2 gact <ACTION> [RAND] [INDEX]
5 ACTION := reclassify | drop | continue | pass | ok
6 RAND := random <RANDTYPE> <ACTION> <VAL>
7 RANDTYPE := netrand | determ
8 VAL : = value not exceeding 10000
9 INDEX := index value used
12 - pass and ok are equivalent to accept
13 - continue allows to restart classification lookup
15 - reclassify implies continue classification where we left off
20 At the moment there are only two algorithms. One is deterministic
21 and the other uses internal kernel netrand.
25 Rules can be installed on both ingress and egress - this shows ingress
28 tc qdisc add dev eth0 ingress
31 tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
32 10.0.0.9/32 flowid 1:16 action drop
38 filter u32 fh 800: ht divisor 1
39 filter u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16 (rule hit 32 success 20)
40 match 0a000009/ffffffff at 12 (success 20 )
41 action order 1: gact action drop
42 random type none pass val 0
43 index 1 ref 1 bind 1 installed 59 sec used 35 sec
44 Sent 1680 bytes 20 pkts (dropped 20, overlimits 0 )
49 #allow 1 out 10 randomly using the netrand generator
50 tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
51 10.0.0.9/32 flowid 1:16 action drop random netrand ok 10
56 filter protocol ip pref 6 u32 filter protocol ip pref 6 u32 fh 800: ht divisor 1filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16 (rule hit 20 success 20)
57 match 0a000009/ffffffff at 12 (success 20 )
58 action order 1: gact action drop
59 random type netrand pass val 10
60 index 5 ref 1 bind 1 installed 49 sec used 25 sec
61 Sent 1680 bytes 20 pkts (dropped 16, overlimits 0 )
64 #alternative: deterministically accept every second packet
65 tc filter add dev eth0 parent ffff: protocol ip prio 6 u32 match ip src \
66 10.0.0.9/32 flowid 1:16 action drop random determ ok 2
70 tc -s filter show parent ffff: dev eth0
72 filter protocol ip pref 6 u32 filter protocol ip pref 6 u32 fh 800: ht divisor 1filter protocol ip pref 6 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:16 (rule hit 20 success 20)
73 match 0a000009/ffffffff at 12 (success 20 )
74 action order 1: gact action drop
75 random type determ pass val 2
76 index 4 ref 1 bind 1 installed 118 sec used 82 sec
77 Sent 1680 bytes 20 pkts (dropped 10, overlimits 0 )