tc offset & subheader matching clarification / question

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello
TC's syntax, particulary u32 filter, is far more rich than what man, howto or command's help provides. I've been looking for information about the uses of 'offset' parameter, or more detailed explanation of a few other/relevan options, but what I've found is very brief to say the least.
So I checked the sources of cls_u32.c and f_u32.c. According to that, the separate 'offset' parameter controls the offset to the subheader (i.e. tcp from the beginning of ip), and it must be supplied explicitely. So for example, doing something like: 

tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 \
	match tcp dst 1234 0xffff flowid 1:5

or its equivalent

tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 \
	match u32 0x00001234 0x0000ffff at nexthdr+0 flowid 1:5
is not enough. Looking at f_u32.c, the only thing that nexthdr+ will cause, is setting offset mask (key->offmask), used in the following line of net/sched/cls_u32.c: 

if ((*(u32*)(ptr+key->off+(off2&key->offmask))^key->val)&key->mask) {
If I understand it correctly, then i.e. lartc howto's 12.1.1 examples wouldn't work as intended. off2 would have to be set by the means of 'offset' option on the command line.
Now, the hash table example in README.iproute2+tc shows how to use 'offset' option and after analysing mentioned sources, it's more or less clear for me what and how happes:
offset mask 0x0F00 shift 6 - specifies ip header size in bytes (calculated as off2 in cls_u32.c)
match tcp dst 0x17 0xffff - having key->offmask == -1, off2 will be added in addition to key->off. Thus skipping to actual tcp header, if such need arises. This is needed for match tcp to work properly in: 

$TC filter add dev eth1 parent 1:0 prio 5 u32 ht 1:6: \
        match ip dst 193.233.7.75 \
        match tcp dst 0x17 0xffff \
        flowid 1:4 \
        police rate 32kbit buffer 5kb/8 mpu 64 mtu 1514 index 1
Anyway, as far as I understand, 'offset' option only works in context of extra hash tables, as off2 is calculated before the move to the next ht. 

Do I understand this correctly, or did I miss something ?
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux