I can''t seem to match packets less than 512 bytes: class( <$bulk> ) if tcp_dport == 81 && !( ip_len & 0xfe00 ) ; or if tcp_dport == 81 && ip_len < 512 Both rules match any packet I send to port 81, even when the total IP length is much greater than 512 bytes: class htb 2:4 parent 2:1 leaf 5: prio 1 rate 8000bps ceil 24000bps burst 6Kb cburst 1839b Sent 244592 bytes 168 pkts (dropped 0, overlimits 0) rate 932bps lended: 94 borrowed: 74 giants: 0 tokens: -72884 ctokens: 22937 244592 / 168 = 1455.9 bytes/packet I captured the traffic to verify the packets indeed were greater than 512 bytes. If anyone knows what I''m doing wrong, let me know. Thanks! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 16 April 2004 17:07, Jason Boxman wrote:> I can''t seem to match packets less than 512 bytes: > > class( <$bulk> ) > if tcp_dport == 81 && !( ip_len & 0xfe00 ) > ; > or > if tcp_dport == 81 && ip_len < 512Reversing the rule such that it is: if ip_len < 512 && tcp_dport == 81 works as expected. I have no idea why. I''d guess the IP header matches need to come first, but I have a rule that matches tcp_sport first and it has worked fine. if tcp_sport == 22 && ip_tos_delay == 1 <snip> -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/