In article <993851937.8529@whiskey.enposte.net>,
Don Cohen <don-lartc@isis.compsvcs.comwrote:>I''m having trouble with nexthdr.
> tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \
> match ip protocol 0x6 0xff match u8 0x02 0x12 at nexthdr+13 flowid 10:3
>fails to match my test packets whereas
> tc filter add dev eth0 protocol ip parent 10:0 prio 1 u32 \
> match ip protocol 0x6 0xff match u8 0x02 0x12 at 33 flowid 10:3
>does match them.
>Of course, the second one is really wrong since it means something
>totally different if your packet contains any IP options (which my
>test packets do not, of course).
>
>Does anyone either see what I''m doing wrong?
>Anyone else experience the same problems?
>Anyone know how to fix them?
The last time I looked at nexthdr (circa 2.4.0) it appeared to simply not
be fully implemented.
I was trying to match tcp acks:
# match acks using nexthdr - doesn''t currently work
tc filter add dev eth0 parent 20:0 protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x10 0xff at nexthdr+13 \
flowid 20:23
And had to do it the hard way:
# match acks the hard way,
# IP protocol 6,
# IP header length 0x5(32 bit words),
# IP Total length 0x34
# TCP ack set (bit 5, offset 33)
tc filter add dev eth0 parent 20:0 protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u8 0x34 0xff at 3 \
match u8 0x10 0xff at 33 \
flowid 20:23
Which of course only works with normal sized IP headers.
Has nexthdr been finished?
--
__O
Lineo - For Embedded Linux Solutions _-\<,_
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00 (_)/ (_) 88 EC A3 EE 2D 1C 15 68
Stuart Lynne <sl@fireplug.net www.fireplug.net 604-461-7532