On Sat, 17 Dec 2005, Andy Furniss wrote:
> The u8 test works OK for me as does the one below.
My mistake. I cleaned the rules and removed the ones that collided with
the u8 one.
There is no error on this. (see explanation bellow).
>
> When playing with tc filters I always tc qdisc del dev eth0 root and enter
> the whole lot again between tests.
I always took that as mandatory. Don't worry.
'tc qdisc del dev XXX root' is always on my scripts.
> I don't know why the mark match doesn't work for you - it has its own kernel
> config option and IIRC was added by patch and may be removed at some time in
> favour of ematch (IIRC).
(What IIRC stands for?? I missed this one.)
Here is the explanation for u8 behavior. Together with 'match u8 8 0xff at 20'
I also had 'match ip dport 1234 0xffff' and 'match ip sport 80 0xffff'
(these both i striped out in my original post).
Since the last two colide with the 'u8 ... at 20', tc complained
(I don't know the mechanism use by tc but the fact is tc knows they collide).
>> # $TC filter add dev eth0 protocol ip parent 1:0 prio 2 \ u32 \
>> match ip src 200.231.49.240/29 \
>> match ip dst 200.231.48.94/32 \ match mark 0xa5a5 0xffff \
>> match u16 0x0800 0xffff at -2 \
>
> This is redundant as you already say "protocol ip"
Thanks. I'll take it out from the generator.
>> What is this "005004d2/ffffffff at 20"? (I asked "match u16 0 0xff00 at
>> 20")
>
> 0050 sport 80 - 04d2 dport 1234 - you got 0 at 20 mask 0xff it's the MSB of
> sport ...
Holly Cow!!! You're 1000% right.
>> Where is the "match mark" clause?
But this one is still a mistery. where did "match mark" go?
Look:
# ./rc.htb2
+ /usr/local/src/iproute2-2.6.14-051107/tc/tc filter add dev eth0 \
protocol ip \
parent 1:0 \
prio 2 \
u32 match mark 0xa5a5 0xffff \
flowid 1:5
+ /usr/local/src/iproute2-2.6.14-051107/tc/tc filter ls dev eth0
filter parent 1: protocol ip pref 2 u32
filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 2 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 1:5
+ /usr/local/src/iproute2-2.6.14-051107/tc/tc qdisc del dev eth0 root
+ set +x
There is no 'match mark' on output. Could anyone see if this is
correct (match mark does not showing on 'tc filter ls' command)?
Regards
Ethy
--- Begin Message ---
On Sat, 17 Dec 2005, Andy Furniss wrote:
The u8 test works OK for me as does the one below.
My mistake. I cleaned the rules and removed the ones that collided with
the u8 one.
There is no error on this. (see explanation bellow).
When playing with tc filters I always tc qdisc del dev eth0 root and enter
the whole lot again between tests.
I always took that as mandatory. Don't worry.
'tc qdisc del dev XXX root' is always on my scripts.
I don't know why the mark match doesn't work for you - it has its own kernel
config option and IIRC was added by patch and may be removed at some time in
favour of ematch (IIRC).
(What IIRC stands for?? I missed this one.)
Here is the explanation for u8 behavior. Together with 'match u8 8 0xff at 20'
I also had 'match ip dport 1234 0xffff' and 'match ip sport 80 0xffff'
(these both i striped out in my original post).
Since the last two colide with the 'u8 ... at 20', tc complained
(I don't know the mechanism use by tc but the fact is tc knows they collide).
# $TC filter add dev eth0 protocol ip parent 1:0 prio 2 \ u32 \
match ip src 200.231.49.240/29 \
match ip dst 200.231.48.94/32 \ match mark 0xa5a5 0xffff \
match u16 0x0800 0xffff at -2 \
This is redundant as you already say "protocol ip"
Thanks. I'll take it out from the generator.
What is this "005004d2/ffffffff at 20"? (I asked "match u16 0 0xff00 at
20")
0050 sport 80 - 04d2 dport 1234 - you got 0 at 20 mask 0xff it's the MSB of
sport ...
Holly Cow!!! You're 1000% right.
Where is the "match mark" clause?
But this one is still a mistery. where did "match mark" go?
Look:
# ./rc.htb2
+ /usr/local/src/iproute2-2.6.14-051107/tc/tc filter add dev eth0 \
protocol ip \
parent 1:0 \
prio 2 \
u32 match mark 0xa5a5 0xffff \
flowid 1:5
+ /usr/local/src/iproute2-2.6.14-051107/tc/tc filter ls dev eth0
filter parent 1: protocol ip pref 2 u32
filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 2 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 1:5
+ /usr/local/src/iproute2-2.6.14-051107/tc/tc qdisc del dev eth0 root
+ set +x
There is no 'match mark' on output. Could anyone see if this is
correct (match mark does not showing on 'tc filter ls' command)?
Regards
Ethy
--- End Message ---
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
