lartc.org : Linux Advanced Routing & Traffic Control
(Answer) (Category) lartc.org FAQ :
using mac address in u32 filter
The u32 can be used to match any bit in the ip header. Before the ip header, there is a frame header. In that frame header you can find the src and dst mac address. You can trick the u32 filter in using the frame header if you use negative offsets.

Decimal Offset Description
-14: DST MAC, 6 bytes
-8: SRC MAC, 6 bytes
-2: Eth PROTO, 2 bytes, eg. ETH_P_IP
0: Protocol header (IP Header)

From an email on the LARTC list : 

Egress (match Dst MAC):
... match u16 0xPPPP 0xFFFF at -2 match u32 0xM2M3M4M5 0xFFFFFFFF at -12 match u16 0xM0M1 0xFFFF at -14

Ingress (match Src MAC):
... match u16 0xPPPP 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF at -8

Where PPPP is the Eth Proto Code (from linux/include/linux/if_ether.h):

0800    ETH_P_IP

and M0..M5 are the 6 bytes of the MAC address

Example for matching ETH_P_IP for MAC 00:11:22:33:44:55

Egress:
... match u16 0x0800 0xFFFF at -2 match u32 0x22334455 0xFFFFFFFF at -12 match u16 0x0011 0xFFFF at -14

Ingress:
... match u16 0x0800 0xFFFF at -2 match u16 0x4455 0xFFFF at -4 match u32 0x00112233 0xFFFFFFFF at -8




stef.coene@docum.org
[Append to This Answer]
Previous: (Answer) Other stuff
Next: (Answer) Matching arp packets
This document is: http://qos.dyndns.org:3389/cgi-bin/fom?file=62
[Search] [Appearance]
This is a Faq-O-Matic 2.719.