LARTC - Apr 2004 - tcng and ip_len

I can''t seem to match packets less than 512 bytes:

class( <$bulk> )
  if tcp_dport == 81 && !( ip_len & 0xfe00 )
;
or
if tcp_dport == 81 && ip_len < 512

Both rules match any packet I send to port 81, even when the total IP length 
is much greater than 512 bytes:

class htb 2:4 parent 2:1 leaf 5: prio 1 rate 8000bps ceil 24000bps burst 6Kb 
cburst 1839b
 Sent 244592 bytes 168 pkts (dropped 0, overlimits 0)
 rate 932bps
 lended: 94 borrowed: 74 giants: 0
 tokens: -72884 ctokens: 22937

244592 / 168 = 1455.9 bytes/packet

I captured the traffic to verify the packets indeed were greater than 512 
bytes.

If anyone knows what I''m doing wrong, let me know.

Thanks!

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: lartc.org

On Friday 16 April 2004 17:07, Jason Boxman wrote:
> I can''t seem to match packets less than 512 bytes:
>
> class( <$bulk> )
>   if tcp_dport == 81 && !( ip_len & 0xfe00 )
> ;
> or
> if tcp_dport == 81 && ip_len < 512
Reversing the rule such that it is:

if ip_len < 512 && tcp_dport == 81

works as expected.  I have no idea why.  I''d guess the IP header
matches need
to come first, but I have a rule that matches tcp_sport first and it has 
worked fine.

if tcp_sport == 22 && ip_tos_delay == 1

<snip>

-- 

Jason Boxman
Perl Programmer / *NIX Systems Administrator
Shimberg Center for Affordable Housing | University of Florida
edseek.com - Linux and FOSS stuff

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: lartc.org