LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

Pages: 1

Topic closed

#1 December 17 2006

rolf
Member

TC questions

Considering this filter:

tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 \
   match ip src 1.2.3.4 \
   match ip dport 80 0xffff \
   flowid 1:10

Now I dont know...

Does this u32 filter mean
"match packets with src 1.2.3.4 AND dport 80"
or
"match packets with src 1.2.3.4 OR dport 80"
?

Also something else that I dont understad... what is the "0xffff" for?

Thanks :)

Offline

#2 December 17 2006

teodorgeorgiev
Member

Re: TC questions

The first. The rules are "ANDed" --> "match packets with src 1.2.3.4 AND dport 80".

The 0xFFFF is the mask that you apply on the argument. FFFF goes to (ALL-1s... 1111111111111111).

Since the socket ports are 16bit integers, you apply a 16bit mask on it. If you were to match a protocol, you will use 0xFF, cause protocols are 8bit integers (0-255).  Get a description of the IP packet and see the length of each field. By the length of the field you want to match you will make your mask.

that is.

Offline

#3 December 17 2006

rolf
Member

Re: TC questions

Thanks :)

Offline

Pages: 1

Topic closed

Board footer