From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stuart Lynne Date: Sat, 30 Jun 2001 22:50:18 +0000 Subject: Re: [LARTC] u32 nexthdr problem Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org In article <993851937.8529@whiskey.enposte.net>, Don Cohen I'm having trouble with nexthdr. > tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \ > match ip protocol 0x6 0xff match u8 0x02 0x12 at nexthdr+13 flowid 10:3 >fails to match my test packets whereas > tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \ > match ip protocol 0x6 0xff match u8 0x02 0x12 at 33 flowid 10:3 >does match them. >Of course, the second one is really wrong since it means something >totally different if your packet contains any IP options (which my >test packets do not, of course). > >Does anyone either see what I'm doing wrong? >Anyone else experience the same problems? >Anyone know how to fix them? The last time I looked at nexthdr (circa 2.4.0) it appeared to simply not be fully implemented. I was trying to match tcp acks: # match acks using nexthdr - doesn't currently work tc filter add dev eth0 parent 20:0 protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match u8 0x10 0xff at nexthdr+13 \ flowid 20:23 And had to do it the hard way: # match acks the hard way, # IP protocol 6, # IP header length 0x5(32 bit words), # IP Total length 0x34 # TCP ack set (bit 5, offset 33) tc filter add dev eth0 parent 20:0 protocol ip prio 10 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u8 0x34 0xff at 3 \ match u8 0x10 0xff at 33 \ flowid 20:23 Which of course only works with normal sized IP headers. Has nexthdr been finished? -- __O Lineo - For Embedded Linux Solutions _-\<,_ PGP Fingerprint: 28 E2 A0 15 99 62 9A 00 (_)/ (_) 88 EC A3 EE 2D 1C 15 68 Stuart Lynne