tc-ematch(8) extended matches for use with "basic", "cgroup" or "flow" filters

https://news.ycombinator.com/rss Hits: 5
Summary

tc-ematch(8) — Linux manual page ematch(8) Linux ematch(8) NAME top ematch - extended matches for use with "basic", "cgroup" or "flow" filters SYNOPSIS top tc filter add .. basic match EXPR .. flowid .. EXPR := TERM [ { and | or } EXPR ] TERM := [ not ] { MATCH | '(' EXPR ')' } MATCH := module '(' ARGS ')' ARGS := ARG1 ARG2 .. MATCHES top cmp Simple comparison ematch: arithmetic compare of packet data to a given value. cmp( ALIGN at OFFSET [ ATTRS ] { eq | lt | gt } VALUE ) ALIGN := { u8 | u16 | u32 } ATTRS := [ layer LAYER ] [ mask MASK ] [ trans ] LAYER := { link | network | transport | 0..2 } meta Metadata ematch meta( OBJECT { eq | lt |gt } OBJECT ) OBJECT := { META_ID | VALUE } META_ID := id [ shift SHIFT ] [ mask MASK ] meta attributes: random 32 bit random value loadavg_1 Load average in last 5 minutes nf_mark Netfilter mark vlan Vlan tag sk_rcvbuf Receive buffer size sk_snd_queue Send queue length A full list of meta attributes can be obtained via # tc filter add dev eth1 basic match 'meta(list)' nbyte match packet data byte sequence nbyte( NEEDLE at OFFSET [ layer LAYER ] ) NEEDLE := { string | c-escape-sequence } OFFSET := int LAYER := { link | network | transport | 0..2 } u32 u32 ematch u32( ALIGN VALUE MASK at [ nexthdr+ ] OFFSET ) ALIGN := { u8 | u16 | u32 } ipset test packet against ipset membership ipset( SETNAME FLAGS ) SETNAME := string FLAGS := { FLAG [, FLAGS] } The flag options are the same as those used by the iptables "set" match. When using the ipset ematch with the "ip_set_hash:net,iface" set type, the interface can be queried using "src,dst (source ip address, outgoing interface) or "src,src" (source ip address, incoming interface) syntax. ipt test packet against xtables matches ipt( [-6] -m MATCH_NAME FLAGS ) MATCH_NAME := string FLAGS := { FLAG [, FLAGS] } The flag options are the same as those used by the xtable match used. canid ematch rule to match CAN frames canid( IDLIST ) IDLIST := IDSPEC[IDLIST] IDSPEC := { ’sff’ CANID | ’eff’ CANID...

First seen: 2025-12-28 17:58

Last seen: 2025-12-28 21:58

Read Full Article More from this Source
Related News
The Concise TypeScript Book
2026-01-11 · 1 hits
'Bandersnatch': The Works That Inspired the 'Black Mirror' Interactive Feature (2019)
2026-01-11 · 1 hits
I build products to get "unplugged" from the internet
2026-01-11 · 1 hits
CPU Counters on Apple Silicon: article + tool
2026-01-11 · 4 hits
Datadog, Thank You for Blocking Us
2026-01-11 · 5 hits