LARTC - Dec 2005 - tc filter match u8 problem??

Hi All

Can someone tell me what am I doing wrong?
These was suposed to catch icmp type 8. Why ''match u8'' does
not work?

# tc filter add dev eth0 protocol ip parent 1: prio 2 \
   u32  \
      match u16 0x0800 0xffff at -2 \
         match u8 8 0xff at 20  \
   flowid 1:5
Illegal "match"
#

# tc filter add dev eth0 protocol ip parent 1: prio 2 \
   u32  \
      match u16 0x0800 0xffff at -2 \
         match u16 8 0xff00 at 20  \
   flowid 1:5
#

Environment: 
	Slackware 10.2 
	tc utility, iproute2-2.6.11_050330

-- 

Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil   / \

On Fri, 16 Dec 2005 17:00:41 -0200
"Ethy H. Brito" <ethy.brito@inexo.com.br> wrote:
> 
> Hi All
A little bit more ammunition. Playing around with tc filter I run this (I know
it looks like crazy but tc should deal with this asking no questions, right?)

(for the curious out there: I am writing a htb rules generator (YARG - Yet
Another Trafic Control Rules Generator), and one of its generated crazy test
rules is the rule bellow. I''ll give you more details on this generator
when I
solve this and other misteries)

# $TC filter add dev eth0 protocol ip parent 1:0 prio 2 \ 
  u32  \ 
     match ip src 200.231.49.240/29  \
     match ip dst 200.231.48.94/32  \ 
     match mark 0xa5a5 0xffff \     
     match u16 0x0800 0xffff at -2 \ 
     match u16 0 0xff00 at 20  \        
     match u16 6 0xffff at 11 \ 
     match ip dport 1234 0xffff  \ 
     match ip sport 80 0xffff  \  
 flowid 1:5

# /usr/local/src/iproute2-2.6.14-051107/tc/tc -s filter show dev eth0
filter parent 1: protocol ip pref 2 u32 
filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1 
filter parent 1: protocol ip pref 2 u32 fh 800::800 order 2048 key ht 800 bkt 0
flowid 1:5
  match c8e731f0/fffffff8 at 12
  match c8e7305e/ffffffff at 16
  match 00000800/0000ffff at -4
  match 005004d2/ffffffff at 20
  match 00000006/0000ffff at 8

What is this "005004d2/ffffffff at 20"? (I asked "match u16 0
0xff00 at 20")
Where is the "match mark" clause?
Where are the two "match ip Xport" clauses?
WHAT AM I DOING WRONG ???
> 
> Can someone tell me what am I doing wrong?
> These was suposed to catch icmp type 8. Why ''match u8''
does not work?
> 
> # tc filter add dev eth0 protocol ip parent 1: prio 2 \
>    u32  \
>       match u16 0x0800 0xffff at -2 \
>          match u8 8 0xff at 20  \
>    flowid 1:5
> Illegal "match"
> #
> 
> # tc filter add dev eth0 protocol ip parent 1: prio 2 \
>    u32  \
>       match u16 0x0800 0xffff at -2 \
>          match u16 8 0xff00 at 20  \
>    flowid 1:5
> #
> 
> Environment: 
> 	Slackware 10.2 
> 	tc utility, iproute2-2.6.11_050330
> 
> -- 
> 
> Ethy H. Brito         /"\
> InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
> +55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
> S.J.Campos - Brasil   / \ 
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

-- 

Ethy H. Brito         /"\
InterNexo Ltda.       \ /  CAMPANHA DA FITA ASCII - CONTRA MAIL HTML
+55 (12) 3941-6860     X   ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
S.J.Campos - Brasil   / \

Ethy H. Brito wrote:
> On Fri, 16 Dec 2005 17:00:41 -0200
> "Ethy H. Brito" <ethy.brito@inexo.com.br> wrote:
> 
> 
>>Hi All
> 
> 
> A little bit more ammunition. Playing around with tc filter I run this (I
know
> it looks like crazy but tc should deal with this asking no questions,
right?)
> 
> (for the curious out there: I am writing a htb rules generator (YARG - Yet
> Another Trafic Control Rules Generator), and one of its generated crazy
test
> rules is the rule bellow. I''ll give you more details on this
generator when I
> solve this and other misteries)
The u8 test works OK for me as does the one below.

When playing with tc filters I always tc qdisc del dev eth0 root and 
enter the whole lot again between tests.

I don''t know why the mark match doesn''t work for you - it has
its own
kernel config option and IIRC was added by patch and may be removed at 
some time in favour of ematch (IIRC).
> 
> # $TC filter add dev eth0 protocol ip parent 1:0 prio 2 \ 
>   u32  \ 
>      match ip src 200.231.49.240/29  \
>      match ip dst 200.231.48.94/32  \ 
>      match mark 0xa5a5 0xffff \     
>      match u16 0x0800 0xffff at -2 \ 
This is redundant as you already say "protocol ip"
>      match u16 0 0xff00 at 20  \        
>      match u16 6 0xffff at 11 \ 
>      match ip dport 1234 0xffff  \ 
>      match ip sport 80 0xffff  \  
>  flowid 1:5
> 
> # /usr/local/src/iproute2-2.6.14-051107/tc/tc -s filter show dev eth0
> filter parent 1: protocol ip pref 2 u32 
> filter parent 1: protocol ip pref 2 u32 fh 800: ht divisor 1 
> filter parent 1: protocol ip pref 2 u32 fh 800::800 order 2048 key ht 800
bkt 0 flowid 1:5
>   match c8e731f0/fffffff8 at 12
>   match c8e7305e/ffffffff at 16
>   match 00000800/0000ffff at -4
>   match 005004d2/ffffffff at 20
>   match 00000006/0000ffff at 8
> 
> What is this "005004d2/ffffffff at 20"? (I asked "match u16
0 0xff00 at 20")
0050 sport 80 - 04d2 dport 1234 - you got 0 at 20 mask 0xff it''s the
MSB
of sport ...

> Where is the "match mark" clause?
> Where are the two "match ip Xport" clauses?
> WHAT AM I DOING WRONG ???
Don''t know  - test again but always delete root qdisc between tests and
see if slack selected mark match for you.

Andy.