Hello, I wondered why my filters with nexthdr never match. Then I gave the same address as IP packet offset and then it works: start cmd: # tc -s filter show dev eth1 parent 113: filter protocol ip pref 1 u32 filter protocol ip pref 1 u32 fh 800: ht divisor 1 filter protocol ip pref 1 u32 fh 800::800 order 2048 key ht 800 bkt 0 flowid 113:1 (rule hit 29 success 0) match 00060000/00ff0000 at 8 (success 29 ) match 00000000/0000ffc0 at 0 (success 28 ) match 00100000/00ff0000 at nexthdr+12 (success 0 ) filter protocol ip pref 3 u32 filter protocol ip pref 3 u32 fh 802: ht divisor 1 filter protocol ip pref 3 u32 fh 802::800 order 2048 key ht 802 bkt 0 flowid 113:1 (rule hit 29 success 18) match 00060000/00ff0000 at 8 (success 29 ) match 05000000/0f00ffc0 at 0 (success 28 ) match 00100000/00ff0000 at 32 (success 18 ) These rules should do exactly the same but the first rule does not match. Note that the check of the IHL field ensures that nexthdr+12 is 32. The examples on lartc.org use both variants. Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
