[nftables PATCH 0/2] Add DSCP and TOS support

[Alvaro Neira Ayuso <alvaroneay@gmail.com>]

The following patchset contains nftables updates:

1) Add support for using TOS symbols when we add rules that we use TOS. Before,
we have added the rules with TOS mask and we didn't have support for adding
the rules with symbols.

2) Add support for using DSCP in Nftables. With this patch, we allow to use
DSCP in nftables. With this two patchs, we have retrocompatibility with TOS and
we have DSCP support.

3) We can add rules with TOS, but when we list the rules in nftables, the
position in the Ip header of TOS and DSCP is the same (but different structure)
and we must to decide in which format we want to list the rules. I have decided
to put the IPHDR_DSCP value before of IPHDR_TOS. With that we list the rules
with nftables, we will see the rules in format DSCP. I have decided that because
DSCP is more current and we still have retrocompatibility with TOS. Example:

If we add this rule:

nft add rule ip filter input ip tos 0x00 counter accept

or

nft add rule ip filter input ip tos normal-service counter accept

If we list the table filter. We will see:

ip dscp CS0 counter packets 0 bytes 0 accept.

Álvaro Neira Ayuso (2):
  src: Add support for adding TOS symbols
  src: Add DSCP support in nftables

 include/datatype.h |    4 ++
 include/proto.h    |    1 +
 src/parser.y       |    2 +
 src/proto.c        |  133 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 src/scanner.l      |    1 +
 5 files changed, 140 insertions(+), 1 deletion(-)

-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html