On Tuesday 27 May 2003 11:49, Jurijs Dorofejevs wrote:
> Hi!
>
> Can anybody explain me how does the mask work in filters?
>
> This example set filter for exactly port #2000 :
> tc filter add dev eth1 parent 1:0 protocol ip prio 100 u32 match ip sport
> 2000 0xffff classid 1:256
>
> But if I need to set filter for the range of ports, for example, ports
> from 2000 till 3000, what mask do I need?
>
> Trying google, I've read that Mask = 0xffff - (high_port - low_port),
> that in my case will be: Mask = 0xffff - (3000 - 2000) = 0xfc17
>
> tc filter add dev eth1 parent 1:0 protocol ip prio 100 u32 match ip sport
> 2000 0xfc17 classid 1:256
>
> But this example doesn't work correctly and I suppose that I'm wrong
> with mask defying algorithm.
>
> Any ideas?
I don't use the u32 mask myself, but I think you have to write it down in
binary to understand.
Easy example :
match ip sport 2000 0xffff
2000 = 0000 0111 1101 0000
0xfff0 = 1111 1111 1111 0000
So all packets going from 0000 0111 1101 0000 (2000) to 0000 0111 1101 0000
(2031) are matched.
Other example :
match ip sport 2000 0xfc17
2000 = 0000 0111 1101 0000
0xfc17 = 1111 1100 0001 0111
This is more complicated. This matches all packets with 0000 01xx xxx1 x000
(x = 0 or 1) as source port.
Stef
--
stef.coene@xxxxxxxxx
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
