diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-11 00:21:24 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-11 23:01:31 +0200 |
| commit | 16fcc85c283537ea00357e2ca4bbb561c03bc65b (patch) | |
| tree | 8ab5e756ee08dca26a10c3977679e5423e786d56 /tests/py/ip6/ip6.t | |
| parent | 7fbbeb1f0db7718fbfedea4e50f69a54d1bfda70 (diff) | |
src: add dscp support
This supports both IPv4:
# nft --debug=netlink add rule filter forward ip dscp cs1 counter
ip filter forward
[ payload load 1b @ network header + 1 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x000000fc ) ^ 0x00000000 ]
[ cmp neq reg 1 0x00000080 ]
[ counter pkts 0 bytes 0 ]
And also IPv6, note that in this case we take two bytes from the payload:
# nft --debug=netlink add rule ip6 filter input ip6 dscp cs4 counter
ip6 filter input
[ payload load 2b @ network header + 0 => reg 1 ]
[ bitwise reg 1 = (reg=1 & 0x0000c00f ) ^ 0x00000000 ]
[ cmp eq reg 1 0x00000008 ]
[ counter pkts 0 bytes 0 ]
Given the DSCP is split in two bytes, the less significant nibble
of the first byte and the two most significant 2 bits of the second
byte.
The 8 bit traffic class in RFC2460 after the version field are used for
DSCP (6 bit) and ECN (2 bit). Support for ECN comes in a follow up
patch.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip6/ip6.t')
| -rw-r--r-- | tests/py/ip6/ip6.t | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/py/ip6/ip6.t b/tests/py/ip6/ip6.t index 8226130c..2278618f 100644 --- a/tests/py/ip6/ip6.t +++ b/tests/py/ip6/ip6.t @@ -10,6 +10,12 @@ - ip6 version 6;ok +ip6 dscp cs1;ok +ip6 dscp != cs1;ok +ip6 dscp 0x38;ok;ip6 dscp cs7 +ip6 dscp != 0x20;ok;ip6 dscp != cs4 +ip6 dscp {cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, ef};ok + ip6 flowlabel 22;ok ip6 flowlabel != 233;ok - ip6 flowlabel 33-45;ok |