On Sunday 2013-11-10 12:53, Patrick Schaaf wrote:
>
>I'm stumbling over a confusion, maybe just mine, regarding the use of the mask
>value of the TOS target in order to avoid messing with the ECN bits within.
>
> -j TOS --set-tos 0x0c/0xfc
>
>which should result in A) leaving ECN alone and B) set the DSCP bits to
>000011, the first "reserved for local use" value.
RFCs have the bit order reversed in their diagrams, which is…
unusual, but at least properly documented. It spells out: "bits 6 and
7 in the IPv4 TOS octet are designed as the ECN field". The keeper
mask is therefore 0xc0, and the equivalent clearing mask is 0x3f
(not 0xfc).
In the user interface, clearing masks are a must-have for bit
manipulation[1] targets, do not fall under "bit manipulation"), and
keeper masks are a must-have for bit tests. This is because they are
easiest to use for each case.
Lemma: Look at some C code. You will find
void paint(animal *a) {
if (a->type & HORSE) {
a->type &= ~HORSE;
a->type |= ZEBRA;
}
}
rather than
if (foo & ~(DONKEY | HORSE | ZEBRA | MULE | ZULE | ZORSE)) {
foo &= DONKEY | HORSE | ZEBRA | MULE | ZULE | ZORSE;
foo |= ZEBRA;
}
for the same reason.
[1] While many targets do some bit manipulation on the packet,
the UI does not expose it as such. For example, NAT uses IP
addresses rather than raw bits.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
