man: tc-u32: Fix page to match new firstfrag behavior

Commit 690b11f4a6 ("tc: u32: Fix firstfrag filter.") applied in 2012
changed the "ip firstfrag" selector to not match non-fragmented packets
anymore.

However, the documentation added in f15a23966f ("tc: add a man page
for u32 filter") in 2015 includes an example that relies on the previous
behavior (non-fragmented packet counted as first fragment).

Due to this, the example does not work correctly and does not actually
classify regular SSH packets.

Modify the example to use a raw u16 selector on the fragment offset to
make it work, and also make the firstfrag description more clear about
the current behavior.

Fixes: f15a23966f ("tc: add a man page for u32 filter")
Signed-off-by: Anssi Hannula <anssi.hannula@bitwise.fi>
Cc: Phil Sutter <phil@nwl.cc>
Cc: Hiroaki SHIMODA <shimoda.hiroaki@gmail.com>
Acked-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
This commit is contained in:
Anssi Hannula 2021-11-04 16:42:05 +02:00 committed by Stephen Hemminger
parent af96c7b5dd
commit a787d9ae10
1 changed files with 2 additions and 2 deletions

View File

@ -427,7 +427,7 @@ Also minimal header size for IPv4 and lack of IPv6 extension headers is assumed.
IPv4 only, check certain flags and fragment offset values. Match if the packet
is not a fragment
.RB ( nofrag ),
the first fragment
the first fragment of a fragmented packet
.RB ( firstfrag ),
if Don't Fragment
.RB ( df )
@ -644,7 +644,7 @@ tc filter add dev eth0 parent 1:0 protocol ip \\
tc filter add dev eth0 parent 1:0 protocol ip \\
u32 ht 800: \\
match ip protocol 6 FF \\
match ip firstfrag \\
match u16 0 1fff at 6 \\
offset at 0 mask 0f00 shift 6 \\
link 1:
.EE