* [LARTC] Re: iptables and DSCP
@ 2001-02-02 16:55 Pavarani
2001-02-02 18:08 ` Arthur
2001-02-02 19:26 ` Matthew
0 siblings, 2 replies; 3+ messages in thread
From: Pavarani @ 2001-02-02 16:55 UTC (permalink / raw)
To: lartc
<PRE>Talking about DSCP field...
iptables is said to provide all the features of ipchains and something more and
better organized, but with ipchains I was able to set all the DSCP values
in the TOS field, with iptables it seems this is no more possible, only few
values are permitted.
For example:
><i> iptables -t mangle -A PREROUTING -s 10.0.0.2 -j TOS --set-tos 0xb8
</I>
gives me:
iptables v1.1.2:Bad TOS value '0xb8'
Am I doing something wrong?
Thank you
Regards,
Giovanna Pavarani
><i>
</I>><i> On Tue, Jan 23, 2001 at 01:59:00PM +0100, Tom Aernoudt wrote:
</I>><i> >
</I>><i> > Isn't it possible with iptables to filter on DSCP field?
</I>><i>
</I>><i> Why don't you ask this question on the iptables/netfilter mailinglist?
</I>><i>
</I>><i> Anyway, answer is: No.
</I>><i>
</I>><i> Not because the framework isn't capable of that. Just because nobody
</I>><i> implememnted a match yet.
</I>><i>
</I>><i> > Thanks,
</I>><i> > Tom Aernoudt
</I>><i>
</I>
</PRE>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [LARTC] Re: iptables and DSCP
2001-02-02 16:55 [LARTC] Re: iptables and DSCP Pavarani
@ 2001-02-02 18:08 ` Arthur
2001-02-02 19:26 ` Matthew
1 sibling, 0 replies; 3+ messages in thread
From: Arthur @ 2001-02-02 18:08 UTC (permalink / raw)
To: lartc
<PRE>On Fri, 2 Feb 2001, Pavarani Giovanna wrote:
><i> Talking about DSCP field...
</I>><i>
</I>><i> iptables is said to provide all the features of ipchains and something more and
</I>><i> better organized, but with ipchains I was able to set all the DSCP values
</I>><i> in the TOS field, with iptables it seems this is no more possible, only few
</I>><i> values are permitted.
</I>><i>
</I>><i> For example:
</I>><i>
</I>><i> > iptables -t mangle -A PREROUTING -s 10.0.0.2 -j TOS --set-tos 0xb8
</I>><i>
</I>><i> gives me:
</I>><i>
</I>><i> iptables v1.1.2:Bad TOS value '0xb8'
</I>><i>
</I>><i> Am I doing something wrong?
</I>
Yes. You need to specify two values, one and-mask and one or-mask, IIRC.
The new value will be the old value anded with your and-mask and then or-ed
with your or-mask.
Doei, Arthur.
--
/\ / | <A HREF="mailto:arthurvl@sci.kun.nl">arthurvl@sci.kun.nl</A> | Work like you don't need the money
/__\ / | A friend is someone with whom | Love like you have never been hurt
/ \/__ | you can dare to be yourself | Dance like there's nobody watching
</PRE>
^ permalink raw reply [flat|nested] 3+ messages in thread
* [LARTC] Re: iptables and DSCP
2001-02-02 16:55 [LARTC] Re: iptables and DSCP Pavarani
2001-02-02 18:08 ` Arthur
@ 2001-02-02 19:26 ` Matthew
1 sibling, 0 replies; 3+ messages in thread
From: Matthew @ 2001-02-02 19:26 UTC (permalink / raw)
To: lartc
<PRE>On Fri, 2 Feb 2001, Pavarani Giovanna wrote:
><i> Talking about DSCP field...
</I>><i>
</I>><i> iptables is said to provide all the features of ipchains and something more and
</I>><i> better organized, but with ipchains I was able to set all the DSCP values
</I>><i> in the TOS field, with iptables it seems this is no more possible, only few
</I>><i> values are permitted.
</I>><i>
</I>><i> For example:
</I>><i>
</I>><i> > iptables -t mangle -A PREROUTING -s 10.0.0.2 -j TOS --set-tos 0xb8
</I>><i>
</I>><i> gives me:
</I>><i>
</I>><i> iptables v1.1.2:Bad TOS value '0xb8'
</I>><i>
</I>><i> Am I doing something wrong?
</I>
Nope. Look into linux/ip.h as all the "legal" values are defined there and
maintained there. I hacked on TOS to make the FTOS module available
through the patch-o-matic. FTOS will allow you to set any value between
0-255 into the DSCP field. But it will not check if a value already
exists. The syntax is:
iptables -t mangle -A PREROUTING -s 10.0.0.2 -j FTOS --set-ftos 0xab
If all you are looking to do is set the field to any value that will work
- also works in the POSTROUTING chain for outgoing. Enjoy.
><i> Thank you
</I>><i> Regards,
</I>><i> Giovanna Pavarani
</I>><i>
</I>><i>
</I>><i> >
</I>><i> > On Tue, Jan 23, 2001 at 01:59:00PM +0100, Tom Aernoudt wrote:
</I>><i> > >
</I>><i> > > Isn't it possible with iptables to filter on DSCP field?
</I>><i> >
</I>><i> > Why don't you ask this question on the iptables/netfilter mailinglist?
</I>><i> >
</I>><i> > Anyway, answer is: No.
</I>><i> >
</I>><i> > Not because the framework isn't capable of that. Just because nobody
</I>><i> > implememnted a match yet.
</I>><i> >
</I>><i> > > Thanks,
</I>><i> > > Tom Aernoudt
</I>><i> >
</I>><i>
</I>
--------------------------------------------------
Matthew G. Marsh, President
Paktronix Systems LLC
1506 North 59th Street
Omaha NE 68104
Phone: (402) 932-7250
Email: <A HREF="mailto:mgm@paktronix.com">mgm@paktronix.com</A>
WWW: <A HREF="http://www.paktronix.com">http://www.paktronix.com</A>
--------------------------------------------------
</PRE>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2001-02-02 19:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2001-02-02 16:55 [LARTC] Re: iptables and DSCP Pavarani
2001-02-02 18:08 ` Arthur
2001-02-02 19:26 ` Matthew
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.