From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Rasmus Aveskogh" Subject: Problems with arbitrary TOS-field settings. Date: Thu, 19 Dec 2002 18:15:27 +0100 Sender: netfilter-admin@lists.netfilter.org Message-ID: <000801c2a782$3a8c8570$a10214ac@SE.INTRA> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0005_01C2A78A.9B295D60" Return-path: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: To: netfilter@lists.netfilter.org Cc: erland.almstrom@utfors.se This is a multi-part message in MIME format. ------=_NextPart_000_0005_01C2A78A.9B295D60 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi. I'm having some trouble setting the TOS-field in the IP header _to an = arbitrary value_ using iptables. To manage to do this I first patched iptables (1.2.5) and my kernel = (2.4.18-3) with=20 the patches for FTOS. I recompiled and reinstalled but ended up with: # iptables -t mangle -A OUTPUT -j FTOS --set-ftos 128 iptables: No chain/target/match by that name "Ok? Well I might as well upgrade to latest iptables and latest = kernel-patches" Though and done, iptables 1.2.7a installed and all the = "patch-o-matic"-patches installed. According to the documentation the TOS/FTOS-features was now = obsolete in favor of the DSCP option. So I tried again: # iptables -t mangle -A OUTPUT -j DSCP --set-dscp 128 iptables: No chain/target/match by that name Well, it says somewhere that only values up to 0x4f was supported by DSCP, but a lower values doesn't affect the error. FTOS still seems to be part of the cose though, but same error occurs. What can I do to fix this? And even if DSCP works, how can I set the 8 = IP-header TOS-bits to a value between 0x00 and 0xff? Thanks in advance Rasmus Aveskogh - Utfors AB ------=_NextPart_000_0005_01C2A78A.9B295D60 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
 
Hi.
 
I'm having some trouble setting the = TOS-field in=20 the IP header _to an arbitrary value_
using iptables.
To manage to do this I first patched = iptables=20 (1.2.5) and my kernel (2.4.18-3) with
the patches for FTOS. I recompiled and = reinstalled=20 but ended up with:
 
# iptables -t mangle -A OUTPUT -j FTOS = --set-ftos=20 128
iptables: No chain/target/match by that = name
 
"Ok? Well I might as well upgrade to = latest=20 iptables and latest kernel-patches"
 
Though and done, iptables 1.2.7a = installed and all=20 the "patch-o-matic"-patches
installed. According to the = documentation the=20 TOS/FTOS-features was now obsolete
in favor of the DSCP option. So I tried = again:
 
# iptables -t mangle -A OUTPUT = -j DSCP=20 --set-dscp 128
iptables: No chain/target/match by that = name
 
Well, it says somewhere that only values up to 0x4f was = supported
by DSCP, but a lower values doesn't affect the error.
 
FTOS still seems to be part of the cose though, but same error=20 occurs.
 
What can I do to fix this? And even if DSCP works, how can I set = the 8=20 IP-header
TOS-bits to a value between 0x00 and 0xff?
 
Thanks in advance
Rasmus Aveskogh - Utfors AB
------=_NextPart_000_0005_01C2A78A.9B295D60--