Linux Solutions

Welcome to the tutorial guide. The guide will provide a user with guidance and instructions on general selectors.

Please note that the general selectors define the pattern, mask and offset the pattern will be matched to the packet contents. By using the general selectors a user can match virtually any single bit in the IP (or upper layer) header. The general selector syntax is:
match [ u32 | u16 | u8 ] PATTERN MASK [ at OFFSET | nexthdr+OFFSET]
One of the keywords u32, u16 or u8 specifies length of the pattern in bits. PATTERN and MASK should follow, of length defined by the previous keyword. The OFFSET parameter is the offset, in bytes, to start matching. If nexthdr+ keyword is given, the offset is relative to start of the upper layer header.
Here are some examples presented below:
Packet will match to this rule, if its time to live (TTL) is 64. TTL is the field starting just after 8-th byte of the IP header.
# tc filter add dev ppp14 parent 1:0 prio 10 u32 \
match u8 64 0xff at 8 \
flowid 1:4
The following matches all TCP packets which have the ACK bit set:
# tc filter add dev ppp14 parent 1:0 prio 10 u32 \
match ip protocol 6 0xff \
match u8 0×10 0xff at nexthdr+13 \
flowid 1:3
Use this to match ACKs on packets smaller than 64 bytes:
## match acks the hard way,
## IP protocol 6,
## IP header length 0×5(32 bit words),
## IP Total length 0×34 (ACK + 12 bytes of TCP options)
## TCP ack set (bit 5, offset 33)
# tc filter add dev ppp14 parent 1:0 protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0×05 0×0f at 0 \
match u16 0×0000 0xffc0 at 2 \
match u8 0×10 0xff at 33 \
flowid 1:3
This rule will only match TCP packets with ACK bit set, and no further payload. The example shows an example of two selectors. The diagram shows that the ACK bit is second older bit (0×10) in the 14-th byte of the TCP header (at nexthdr+13). For the second selector, a user could write match u8 0×06 0xff at 9 instead of using the specific selector protocol tcp, because 6 is the number of TCP protocol, present in 10-th byte of the IP header. A user couldn’t use any specific selector for the first match. This is because there is no specific selector to match TCP ACK bits.
A filter is provided below which is a modified version of the filter above. The difference is, that it doesn’t check the ip header length. This is because the filter above does only work on 32 bit systems.
tc filter add dev ppp14 parent 1:0 protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0×10 0xff at nexthdr+13 \
match u16 0×0000 0xffc0 at 2 \
flowid 1:3

If you followed advise and guidance as provided in this tutorial guide then you would have learnt about the general selectors.