[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: U32 and hashtables
On Mon, 13 Mar 2000, [ISO-8859-1] Paweł Krawczyk wrote:
> The general selectors are even cooler but more difficult to set up
> since you have to sit with a drawing of IP/TCP/UDP header and compute
> offsets (unless of course you have them all in memory ;) The general
> selector simply says what bytes to match at which offset of a header.
> The above example with TOS can be written using a general selector and
> it will be 'match u8 0x10 0xff at 1', which means 'match if the 8-bit
> word at offset 1 bytes is 0x10).
> All specific selectors are really translated to general ones, which
> are internal format and which are displayed when you call 'tc show'.
> There are also many more features in U32, like 'nexthdr' keyword
> which makes U32 match specific values in upper-level protocol headers,
> or building rule hash tables indexed by a value in IP packet (e.g.
> protocol number). Action also can be simple marking the packet
> for a specific class (flowid X:Y) or policing, which is a bit more
How does one do general selectors against the TCP header?
match u32 0xd170ab9e 0xffffffff at 16
matches ip dst 220.127.116.11/32 at starting after octet 16 in the IP
How would I determin the proper offset for the TCP package? Isn't the
IP header length variable depending on the options field? I
understand it must end on a 32bit boundry, but the actual length is
Also, how are matches smaller than an octet handled?
Say I want to match the 2nd bit of octet 7, I do an at 6 then
As folks might have suspected, not much survives except roaches,
and they don't carry large enough packets fast enough...
--About the Internet and nuclear war.