Re: tc filter match u8 problem??

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ethy H. Brito wrote:

On Fri, 16 Dec 2005 17:00:41 -0200
"Ethy H. Brito" <ethy.brito@xxxxxxxxxxxx> wrote:



Hi All



A little bit more ammunition. Playing around with tc filter I run this (I know
it looks like crazy but tc should deal with this asking no questions, right?)

(for the curious out there: I am writing a htb rules generator (YARG - Yet
Another Trafic Control Rules Generator), and one of its generated crazy test
rules is the rule bellow. I'll give you more details on this generator when I
solve this and other misteries)


The u8 test works OK for me as does the one below.
When playing with tc filters I always tc qdisc del dev eth0 root and enter the whole lot again between tests.
I don't know why the mark match doesn't work for you - it has its own kernel config option and IIRC was added by patch and may be removed at some time in favour of ematch (IIRC).
# $TC filter add dev eth0 protocol ip parent 1:0 prio 2 \ u32 \ match ip src 200.231.49.240/29 \ match ip dst 200.231.48.94/32 \ match mark 0xa5a5 0xffff \ match u16 0x0800 0xffff at -2 \ 

This is redundant as you already say "protocol ip"
match u16 0 0xff00 at 20 \ match u16 6 0xffff at 11 \ match ip dport 1234 0xffff \ match ip sport 80 0xffff \ flowid 1:5 

# /usr/local/src/iproute2-2.6.14-051107/tc/tc -s filter show dev eth0
filter parent 1: protocol ip pref 2 u32 filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1 filter parent 1: protocol ip pref 2 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:5 match c8e731f0/fffffff8 at 12 
  match c8e7305e/ffffffff at 16
  match 00000800/0000ffff at -4
  match 005004d2/ffffffff at 20
  match 00000006/0000ffff at 8

What is this "005004d2/ffffffff at 20"? (I asked "match u16 0 0xff00 at 20")
0050 sport 80 - 04d2 dport 1234 - you got 0 at 20 mask 0xff it's the MSB of sport ... 



Where is the "match mark" clause?
Where are the two "match ip Xport" clauses?
WHAT AM I DOING WRONG ???
Don't know - test again but always delete root qdisc between tests and see if slack selected mark match for you. 

Andy.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux