When multiple flows are configured on a datalink with different attributes, the flows might overlap. In this case, you can use the flowadm show-flow command to display a list of flows on a datalink based on a default ranking order. That is, the first flow in the output is searched first for a given packet and then the next flow is searched. You can change the ranking order of a flow by using the rank property.
For example, assume that you have created the flow solaris to limit the traffic from a remote IP address as follows.
$ flowadm add-flow -l net4 -a remote_ip=192.0.2.3 solaris $ flowadm set-flowprop -p max-bw=10K solaris
If you want a packet from the IP address 192.0.2.0 to port 80 to match solaris instead of the http flow, you can set a high rank for the solaris flow as follows:
$ flowadm set-flowprop -p rank=1 solaris $ flowadm show-flowprop -p rank solaris FLOW PROPERTY PERM VALUE EFFECTIVE DEFAULT POSSIBLE solaris rank rw 1 1 -- 1-65535
Use the flowadm match-flow command to check whether a flow that you want to create overlaps with other existing flows. If flows overlap, check the ranking order. Also, if you have a policy in place to disallow the creation of overlapping flows, check before adding a flow.
$ flowadm match-flow [-P] [[-p] -o field[,...]] \ [-l link] \ -a attr=value[,...]
Limits the match to flows on the specified link. If you do not specify a link, flows on all the links are used.
A comma-separated list of attributes that are used as the key for the lookup for a matching flow or flows.
This example shows how to check whether an added flow overlaps with other flows.
The following example displays a flow configured on a system.
$ flowadm FLOW LINK PROTO LADDR LPORT RADDR RPORT DIR http net4 tcp -- 80 -- -- bi
When you want to add a another flow backup with the remote IP address 203.0.113.117 on the datalink net4, you can check whether the backup flow overlaps with other flows as follows.
$ flowadm match-flow -l net4 -a remote_ip=192.0.2.4 FLOW LINK PROTO LADDR LPORT RADDR RPORT DIR http net4 tcp -- 80 -- -- bi
The output shows that the flows http and backup can overlap for certain packets.