Hello, I think I've found a bug in iproute2, the u32 port match filter (and possibly others) are not workign correct. I posted this issue to LARTC, but the only feedback (just one persno) that I have received is that my method of calculation is correct. In order to match a portrange of 27015 - 27020, you will need to calculate the mask field which you supply in the tc command Example: 0xffff is the maskfield. Only port 27015 is matched. tc filter ... u32 match ip dport 27015 0xffff ... Calculation of the mask should be easy, simply XOR the binary representations of the starting port with the negated ending port. This is how I calculate and how tc should want me to operate: 27020 in 16 bit = 0110100110001100 NOT 27020 in 16 bit = 1001011001110011 27015 in 16 bit = 0110100110000111 27015 XOR (NOT 27020) = 1111111111110100 -> 0xFFF4 However this does not work. So either there's a problem in the iproute implementation or there is a problem in my method of calculating the mask. Can anybody confirm either of this? Reproducible: Always Steps to Reproduce:
what version of iproute2 ? `emerge info` ? does iproute2-2.6.10.20050124 work ?
Version of iproute2 that this bug applies to: sys-apps/iproute2-2.6.10.20050112-r1 emerge info output: Portage 2.0.51-r15 (default-linux/x86/2004.2, gcc-3.3.5, glibc-2.3.4.20040808-r1, 2.4.28-kaladix-r2 i686) ================================================================= System uname: 2.4.28-kaladix-r2 i686 AMD Athlon(tm) XP 2200+ Gentoo Base System version 1.4.16 Python: dev-lang/python-2.2.3-r1,dev-lang/python-2.3.4 [2.3.4 (#1, Oct 20 2004, 18:23:05)] ccache version 2.3 [enabled] dev-lang/python: 2.2.3-r1, 2.3.4 sys-devel/autoconf: 2.59-r6, 2.13 sys-devel/automake: 1.8.5-r2, 1.5, 1.4_p6, 1.6.3, 1.7.9, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r1 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.4.19-r1, 2.4.21-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -march=i686 -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=i686 -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox sfperms userpriv usersandbox" GENTOO_MIRRORS="ftp://pandemonium.tiscali.de/pub/gentoo/ ftp://mirror.switch.ch/mirror/gentoo/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://ftp.easynet.nl/mirror/gentoo/ ftp://gd.tuwien.ac.at/opsys/linux/gentoo/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 3dnow 3dnowex acl apache2 apm berkdb cdr clamav crypt font-server fortran gd gdbm hardened hardenedphp imagemagick ipv6 javascript libwww mmx mmx2 mysql mysqli ncurses nls oav pam perl png python readline samba slang sse sse2 ssl tcpd tcpmd5 truetype truetype-fonts type1-fonts zlib" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, PORTDIR_OVERLAY As you can see, I'm running a custom-made kernel which could be the problem. Perhaps I might have a possibility to test gentoo-sources sometime next week. Installing iproute2 2.6.10.20050124 didn't work, too. Even worse, dsmark for tc is broken in this release.
on the flip side, does the 2.6.7.xxxx ebuild fail too ? could you post the series of commands exactly as you're running them ?
