Re: Tc Filter - Port Ranges Calculate Mask Value
- From: buck <buck@xxxxxxxxxxx>
- Date: Mon, 22 Oct 2007 13:42:01 -0700
On Mon, 22 Oct 2007 12:13:00 -0000, anshul makkar
<anshulmakkar@xxxxxxxxx> wrote:
i,
I need to support port ranges in tc filter rules.
I know how to formulate the rule but , I am not able to understand how
to calculate the mask value to segregate the port values that lie
within a perticular range .
I got the following sample
"tc filter add dev eth1 parent 1:1 protocol ip prio 10 u32 match ip
sport 0x1ae0 0x1ff0 flowid 1:10 This rule will match all ports from
6880 to 6895. "
This rule correctly matches port range from 6880 to 6895. But I am
unable to figure out , how the mask value 0x1ff0 has been calculated.
I am picking up port ranges from GUI. So the range can be any and I
need to calculte mask value so as to find out which ports lie within
the entered range.
Suppose user has entered the port range as 10 -20. Then what should be
the mask value corresponding to this range.
Please if you have any link, clue or reference material , do share it.
Thanking You
Anshul Makkar
I'm no expert, but I shall try here to give you a cookbook approach.
The first thing you must understand is that the values are powers of
2. Therefore I don't think that your example ports 10 through 20
above can be done with a single value/mask.
The beginning value of the port range is determined by the power of 2
value and the ending value is one less than the next power of 2 value.
Ignoring 1:
Port Range
2 - 3
4 - 7
8 - 15
16 - 31
32 - 63
64 - 127
128 - 255
Note that the hex value of each of the ending values ends with F.
Find the port in the above list and then convert the ENDING value to
hex. In the Bit Torrent example you cited, the ending value is 8191d
or 1FFF hex, That is the maximum mask value.
If you mask 1AE0h with 1FFFh, then only 1AE0h will match. To match
more ports, reduce the mask by the number of ports. Again in that Bit
Torrent example, the match covers 15 ports so the mask is reduced by
15d to 8176d or 1FF0h.
Hugely oversimplified, where the mask bit is a binary one, the
corresponding bit in the match value must also be a one in order for
the match to return TRUE. A zero in the mask value might be said to
"not matter" or "match regardless".
A rule that tries to match ports 10 through 20 must stop at 15 because
you pass the power of 2 boundary. 10d = 0Ah and the maximum mask is
15d = 0Fh. Reducing the mask by 6 (ports 10 through 15 amounts to 6
ports) leaves a mask value of 09.
I leave it to you to decide if
u32 match ip sport 0x0A 0x09
actually matches the port range from 10 through 15 or if you can
figure out a way to exlcude ports less than 10 by using a maximum mask
value of 1Fh.
--
buck
.
- Follow-Ups:
- Re: Tc Filter - Port Ranges Calculate Mask Value
- From: anshul makkar
- Re: Tc Filter - Port Ranges Calculate Mask Value
- References:
- Tc Filter - Port Ranges Calculate Mask Value
- From: anshul makkar
- Tc Filter - Port Ranges Calculate Mask Value
- Prev by Date: how does iptables rules link into the kernel?
- Next by Date: Re: Issues connecting
- Previous by thread: Tc Filter - Port Ranges Calculate Mask Value
- Next by thread: Re: Tc Filter - Port Ranges Calculate Mask Value
- Index(es):
Relevant Pages
|
