On Mon, 29 Aug 2016 06:53:53 -0400 Jamal Hadi Salim <j...@mojatatu.com> wrote:
> On 16-08-29 04:30 AM, Jesper Dangaard Brouer wrote: > > > Hi Jamal, > > > > Can you please provide a simple "tc" command that implements "tc drop"? > > > > Then, I'll add this to the series of tests I'm using for (what I call) > > "zoom-in" benchmarking. > > > > Thanks Jesper. I've created a script called tc_ingress_drop.sh[1] which uses the commands you provided below. Now people can easily use this script to perform the benchmark you were requesting ;-) [1] https://github.com/netoptimizer/network-testing/blob/master/bin/tc_ingress_drop.sh Example to enable dropping: $ ./tc_ingress_drop.sh --dev mlx5p2 --verbose # (Not root, running with sudo) # Flush existing ingress qdisc on device :mlx5p2 tc qdisc del dev mlx5p2 ingress tc qdisc add dev mlx5p2 ingress # Simply drop all ingress packets on device: mlx5p2 tc filter add dev mlx5p2 parent ffff: prio 2 protocol ip u32 match u32 0 0 flowid 1:1 action drop Example to disable again: ./tc_ingress_drop.sh --dev mlx5p2 --flush > Something simple since this is done in ingress; lets say drop icmp > packets: > > export ETH=eth0 > export TC=/sbin/tc > #delete existing ingress qdisc - flushes all filters/actions > sudo $TC qdisc del dev $ETH ingress > #re-add ingress > sudo $TC qdisc add dev $ETH ingress > # > #simple rule to drop all icmp > sudo $TC filter add dev $ETH parent ffff: prio 4 protocol ip \ > u32 match ip protocol 1 0xff flowid 1:1 \ > action drop > > # other type of filters if you want to compare instead of above > # > # a)drop all > sudo $TC filter add dev $ETH parent ffff: prio 2 protocol ip \ > u32 match u32 0 0 flowid 1:1 \ > action drop > #b) drop if src is XXX > sudo $TC filter add dev $ETH parent ffff: prio 2 protocol ip \ > u32 match ip src 192.168.100.1 flowid 1:1 \ > action drop > -- Best regards, Jesper Dangaard Brouer MSc.CS, Principal Kernel Engineer at Red Hat Author of http://www.iptv-analyzer.org LinkedIn: http://www.linkedin.com/in/brouer
