From: Julian Anastasov <ja@ssi.bg>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] tc: u32 match in nexthdr not working?
Date: Fri, 14 Dec 2001 12:56:57 +0000 [thread overview]
Message-ID: <marc-lartc-100833440928975@msgid-missing> (raw)
In-Reply-To: <marc-lartc-100827285418750@msgid-missing>
Hello,
On Fri, 14 Dec 2001, Lutz Pressler wrote:
> Hi again,
>
> ok, did some tests:
>
> match ip sport 3128 does work (as does the more correct
> match ip sport 3128 0xffff match ip protocol 0xff to only consider
> TCP) - match tcp src 3128 does not.
>
> The difference as shown by tc filter show dev eth0 parent ffff:
> is that ip sport -> "match 0c380000/ffff0000 at 20"
> tcp src -> "match 0c380000/ffff0000 at nexthdr+0".
>
> This confirms my assumption, that nexthrd is broken.
It confirms only that nexthdr does not work with your
settings. Nothing more. Read carefully iproute2/README.iproute2+tc
and particularly the last filter in this file. I agree, it is not
documented very well. To use nexthdr you must use "offset" with
hash table. U32 is universal (read line #2 in cls_u32.c), it does
not know that you are using IPv4, so the value 20 can not be
guessed. For this, "offset" is used to extract the iphdr->ihl
value and to use it as a base for all nexthdr+ relative offsets.
> at nexthdr+0 _should_ work with IP options present, "at 20" not,
> correct?
>
> Lutz
Regards
--
Julian Anastasov <ja@ssi.bg>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
next prev parent reply other threads:[~2001-12-14 12:56 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-12-13 19:46 [LARTC] tc: u32 match in nexthdr not working? Lutz Pressler
2001-12-14 0:13 ` bert hubert
2001-12-14 7:36 ` Lutz Pressler
2001-12-14 12:10 ` Lutz Pressler
2001-12-14 12:56 ` Julian Anastasov [this message]
2001-12-14 12:58 ` bert hubert
2001-12-14 13:15 ` Julian Anastasov
2001-12-14 13:32 ` bert hubert
2001-12-14 13:54 ` Julian Anastasov
2001-12-14 15:16 ` Henrik Nordstrom
2001-12-14 19:59 ` Michael T. Babcock
2001-12-14 23:00 ` bert hubert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-100833440928975@msgid-missing \
--to=ja@ssi.bg \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.