From: Anssi Hannula Date: Thu, 4 Nov 2021 14:42:05 +0000 (+0200) Subject: man: tc-u32: Fix page to match new firstfrag behavior X-Git-Tag: v5.16.0~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a787d9ae10e54952213cf889260d994cd84f70ef;p=thirdparty%2Fiproute2.git man: tc-u32: Fix page to match new firstfrag behavior Commit 690b11f4a6b8 ("tc: u32: Fix firstfrag filter.") applied in 2012 changed the "ip firstfrag" selector to not match non-fragmented packets anymore. However, the documentation added in f15a23966fff ("tc: add a man page for u32 filter") in 2015 includes an example that relies on the previous behavior (non-fragmented packet counted as first fragment). Due to this, the example does not work correctly and does not actually classify regular SSH packets. Modify the example to use a raw u16 selector on the fragment offset to make it work, and also make the firstfrag description more clear about the current behavior. Fixes: f15a23966fff ("tc: add a man page for u32 filter") Signed-off-by: Anssi Hannula Cc: Phil Sutter Cc: Hiroaki SHIMODA Acked-by: Phil Sutter Signed-off-by: Stephen Hemminger --- diff --git a/man/man8/tc-u32.8 b/man/man8/tc-u32.8 index e5690681a..dfbf73eb3 100644 --- a/man/man8/tc-u32.8 +++ b/man/man8/tc-u32.8 @@ -427,7 +427,7 @@ Also minimal header size for IPv4 and lack of IPv6 extension headers is assumed. IPv4 only, check certain flags and fragment offset values. Match if the packet is not a fragment .RB ( nofrag ), -the first fragment +the first fragment of a fragmented packet .RB ( firstfrag ), if Don't Fragment .RB ( df ) @@ -644,7 +644,7 @@ tc filter add dev eth0 parent 1:0 protocol ip \\ tc filter add dev eth0 parent 1:0 protocol ip \\ u32 ht 800: \\ match ip protocol 6 FF \\ - match ip firstfrag \\ + match u16 0 1fff at 6 \\ offset at 0 mask 0f00 shift 6 \\ link 1: .EE