Flowspec: Max tcp mask length is 12 bits

2 files changed, 7 insertions, 6 deletions

diff --git a/doc/bird.conf.example2 b/doc/bird.conf.example2
index a4081f14..51fcfb64 100644
--- a/doc/bird.conf.example2
+++ b/doc/bird.conf.example2
@@ -105,27 +105,27 @@ protocol static flowstat4 {
 		proto = 0x12;
 		sport > 0x5678 && < 0x9abc || 0xdef0 || 0x1234,0x5678,0x9abc..0xdef0;
 		dport = 50;
-		tcp flags 0xabcd/0xbbdd;
+		tcp flags 0x000/0xf00;
 	};
 
 	route flow4 {
 		dst 12.0.0.0/32;
-		tcp flags ! 0 / 0x9999;
+		tcp flags ! 0/0x999;
 	};
 
 	route flow4 {
 		dst 220.0.254.0/24;
-		tcp flags 0x99 / 0x9999;
+		tcp flags 0x99/0x999;
 	};
 
 	route flow4 {
 		dst 220.0.254.192/28;
-		tcp flags !0xffff / 0xFFFF;
+		tcp flags ! 0xfff/0xfff;
 	};
 
 	route flow4 {
 		dst 15.0.0.0/8;
-		tcp flags !0x9999/0x9999;
+		tcp flags ! 0x999/0x999;
 	};
 }
 
diff --git a/doc/bird.sgml b/doc/bird.sgml
index 0e072dd2..4bbcb871 100644
--- a/doc/bird.sgml
+++ b/doc/bird.sgml
@@ -768,7 +768,8 @@ logical operators <cf/&&/ or <cf/||/. Allowed relational operators are <cf/=/,
 
 	<tag><label id="flow-tcp-flags">tcp flags <m/bitmask-match/</tag>
 	Set a matching bitmask for TCP header flags (aka control bits) (e.g.
-	<cf>tcp flags 0x03/0x0f;</cf>).
+	<cf>tcp flags 0x03/0x0f;</cf>). The maximum length of mask is 12 bits
+	(0xfff).
 
 	<tag><label id="flow-length">length <m/numbers-match/</tag>
 	Set a matching packet length (e.g. <cf>length > 1500;</cf>)