| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAE_-sdmwbA-Otz1a__tQrTB7jT53b7j0PB2q7xPV6MYLrY5YGg@mail.gmail.com> Date: Thu, 20 Aug 2020 00:30:49 +0300 From: Denis Gubin <denis.gubin@...il.com> To: netdev@...r.kernel.org Subject: tc filter by source port and destination port strange offset Dear colleagues, There are filters. Let's have a look on it. Pretty mode showing: tc -p filter show dev ens5 parent ffff: filter protocol ip pref 49146 u32 chain 0 filter protocol ip pref 49146 u32 chain 0 fh 806: ht divisor 1 filter protocol ip pref 49146 u32 chain 0 fh 806::800 order 2048 key ht 806 bkt 0 terminal flowid ??? not_in_hw match IP protocol 16 match dport 8080 Normal mode showing: tc filter show dev ens5 parent ffff: filter protocol ip pref 49146 u32 chain 0 filter protocol ip pref 49146 u32 chain 0 fh 806: ht divisor 1 filter protocol ip pref 49146 u32 chain 0 fh 806::800 order 2048 key ht 806 bkt 0 terminal flowid ??? not_in_hw match 00100000/00ff0000 at 8 match 00001f90/0000ffff at 20 The string "match 00100000/00ff0000 at 8" looks like is correct since offset up 8 byte from IP Header point is "ip protocol field" But string "match 00001f90/0000ffff at 20" looks like strange, doens't it? Since 20 bytes offset up is IP Header "options field ip". Could somebody explain it to me? -- Best regards, Denis Gubin
Powered by blists - more mailing lists