Hello, I''m having some trouble with the u32 port match and that is when specifying a mask. tc filter add prio 1 dev ppp1 parent 2:0 protocol ip u32 match ip dst 0.0.0.0/0 match ip protocol 17 0xff match ip dport 27015 0xffff flowid 2:4 Using 27015 0xffff works just fine, all packets to dport 27015 go to 2:4 tc filter add prio 1 dev ppp2 parent 2:0 protocol ip u32 match ip dst 0.0.0.0/0 match ip protocol 17 0xff match ip dport 27015 0xFFD2 flowid 2:4 Using 27015 0xffd2, no packets go to 2:4. What should happen if my theory below is right is putting ports 27015 - 27050 in 2:4 The way I calculate the mask is: - Convert lowest boundary of port range to binary (27015) - Convert highest boundary of port range to binary (27050) - XOR every bit of the low port with the negated bit of the high port - Convert calculated value to base 16 and use as 0x$MASK So basically I assume that: [ ] I have no idea how the mask field works [ ] There is an error in the implementation Can anyone confirm my understanding of the mask calculation? Can anyone confirm an error in the implementation? I''m running iproute2-ss050112 on a 2.4.28 kernel (with several patches) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Walter Karshat wrote:> A filter specification of > ''match ip dport 0x6980 0xFFC0'' > will match a range of 27008 (0x6980) to 27071 > (0x69BF).Just like I thought... Unfortunately this does not work for me :-( tc filter add prio 1 dev ppp1 parent 2:0 protocol ip u32 match ip dst 0.0.0.0/0 match ip protocol 17 0xff match ip dport 0x6987 0xFFD2 flowid 2:4 Whereas this works: tc filter add prio 1 dev ppp1 parent 2:0 protocol ip u32 match ip dst 0.0.0.0/0 match ip protocol 17 0xff match ip dport 0x6987 0xFFFF flowid 2:4 tc filter add prio 1 dev ppp1 parent 2:0 protocol ip u32 match ip dst 0.0.0.0/0 match ip protocol 17 0xff match ip dport 0x6988 0xFFFF flowid 2:4 . . . tc filter add prio 1 dev ppp1 parent 2:0 protocol ip u32 match ip dst 0.0.0.0/0 match ip protocol 17 0xff match ip dport 0x69AA 0xFFFF flowid 2:4 But mostlikely comes at the cost of huge overhead.> Are you certain you need to go all the way to 27050 > with your Half-Life server?Yes, because there are enough internet servers not running within the standard range of 27015 - 27020 but up to 40 or 50 (and of course some non standard ports that I cannot take care of). Thanks again, - Jörg _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/