[Firehol-support] FireQOS srcmac and dstmac matching and IPv6
Phineas Gage
phineas919 at gmail.com
Fri Nov 14 13:10:29 GMT 2014
When you specify srcmac and dstmac to FireQOS, IPv6 packets are not matched. It has to do with the $smac_arg and $dmac_arg arguments, which specify the ethertype value of 0x0800 with "match u16 0x0800 0xFFFF at -2”. If you remove this part of the match altogether and just check the MAC address, it works, but I don’t know the consequences of that. Maybe it should match the protocol of its parent class? In that case, the ethertype of IPv6 is 0x86DD. Really not sure what’s the right behavior, whether it should check the ethertype value or not.
Also not sure if the MAC address offsets would work for a VLAN with an 802.1Q tag, but that’s not my case. However, it might actually work fine because the 802.1Q tag might be stripped out at the hardware layer by VLAN acceleration anyway (the same reason why tcpdump -xx doesn’t show the 802.1Q value <https://bugzilla.redhat.com/show_bug.cgi?id=498981#c4>). Just a thought.
One last thing is that I was confused for a little while, then finally realized that “interface” does not mean “interface46” but “interface4”, so that caused some surprises. :) Is it possible that “interface” could default to “interface46”, or would that have some unintended consequences?
Matching is looking better now, but I still have some testing to do. I probably didn’t notice these IPv6 things before because my IPv6 setup wasn’t very good, so my browser was probably not using it much, and in that case srcmac and dstmac was working fine. Working with ping and ping6 explicitly helped to figure things out.
More information about the Firehol-support
mailing list