cross-posted from: https://lemmy.ca/post/14107888
I have a very specific questions about Linux Traffic control and u32 filters in particular. However, I don’t know where the right place is to ask such a question as it’s fairly niche.
The Linux Advanced Routing & Traffic Control site says it has a mailing list for questions, but the last post was from 2019. There is also the incredibly busy ‘linux-netdev’ mailing list, but, the traffic there looks like strictly source changes.
Any ideas?
The question I’m trying to find an answer to is: The u32 tc filter seems to support negative byte offsets which allows you to examine the Ethernet frame header (I don’t think I even found documentation on this, this is thanks to ChatGPT). However, when using u32 values to examine 8 bytes I can only use offsets in increments of 4 - like “at -8” or “at -12”, with any other increment giving me the error
Illegal "match"
.This seems like only a curiosity, but, I’ve been struggling to get my bit-matching to match the way I expect, and I’m wondering if this suggests that matching doesn’t function the way I think.
https://linux-tc-notes.sourceforge.net/tc/doc/cls_u32.txt:
The base operation of the u32 filter is actually very simple. It extracts a bit field from a 32 bit word in the packet, and if it is equal to a value supplied by you it has a match. The 32 bit word must lie at a 32 bit boundary.