by software. If hardware has no offload support for this
	72	filter, or TC offload is not enabled for the interface, operation will fail.
	73	.TP
	74	.BI skip_hw
	75	Do not process filter by hardware.
	76	.TP
8578bb73	77	.BI dst_mac " mac_address"
b3aa12a4	78	.TQ
8578bb73 SH	79	.BI src_mac " mac_address"
8578bb73 SH	80	Match on source or destination MAC address.
b3aa12a4	81	.TP
745d9172 HHZ	82	.BI vlan_id " VID"
	83	Match on vlan tag id.
	84	.I VID
	85	is an unsigned 12bit value in decimal format.
	86	.TP
5c46a8fd	87	.BI vlan_prio " PRIORITY"
745d9172 HHZ	88	Match on vlan tag priority.
	89	.I PRIORITY
	90	is an unsigned 3bit value in decimal format.
	91	.TP
5c46a8fd	92	.BI vlan_ethtype " VLAN_ETH_TYPE"
b3aa12a4	93	Match on layer three protocol.
5c46a8fd	94	.I VLAN_ETH_TYPE
b3aa12a4	95	may be either
5c46a8fd	96	.BR ipv4 ", " ipv6
b3aa12a4 PS	97	or an unsigned 16bit value in hexadecimal format.
	98	.TP
	99	.BI ip_proto " IP_PROTO"
	100	Match on layer four protocol.
	101	.I IP_PROTO
6ad7e60c	102	may be
eb3b5696	103	.BR tcp ", " udp ", " sctp ", " icmp ", " icmpv6
b3aa12a4 PS	104	or an unsigned 8bit value in hexadecimal format.
b3aa12a4 PS	105	.TP
b2a1f740	106	.BI dst_ip " PREFIX"
b3aa12a4	107	.TQ
b2a1f740	108	.BI src_ip " PREFIX"
b3aa12a4	109	Match on source or destination IP address.
b2a1f740 SH	110	.I PREFIX
	111	must be a valid IPv4 or IPv6 address, depending on the \fBprotocol\fR
	112	option to tc filter, optionally followed by a slash and the prefix length.
	113	If the prefix is missing, \fBtc\fR assumes a full-length host match.
b3aa12a4 PS	114	.TP
	115	.BI dst_port " NUMBER"
	116	.TQ
	117	.BI src_port " NUMBER"
	118	Match on layer 4 protocol source or destination port number. Only available for
6ad7e60c SH	119	.BR ip_proto " values " udp ", " tcp " and " sctp
6ad7e60c SH	120	which have to be specified in beforehand.
bb9b63b1	121	.TP
eb3b5696 SH	122	.BI type " NUMBER"
	123	.TQ
	124	.BI code " NUMBER"
	125	Match on ICMP type or code. Only available for
	126	.BR ip_proto " values " icmp " and " icmpv6
	127	which have to be specified in beforehand.
	128	.TP
bb9b63b1 AV	129	.BI enc_key_id " NUMBER"
bb9b63b1 AV	130	.TQ
b2a1f740	131	.BI enc_dst_ip " PREFIX"
bb9b63b1	132	.TQ
b2a1f740	133	.BI enc_src_ip " PREFIX"
bb9b63b1 AV	134	Match on IP tunnel metadata. Key id
	135	.I NUMBER
	136	is a 32 bit tunnel key id (e.g. VNI for VXLAN tunnel).
b2a1f740 SH	137	.I PREFIX
	138	must be a valid IPv4 or IPv6 address optionally followed by a slash and the
	139	prefix length. If the prefix is missing, \fBtc\fR assumes a full-length
	140	host match. Dst port
41aa17ff HHZ	141	.I NUMBER
41aa17ff HHZ	142	is a 16 bit UDP dst port.
b3aa12a4 PS	143	.SH NOTES
b3aa12a4 PS	144	As stated above where applicable, matches of a certain layer implicitly depend
730381fe SH	145	on the matches of the next lower layer. Precisely, layer one and two matches
	146	(\fBindev\fR, \fBdst_mac\fR and \fBsrc_mac\fR)
	147	have no dependency, layer three matches
	148	(\fBip_proto\fR, \fBdst_ip\fR and \fBsrc_ip\fR)
	149	depend on the
	150	.B protocol
eb3b5696	151	option of tc filter, layer four port matches
730381fe	152	(\fBdst_port\fR and \fBsrc_port\fR)
b3aa12a4 PS	153	depend on
b3aa12a4 PS	154	.B ip_proto
6ad7e60c	155	being set to
eb3b5696 SH	156	.BR tcp ", " udp " or " sctp,
	157	and finally ICMP matches (\fBcode\fR and \fBtype\fR) depend on
	158	.B ip_proto
	159	being set to
	160	.BR icmp " or " icmpv6.
b3aa12a4 PS	161	.P
	162	There can be only used one mask per one prio. If user needs to specify different
	163	mask, he has to use different prio.
	164	.SH SEE ALSO
	165	.BR tc (8),
	166	.BR tc-flow (8)