Hello, On Fri, 14 Dec 2001, bert hubert wrote: > > No, ihl includes the options. Everything works perfectly. > > It is bug to use sport and dport if ip options are present. There > > Geh. Or an 'undocumented feature'. Because you don't know what kind of > packets you will send or forward, using 'ip sport' is always a bug. Yes > > are tcp dst and tcp src for example. Same for udp. For icmp there > > are icmp type and icmp code. All they use the same base pointer. > > But tcp src only works when operating in a hashed filter? Which is > not often the case. Right. But only then we can match packets with options. > I tried this: > tc filter add dev eth0 parent 1:0 prio 5 u32 \ > match ip nofrag \ > offset mask 0x0F00 shift 6 \ > match tcp src 22 0xffff classid 1:2 > > But it doesn't work, gives: Of course > RTNETLINK answers: Invalid argument Didn't tried it but something like this: F="tc filter add dev eth0 parent 1:0 protocol ip prio 5" $F handle 1: u32 divisor 1 $F u32 ht 1: match tcp src 22 0xFFFF match ip protocol 6 0xFF match ip firstfrag flowid 1:2 $F u32 ht 800:: match u8 0 0 offset at 0 mask 0x0f00 shift 6 link 1: Using ip nofrag is another bug :) Small? You miss traffic. > Regards, > > bert Regards -- Julian Anastasov <ja@xxxxxx>
