diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-11 00:21:24 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-11 23:01:31 +0200 |
| commit | 16fcc85c283537ea00357e2ca4bbb561c03bc65b (patch) | |
| tree | 8ab5e756ee08dca26a10c3977679e5423e786d56 /src/parser_bison.y | |
| parent | 7fbbeb1f0db7718fbfedea4e50f69a54d1bfda70 (diff) | |
src: add dscp support
This supports both IPv4:
# nft --debug=netlink add rule filter forward ip dscp cs1 counter
ip filter forward
[ payload load 1b @ network header + 1 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ]
[ cmp neq reg 1 0x00000080 ]
[ counter pkts 0 bytes 0 ]
And also IPv6, note that in this case we take two bytes from the payload:
# nft --debug=netlink add rule ip6 filter input ip6 dscp cs4 counter
ip6 filter input
[ payload load 2b @ network header + 0 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000008 ]
[ counter pkts 0 bytes 0 ]
Given the DSCP is split in two bytes, the less significant nibble
of the first byte and the two most significant 2 bits of the second
byte.
The 8 bit traffic class in RFC2460 after the version field are used for
DSCP (6 bit) and ECN (2 bit). Support for ECN comes in a follow up
patch.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
| -rw-r--r-- | src/parser_bison.y | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 444ed4c2..490047b9 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -248,7 +248,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token IP "ip" %token HDRVERSION "version" %token HDRLENGTH "hdrlength" -%token TOS "tos" +%token DSCP "dscp" %token LENGTH "length" %token FRAG_OFF "frag-off" %token TTL "ttl" @@ -1102,6 +1102,7 @@ type_identifier_list : type_identifier type_identifier : STRING { $$ = $1; } | MARK { $$ = xstrdup("mark"); } + | DSCP { $$ = xstrdup("dscp"); } ; hook_spec : TYPE STRING HOOK STRING dev_spec PRIORITY prio_spec @@ -2403,7 +2404,7 @@ ip_hdr_expr : IP ip_hdr_field ip_hdr_field : HDRVERSION { $$ = IPHDR_VERSION; } | HDRLENGTH { $$ = IPHDR_HDRLENGTH; } - | TOS { $$ = IPHDR_TOS; } + | DSCP { $$ = IPHDR_DSCP; } | LENGTH { $$ = IPHDR_LENGTH; } | ID { $$ = IPHDR_ID; } | FRAG_OFF { $$ = IPHDR_FRAG_OFF; } @@ -2436,7 +2437,7 @@ ip6_hdr_expr : IP6 ip6_hdr_field ; ip6_hdr_field : HDRVERSION { $$ = IP6HDR_VERSION; } - | PRIORITY { $$ = IP6HDR_PRIORITY; } + | DSCP { $$ = IP6HDR_DSCP; } | FLOWLABEL { $$ = IP6HDR_FLOWLABEL; } | LENGTH { $$ = IP6HDR_LENGTH; } | NEXTHDR { $$ = IP6HDR_NEXTHDR; } |