2.6.7.xxxx fails, too Here's everything relevant to the tc issue: /sbin/ip link set imq1 up /usr/sbin/iptables -I PREROUTING -t mangle -j IMQ --todev imq1 /sbin/tc qdisc del root dev imq1 /sbin/tc qdisc add dev imq1 handle 2:0 root htb default 6 /sbin/tc class add dev imq1 parent 2:0 classid 2:1 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit /sbin/tc class add dev imq1 parent 2:1 classid 2:2 htb rate 2mbit ceil 2mbit prio 0 /sbin/tc qdisc add dev imq1 parent 2:2 esfq hash src /sbin/tc class add dev imq1 parent 2:1 classid 2:3 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 1 /sbin/tc class add dev imq1 parent 2:3 classid 2:4 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 0 /sbin/tc qdisc add dev imq1 parent 2:4 esfq hash src /sbin/tc class add dev imq1 parent 2:3 classid 2:5 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 1 /sbin/tc qdisc add dev imq1 parent 2:5 esfq hash src /sbin/tc class add dev imq1 parent 2:3 classid 2:6 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 2 /sbin/tc qdisc add dev imq1 parent 2:6 esfq hash src /sbin/tc class add dev imq1 parent 2:3 classid 2:7 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 3 /sbin/tc qdisc add dev imq1 parent 2:7 esfq hash src /sbin/tc class add dev imq1 parent 2:3 classid 2:8 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 4 /sbin/tc qdisc add dev imq1 parent 2:8 esfq hash src /sbin/tc qdisc del root dev ppp1 /sbin/tc qdisc add dev ppp1 handle 2:0 root htb default 6 /sbin/tc class add dev ppp1 parent 2:0 classid 2:1 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit /sbin/tc class add dev ppp1 parent 2:1 classid 2:2 htb rate 2mbit ceil 2mbit prio 0 /sbin/tc qdisc add dev ppp1 parent 2:2 esfq hash src /sbin/tc class add dev ppp1 parent 2:1 classid 2:3 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 1 /sbin/tc class add dev ppp1 parent 2:3 classid 2:4 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 0 /sbin/tc qdisc add dev ppp1 parent 2:4 esfq hash src /sbin/tc class add dev ppp1 parent 2:3 classid 2:5 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 1 /sbin/tc qdisc add dev ppp1 parent 2:5 esfq hash src /sbin/tc class add dev ppp1 parent 2:3 classid 2:6 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 2 /sbin/tc qdisc add dev ppp1 parent 2:6 esfq hash src /sbin/tc class add dev ppp1 parent 2:3 classid 2:7 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 3 /sbin/tc qdisc add dev ppp1 parent 2:7 esfq hash src /sbin/tc class add dev ppp1 parent 2:3 classid 2:8 htb rate 1.80000000000000000000mbit ceil 1.80000000000000000000mbit prio 4 /sbin/tc qdisc add dev ppp1 parent 2:8 esfq hash src /sbin/tc filter add prio 0 dev ppp1 parent 2:0 protocol ip u32 match ip protocol 0x6 0xff match ip src xxx.xxx.xxx.xxx match ip sport 22 0xffff flowid 2:2 /sbin/tc filter add prio 0 dev imq1 parent 2:0 protocol ip u32 match ip protocol 0x6 0xff match ip dst xxx.xxx.xxx.xxx match ip dport 22 0xffff flowid 2:2 /sbin/tc filter add prio 0 dev ppp1 parent 2:0 protocol ip u32 match ip protocol 0x6 0xff match ip src xxx.xxx.xxx.xxx match ip sport 443 0xffff flowid 2:2 /sbin/tc filter add prio 0 dev imq1 parent 2:0 protocol ip u32 match ip protocol 0x6 0xff match ip dst xxx.xxx.xxx.xxx match ip dport 443 0xffff flowid 2:2 /sbin/tc filter add prio 0 dev imq1 parent 2:0 protocol ip u32 match ip protocol 0x1 0xff police rate 32kbit buffer 64k drop flowid 2:2 /sbin/tc filter add prio 0 dev ppp1 parent 2:0 protocol ip u32 match ip protocol 0x1 0xff police rate 32kbit buffer 64k drop flowid 2:2 tc filter add prio 1 dev ppp1 parent 2:0 protocol ip u32 match ip dst 0.0.0.0/0 match ip protocol 17 0xff match ip dport 0x6987 0xFFF4 flowid 2:4 tc filter add prio 1 dev imq1 parent 2:0 protocol ip u32 match ip src 0.0.0.0/0 match ip protocol 17 0xff match ip sport 0x6987 0xFFF4 flowid 2:4
Tested gentoo-sources-2.4.28-r5, matching didn't work there as well. So it's not a bug with my specific kernel but a general problem.
iproute2-2.6.11.20050310 help with either the u32 match or dsmark ?
dsmark has been fixed with Bug 86729 / iproute2-2.6.11.20050310-r1
Tried again on 2005/05/09. Latest status, still doesn't work with iproute2-2.6.11.20050310-r1 :-/
please test with new kernel and new iproute2, and reopen if still a problem.
