* iptables dropping wrong packets @ 2003-03-05 17:56 Nedko Nedev 2003-03-05 19:35 ` "...packets with TOS 0x0 also packets with TOS 0x10..." Jim Fleming 0 siblings, 1 reply; 3+ messages in thread From: Nedko Nedev @ 2003-03-05 17:56 UTC (permalink / raw) To: netfilter-devel Hi, looks like some of correct packes are droped table mangle Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 36142 16M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 TOS match 0x00 2 168K 54M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 TOS match 0x10 3 27 1782 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 4 27 1782 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 in log we can see packets with TOS 0x0 also packets with TOS 0x10 Mar 5 04:32:10 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4 DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0 Mar 5 04:32:15 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4 DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0 Mar 5 04:32:18 proliant kernel: IN=eth1 OUT=eth0 SRC=212.5.149.252 DST=212.5.134.3 LEN=87 TOS=0x00 PREC=0xC0 Mar 5 04:32:19 proliant kernel: IN=eth0 OUT=eth2 SRC=62.176.73.4 DST=62.176.106.69 LEN=88 TOS=0x00 PREC=0xC0 Mar 5 04:32:19 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4 DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0 Mar 5 04:32:29 proliant kernel: IN=eth0 OUT=eth2 SRC=195.230.9.159 DST=62.176.106.69 LEN=48 TOS=0x00 PREC=0x8 Mar 5 04:32:31 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4 DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0 Mar 5 04:32:32 proliant kernel: IN=eth0 OUT=eth2 SRC=195.230.9.159 DST=62.176.106.69 LEN=48 TOS=0x00 PREC=0x8 mandrake Linux version 2.4.19-16mdksmp, iptables v1.2.6a Is there some solution? 10x in advance Nedko ^ permalink raw reply [flat|nested] 3+ messages in thread
* "...packets with TOS 0x0 also packets with TOS 0x10..." 2003-03-05 17:56 iptables dropping wrong packets Nedko Nedev @ 2003-03-05 19:35 ` Jim Fleming 2003-03-05 21:31 ` Nedko Nedev 0 siblings, 1 reply; 3+ messages in thread From: Jim Fleming @ 2003-03-05 19:35 UTC (permalink / raw) To: Nedko Nedev, netfilter-devel ----- Original Message ----- From: "Nedko Nedev" <nedco@unacs.bg> > > in log we can see packets with TOS 0x0 also packets with TOS 0x10 > The TOS field is divided into two 4-bit fields. 0x0* and 0x*0 are legacy values. The other values help to expand the address spaces by adding 15 more flows or layers. The Identification Field is also used to add 14 more bits of addressing, in two 7-bit fields. The 7 plus 4 is 11 and when added to the 32-bits of addressing provide a 43 bit address space. The extra AM/FM bit is common to all of the address spaces. http://IPv8.no-ip.com http://www.go-mono.com/ http://www.knoppix.com http://www.netfilter.org http://www.digium.com http://www.asterisk.org http://www.openss7.org http://www.zapatatelephony.org http://www.new.net http://IPv8.dyn.ee Jim Fleming Inter.C@T.Inter.NAT Consultant http://www.Unir.NET http://www.Unir.com http://www.Uni%ae.com http://www.UniR.com ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: "...packets with TOS 0x0 also packets with TOS 0x10..." 2003-03-05 19:35 ` "...packets with TOS 0x0 also packets with TOS 0x10..." Jim Fleming @ 2003-03-05 21:31 ` Nedko Nedev 0 siblings, 0 replies; 3+ messages in thread From: Nedko Nedev @ 2003-03-05 21:31 UTC (permalink / raw) To: Jim Fleming; +Cc: netfilter-devel Hi, i read several times your response but still can't understand why iptables rule 1 36142 16M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 TOS match 0x00 2 168K 54M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 TOS match 0x10 not ACCEPT some packets with TOS 0x00 ( Normal-Service ) also packets with TOS 0x10 (Minimize-Delay) and they go respectively to next rule 3 27 1782 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 and loged Mar 5 04:32:10 proliant kernel: IN=eth0 OUT=eth1 SRC=62.176.73.4 DST=62.176.105.30 LEN=76 TOS=0x00 PREC=0xC0 ----- Original Message ----- From: "Jim Fleming" <JimFleming@ameritech.net> To: "Nedko Nedev" <nedco@unacs.bg>; <netfilter-devel@lists.netfilter.org> Sent: Wednesday, March 05, 2003 9:35 PM Subject: "...packets with TOS 0x0 also packets with TOS 0x10..." > > > > ----- Original Message ----- > From: "Nedko Nedev" <nedco@unacs.bg> > > > > in log we can see packets with TOS 0x0 also packets with TOS 0x10 > > > > The TOS field is divided into two 4-bit fields. 0x0* and 0x*0 are legacy values. > The other values help to expand the address spaces by adding 15 more flows or layers. > The Identification Field is also used to add 14 more bits of addressing, in two 7-bit fields. > The 7 plus 4 is 11 and when added to the 32-bits of addressing provide a 43 bit address space. > The extra AM/FM bit is common to all of the address spaces. > > http://IPv8.no-ip.com > http://www.go-mono.com/ > http://www.knoppix.com > http://www.netfilter.org > http://www.digium.com > http://www.asterisk.org > http://www.openss7.org > http://www.zapatatelephony.org > http://www.new.net > http://IPv8.dyn.ee > > Jim Fleming > Inter.C@T.Inter.NAT Consultant > http://www.Unir.NET > http://www.Unir.com > http://www.Uni%ae.com > http://www.UniR.com > > > ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-03-05 21:31 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2003-03-05 17:56 iptables dropping wrong packets Nedko Nedev 2003-03-05 19:35 ` "...packets with TOS 0x0 also packets with TOS 0x10..." Jim Fleming 2003-03-05 21:31 ` Nedko Nedev
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.