All of lore.kernel.org
 help / color / mirror / Atom feed
* iptables dropping wrong packets
@ 2003-03-05 17:56 Nedko Nedev
  2003-03-05 19:35 ` "...packets with TOS 0x0 also packets with TOS 0x10..." Jim Fleming
  0 siblings, 1 reply; 3+ messages in thread
From: Nedko Nedev @ 2003-03-05 17:56 UTC (permalink / raw)
  To: netfilter-devel




Hi,

looks like some of correct packes are droped

table mangle

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source
destination

1    36142    16M ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0         TOS match 0x00
2     168K    54M ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0         TOS match 0x10
3       27       1782 LOG            all  --  *      *       0.0.0.0/0
0.0.0.0/0         LOG  flags 0 level 4
4       27       1782 DROP         all  --  *      *       0.0.0.0/0
0.0.0.0/0


in log we can see packets with TOS 0x0  also packets with TOS 0x10

Mar  5 04:32:10 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4
DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0
Mar  5 04:32:15 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4
DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0
Mar  5 04:32:18 proliant kernel: IN=eth1 OUT=eth0 SRC=212.5.149.252
DST=212.5.134.3 LEN=87 TOS=0x00 PREC=0xC0
Mar  5 04:32:19 proliant kernel: IN=eth0 OUT=eth2 SRC=62.176.73.4
DST=62.176.106.69 LEN=88 TOS=0x00 PREC=0xC0
Mar  5 04:32:19 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4
DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0
Mar  5 04:32:29 proliant kernel: IN=eth0 OUT=eth2 SRC=195.230.9.159
DST=62.176.106.69 LEN=48 TOS=0x00 PREC=0x8
Mar  5 04:32:31 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4
DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0
Mar  5 04:32:32 proliant kernel: IN=eth0 OUT=eth2 SRC=195.230.9.159
DST=62.176.106.69 LEN=48 TOS=0x00 PREC=0x8

mandrake Linux version 2.4.19-16mdksmp, iptables v1.2.6a
Is there some solution?
10x in advance
Nedko

^ permalink raw reply	[flat|nested] 3+ messages in thread
* "...packets with TOS 0x0  also packets with TOS 0x10..."
  2003-03-05 17:56 iptables dropping wrong packets Nedko Nedev
@ 2003-03-05 19:35 ` Jim Fleming
  2003-03-05 21:31   ` Nedko Nedev
  0 siblings, 1 reply; 3+ messages in thread
From: Jim Fleming @ 2003-03-05 19:35 UTC (permalink / raw)
  To: Nedko Nedev, netfilter-devel

----- Original Message ----- 
From: "Nedko Nedev" <nedco@unacs.bg>
> 
> in log we can see packets with TOS 0x0  also packets with TOS 0x10
> 

The TOS field is divided into two 4-bit fields. 0x0* and 0x*0 are legacy values.
The other values help to expand the address spaces by adding 15 more flows or layers.
The Identification Field is also used to add 14 more bits of addressing, in two 7-bit fields.
The 7 plus 4 is 11 and when added to the 32-bits of addressing provide a 43 bit address space.
The extra AM/FM bit is common to all of the address spaces.

http://IPv8.no-ip.com
http://www.go-mono.com/
http://www.knoppix.com
http://www.netfilter.org
http://www.digium.com
http://www.asterisk.org
http://www.openss7.org
http://www.zapatatelephony.org
http://www.new.net
http://IPv8.dyn.ee

Jim Fleming
Inter.C@T.Inter.NAT Consultant
http://www.Unir.NET
http://www.Unir.com
http://www.Uni%ae.com
http://www.UniR.com

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: "...packets with TOS 0x0  also packets with TOS 0x10..."
  2003-03-05 19:35 ` "...packets with TOS 0x0 also packets with TOS 0x10..." Jim Fleming
@ 2003-03-05 21:31   ` Nedko Nedev
  0 siblings, 0 replies; 3+ messages in thread
From: Nedko Nedev @ 2003-03-05 21:31 UTC (permalink / raw)
  To: Jim Fleming; +Cc: netfilter-devel




Hi,
i read several times your response but still can't understand why
iptables rule
1    36142    16M ACCEPT     all  --  *      *       0.0.0.0/0 0.0.0.0/0
TOS match 0x00
2     168K    54M ACCEPT     all  --  *      *       0.0.0.0/0 0.0.0.0/0
TOS match 0x10
not ACCEPT some packets with TOS 0x00 ( Normal-Service  )  also packets with
TOS 0x10 (Minimize-Delay)
and they go respectively to next rule
3       27       1782 LOG            all  --  *      *       0.0.0.0/0
0.0.0.0/0         LOG  flags 0 level 4
and loged
Mar  5 04:32:10 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4
DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0


----- Original Message -----
From: "Jim Fleming" <JimFleming@ameritech.net>
To: "Nedko Nedev" <nedco@unacs.bg>; <netfilter-devel@lists.netfilter.org>
Sent: Wednesday, March 05, 2003 9:35 PM
Subject: "...packets with TOS 0x0 also packets with TOS 0x10..."


>
>
>
> ----- Original Message -----
> From: "Nedko Nedev" <nedco@unacs.bg>
> >
> > in log we can see packets with TOS 0x0  also packets with TOS 0x10
> >
>
> The TOS field is divided into two 4-bit fields. 0x0* and 0x*0 are legacy
values.
> The other values help to expand the address spaces by adding 15 more flows
or layers.
> The Identification Field is also used to add 14 more bits of addressing,
in two 7-bit fields.
> The 7 plus 4 is 11 and when added to the 32-bits of addressing provide a
43 bit address space.
> The extra AM/FM bit is common to all of the address spaces.
>
> http://IPv8.no-ip.com
> http://www.go-mono.com/
> http://www.knoppix.com
> http://www.netfilter.org
> http://www.digium.com
> http://www.asterisk.org
> http://www.openss7.org
> http://www.zapatatelephony.org
> http://www.new.net
> http://IPv8.dyn.ee
>
> Jim Fleming
> Inter.C@T.Inter.NAT Consultant
> http://www.Unir.NET
> http://www.Unir.com
> http://www.Uni%ae.com
> http://www.UniR.com
>
>
>

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-03-05 21:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-03-05 17:56 iptables dropping wrong packets Nedko Nedev
2003-03-05 19:35 ` "...packets with TOS 0x0 also packets with TOS 0x10..." Jim Fleming
2003-03-05 21:31   ` Nedko Nedev

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.