* [LARTC] u32 nexthdr problem
@ 2001-06-29 21:59 Don Cohen
2001-06-30 22:50 ` Stuart Lynne
0 siblings, 1 reply; 2+ messages in thread
From: Don Cohen @ 2001-06-29 21:59 UTC (permalink / raw)
To: lartc
I'm having trouble with nexthdr.
tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \
match ip protocol 0x6 0xff match u8 0x02 0x12 at nexthdr+13 flowid 10:3
fails to match my test packets whereas
tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \
match ip protocol 0x6 0xff match u8 0x02 0x12 at 33 flowid 10:3
does match them.
Of course, the second one is really wrong since it means something
totally different if your packet contains any IP options (which my
test packets do not, of course).
Does anyone either see what I'm doing wrong?
Anyone else experience the same problems?
Anyone know how to fix them?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [LARTC] u32 nexthdr problem
2001-06-29 21:59 [LARTC] u32 nexthdr problem Don Cohen
@ 2001-06-30 22:50 ` Stuart Lynne
0 siblings, 0 replies; 2+ messages in thread
From: Stuart Lynne @ 2001-06-30 22:50 UTC (permalink / raw)
To: lartc
In article <993851937.8529@whiskey.enposte.net>,
Don Cohen <don-lartc@isis.compsvcs.comwrote:
>I'm having trouble with nexthdr.
> tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \
> match ip protocol 0x6 0xff match u8 0x02 0x12 at nexthdr+13 flowid 10:3
>fails to match my test packets whereas
> tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \
> match ip protocol 0x6 0xff match u8 0x02 0x12 at 33 flowid 10:3
>does match them.
>Of course, the second one is really wrong since it means something
>totally different if your packet contains any IP options (which my
>test packets do not, of course).
>
>Does anyone either see what I'm doing wrong?
>Anyone else experience the same problems?
>Anyone know how to fix them?
The last time I looked at nexthdr (circa 2.4.0) it appeared to simply not
be fully implemented.
I was trying to match tcp acks:
# match acks using nexthdr - doesn't currently work
tc filter add dev eth0 parent 20:0 protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x10 0xff at nexthdr+13 \
flowid 20:23
And had to do it the hard way:
# match acks the hard way,
# IP protocol 6,
# IP header length 0x5(32 bit words),
# IP Total length 0x34
# TCP ack set (bit 5, offset 33)
tc filter add dev eth0 parent 20:0 protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u8 0x34 0xff at 3 \
match u8 0x10 0xff at 33 \
flowid 20:23
Which of course only works with normal sized IP headers.
Has nexthdr been finished?
--
__O
Lineo - For Embedded Linux Solutions _-\<,_
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00 (_)/ (_) 88 EC A3 EE 2D 1C 15 68
Stuart Lynne <sl@fireplug.net www.fireplug.net 604-461-7532
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2001-06-30 22:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-06-29 21:59 [LARTC] u32 nexthdr problem Don Cohen
2001-06-30 22:50 ` Stuart Lynne
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.