0

I am studying the QOS utility of Linux -- TC -- recently, and today I encountered below two statments from a bandwidth-limit script on Linux:

     tc filter add dev eth0 parent 1: prio 1 protocol ip u32 \
     match ip tos 0x68 0xff match ip protocol 0x11 0xff flowid 1:1

     tc filter add dev eth0 parent 1: prio 1 protocol ip u32 \
     match ip tos 0xb8 0xff match ip protocol 0x11 0xff flowid 1:1

What does it mean by saying "match ip tos 0x68 0xff match ip protocol 0x11 0xff"?

dsmsk80
  • 5,817
  • 18
  • 22
Steve Peng
  • 559
  • 1
  • 8
  • 18

1 Answers1

1

With generic u32 selector, you define a pattern to be matched against IP packet header and a mask to match particular bits only at specific offset.

u32 match ip PATTERN MASK at OFFSET

Multiple matches are logically "anded" so a filter will be successful if all its matches are successful. Let's try to "decode" your filter and its selectors:

  • ip tos 0x68 0xff

This can be read as check if TOS field of IP header has value of 0x68 (mask is 0xff so 0x68 AND 0xff = 0x68). I would say it has something to do with DSCP (more about value 0x68).

  • ip protocol 0x11 0xff

This checks if protocol field has value of 0x11 which is UDP protocol. You can find protocol numbers in /etc/protocols (for UDP, 17 = 0x11)

ip tos and ip protocol are so-called specific selectors but you can rewrite them in generic form

  • u8 0x68 0xff at 1
  • u8 0x11 0xff at 9

Selector u8 defines lenght of pattern to be matched in bits (other ones are u32, u16). Then, use the same logic like above. Match value 0x68 at byte 1 in IP header which is TOS field and value 0x11 at byte 9 which is protocol field.

Finally, I would add one more example how to match IP packets with source IP address from particular network (192.168.123.0/24):

  • u32 u32 0xc0a87b00 0xffffff00 at 12

This matches only first 3 bytes (0xc0 = 192, 0xa8 = 168, 0x7b = 123) of the field at byte 12 due to the mask value (0xc0 AND 0xff = 0xc0, ..., 0xXX AND 0x00 = 0x00). This can be written with specific selector as

  • ip src 192.168.123/24

If you can use specific selectors as they are easier to understand. Finally. this picture can help with choosing right offsets if you have to use generic ones.

enter image description here

dsmsk80
  • 5,817
  • 18
  • 22