Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   u32    ( 8 )

универсальный 32-битный фильтр управления трафиком (universal 32bit traffic control filter)
  Name  |  Synopsis  |  Description  |  Values  |  Options  |    Selectors    |  Examples  |  See also  |

Селекторы (Selectors)

Basically the only real selector is u32 . All others merely provide a higher level syntax and are internally translated into u32 .

u32 VAL_MASK_32 u16 VAL_MASK_16 u8 VAL_MASK_8 Match packet data to a given value. The selector name defines the sample length to extract (32bits for u32, 16bits for u16 and 8bits for u8). Before comparing, the sample is binary AND'ed with the given mask. This way uninteresting bits can be cleared before comparison. The position of the sample is defined by the offset specified in AT.

ip IP ip6 IP6 Assume packet starts with an IPv4 ( ip) or IPv6 ( ip6) header. IP/IP6 then allows to match various header fields:

src ADDR dst ADDR Compare Source or Destination Address fields against the value of ADDR. The reserved words default, any and all effectively match any address. Otherwise an IP address of the particular protocol is expected, optionally suffixed by a prefix length to match whole subnets. In case of IPv4 a netmask may also be given.

dsfield VAL_MASK_8 IPv4 only. Match the packet header's DSCP/ECN field. Synonyms to this are tos and precedence.

ihl VAL_MASK_8 IPv4 only. Match the Internet Header Length field. Note that the value's unit is 32bits, so to match a packet with 24byte header length u8_value has to be 6.

protocol VAL_MASK_8 Match the Protocol (IPv4) or Next Header (IPv6) field value, e.g. 6 for TCP.

icmp_type VAL_MASK_8 icmp_code VAL_MASK_8 Assume a next-header protocol of icmp or ipv6-icmp and match Type or Code field values. This is dangerous, as the code assumes minimal header size for IPv4 and lack of extension headers for IPv6.

sport VAL_MASK_16 dport VAL_MASK_16 Match layer four source or destination ports. This is dangerous as well, as it assumes a suitable layer four protocol is present (which has Source and Destination Port fields right at the start of the header and 16bit in size). Also minimal header size for IPv4 and lack of IPv6 extension headers is assumed.

nofrag firstfrag df mf IPv4 only, check certain flags and fragment offset values. Match if the packet is not a fragment (nofrag), the first fragment (firstfrag), if Don't Fragment (df) or More Fragments (mf) bits are set.

priority VAL_MASK_8 IPv6 only. Match the header's Traffic Class field, which has the same purpose and semantics of IPv4's ToS field since RFC 3168: upper six bits are DSCP, the lower two ECN.

flowlabel VAL_MASK_32 IPv6 only. Match the Flow Label field's value. Note that Flow Label itself is only 20bytes long, which are the least significant ones here. The remaining upper 12bytes match Version and Traffic Class fields.

tcp TCPUDP udp TCPUDP Match fields of next header of protocol TCP or UDP. The possible values for TCPDUP are:

src VAL_MASK_16 Match on Source Port field value.

dst VALMASK_16 Match on Destination Port field value.

icmp ICMP Match fields of next header of protocol ICMP. The possible values for ICMP are:

type VAL_MASK_8 Match on ICMP Type field.

code VAL_MASK_8 Match on ICMP Code field.

mark VAL_MASK_32 Match on netfilter fwmark value.

ether ETHER Match on ethernet header fields. Possible values for ETHER are:

src ether_address AT dst ether_address AT Match on source or destination ethernet address. This is dangerous: It assumes an ethernet header is present at the start of the packet. This will probably lead to unexpected things if used with layer three interfaces like e.g. tun or ppp.