From mboxrd@z Thu Jan  1 00:00:00 1970
From: Julian Anastasov <ja@ssi.bg>
Date: Fri, 14 Dec 2001 13:54:43 +0000
Subject: Re: [LARTC] tc: u32 match in nexthdr not working?
Message-Id: <marc-lartc-100833788904209@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-100827285418750@msgid-missing>
In-Reply-To: <marc-lartc-100827285418750@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org


	Hello,

On Fri, 14 Dec 2001, bert hubert wrote:

> > 	No, ihl includes the options. Everything works perfectly.
> > It is bug to use sport and dport if ip options are present. There
>
> Geh. Or an 'undocumented feature'. Because you don't know what kind of
> packets you will send or forward, using 'ip sport' is always a bug.

	Yes

> > are tcp dst and tcp src for example. Same for udp. For icmp there
> > are icmp type and icmp code. All they use the same base pointer.
>
> But tcp src only works when operating in a hashed filter? Which is
> not often the case.

	Right. But only then we can match packets with options.

> I tried this:
> tc filter add dev eth0 parent 1:0 prio 5 u32  \
> 	match ip nofrag \
> 	offset mask 0x0F00 shift 6 \
> 	match tcp src 22 0xffff classid 1:2
>
> But it doesn't work, gives:

	Of course

> RTNETLINK answers: Invalid argument

Didn't tried it but something like this:

F="tc filter add dev eth0 parent 1:0 protocol ip prio 5"
$F handle 1: u32 divisor 1
$F u32 ht 1: match tcp src 22 0xFFFF match ip protocol 6 0xFF match ip firstfrag flowid 1:2
$F u32 ht 800:: match u8 0 0 offset at 0 mask 0x0f00 shift 6 link 1:

Using ip nofrag is another bug :) Small? You miss traffic.

> Regards,
>
> bert

Regards

--
Julian Anastasov <ja@ssi.bg>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/