[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: U32 and hashtables



On Mon, 13 Mar 2000, [ISO-8859-1] Paweł Krawczyk wrote:

> The general selectors are even cooler but more difficult to set up
> since you have to sit with a drawing of IP/TCP/UDP header and compute
> offsets (unless of course you have them all in memory ;) The general
> selector simply says what bytes to match at which offset of a header.
> The above example with TOS can be written using a general selector and
> it will be 'match u8 0x10 0xff at 1', which means 'match if the 8-bit
> word at offset 1 bytes is 0x10). 
> 
> All specific selectors are really translated to general ones, which
> are internal format and which are displayed when you call 'tc show'.
> There are also many more features in U32, like 'nexthdr' keyword
> which makes U32 match specific values in upper-level protocol headers,
> or building rule hash tables indexed by a value in IP packet (e.g.
> protocol number). Action also can be simple marking the packet
> for a specific class (flowid X:Y) or policing, which is a bit more
> complex. 


	How does one do general selectors against the TCP header?

match u32 0xd170ab9e 0xffffffff at 16

matches ip dst 209.112.171.158/32 at starting after octet 16 in the IP
header.

How would I determin the proper offset for the TCP package?  Isn't the
IP header length variable depending on the options field?  I
understand it must end on a 32bit boundry, but the actual length is
not fixed.


	Also, how are matches smaller than an octet handled?

	Say I want to match the 2nd bit of octet 7, I do an at 6 then
what?


 ---
As folks might have suspected, not much survives except roaches, 
and they don't carry large enough packets fast enough...
        --About the Internet and nuclear war.