On Fri, Dec 14, 2001 at 02:56:57PM +0200, Julian Anastasov wrote: > > The difference as shown by tc filter show dev eth0 parent ffff: > > is that ip sport -> "match 0c380000/ffff0000 at 20" > > tcp src -> "match 0c380000/ffff0000 at nexthdr+0". > not know that you are using IPv4, so the value 20 can not be > guessed. For this, "offset" is used to extract the iphdr->ihl > value and to use it as a base for all nexthdr+ relative offsets. Damn, that's broken. Or at least, extremely non-obvious and hard to get working. Overly universal comes to mind. So 'ip sport' would stop matching packets with ip options? Thanks for enlightening us - will update the HOWTO to this effect. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services Trilab The Technology People Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - 'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet
