I have a very specific questions about Linux Traffic control and u32 filters in particular. However, I don’t know where the right place is to ask such a question as it’s fairly niche.
The Linux Advanced Routing & Traffic Control site says it has a mailing list for questions, but the last post was from 2019. There is also the incredibly busy ‘linux-netdev’ mailing list, but, the traffic there looks like strictly source changes.
Any ideas?
The question I’m trying to find an answer to is: The u32 tc filter seems to support negative byte offsets which allows you to examine the Ethernet frame header (I don’t think I even found documentation on this, this is thanks to ChatGPT). However, when using u32 values to examine 8 bytes I can only use offsets in increments of 4 - like “at -8” or “at -12”, with any other increment giving me the error Illegal "match"
.
This seems like only a curiosity, but, I’ve been struggling to get my bit-matching to match the way I expect, and I’m wondering if this suggests that matching doesn’t function the way I think.
I don’t think posting to the linux-netdev mailing list is a terrible idea. For example, here’s someone who did post a question: https://marc.info/?l=linux-netdev&m=170628444014400&w=2
But well, you might also be running into a bug or something that could potentially be exploited, or maybe just into a lack of documentation (which is also a bug). Either way, some devs might be interested in knowing about this.
This is probably not what you’re looking for but it mentions u32 and the header. You know more than me. I was just trying to grasp what it is you are doing in the first place. I typically go to RHEL documentation when I need kernel/networking info. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/configuring_and_managing_networking/linux-traffic-control_configuring-and-managing-networking