From: Matthew G. Marsh mgm@paktronix.com
To: lartc@vger.kernel.org
Subject: [LARTC] Re: iptables and DSCP
Date: Fri, 02 Feb 2001 19:26:58 +0000 [thread overview]
Message-ID: <marc-lartc-98373940416959@msgid-missing> (raw)
In-Reply-To: <marc-lartc-98373940416953@msgid-missing>
<PRE>On Fri, 2 Feb 2001, Pavarani Giovanna wrote:
><i> Talking about DSCP field...
</I>><i>
</I>><i> iptables is said to provide all the features of ipchains and something more and
</I>><i> better organized, but with ipchains I was able to set all the DSCP values
</I>><i> in the TOS field, with iptables it seems this is no more possible, only few
</I>><i> values are permitted.
</I>><i>
</I>><i> For example:
</I>><i>
</I>><i> > iptables -t mangle -A PREROUTING -s 10.0.0.2 -j TOS --set-tos 0xb8
</I>><i>
</I>><i> gives me:
</I>><i>
</I>><i> iptables v1.1.2:Bad TOS value '0xb8'
</I>><i>
</I>><i> Am I doing something wrong?
</I>
Nope. Look into linux/ip.h as all the "legal" values are defined there and
maintained there. I hacked on TOS to make the FTOS module available
through the patch-o-matic. FTOS will allow you to set any value between
0-255 into the DSCP field. But it will not check if a value already
exists. The syntax is:
iptables -t mangle -A PREROUTING -s 10.0.0.2 -j FTOS --set-ftos 0xab
If all you are looking to do is set the field to any value that will work
- also works in the POSTROUTING chain for outgoing. Enjoy.
><i> Thank you
</I>><i> Regards,
</I>><i> Giovanna Pavarani
</I>><i>
</I>><i>
</I>><i> >
</I>><i> > On Tue, Jan 23, 2001 at 01:59:00PM +0100, Tom Aernoudt wrote:
</I>><i> > >
</I>><i> > > Isn't it possible with iptables to filter on DSCP field?
</I>><i> >
</I>><i> > Why don't you ask this question on the iptables/netfilter mailinglist?
</I>><i> >
</I>><i> > Anyway, answer is: No.
</I>><i> >
</I>><i> > Not because the framework isn't capable of that. Just because nobody
</I>><i> > implememnted a match yet.
</I>><i> >
</I>><i> > > Thanks,
</I>><i> > > Tom Aernoudt
</I>><i> >
</I>><i>
</I>
--------------------------------------------------
Matthew G. Marsh, President
Paktronix Systems LLC
1506 North 59th Street
Omaha NE 68104
Phone: (402) 932-7250
Email: <A HREF="mailto:mgm@paktronix.com">mgm@paktronix.com</A>
WWW: <A HREF="http://www.paktronix.com">http://www.paktronix.com</A>
--------------------------------------------------
</PRE>
prev parent reply other threads:[~2001-02-02 19:26 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-02-02 16:55 [LARTC] Re: iptables and DSCP Pavarani
2001-02-02 18:08 ` Arthur
2001-02-02 19:26 ` Matthew [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-98373940416959@msgid-missing \
--to=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.