From: "Jim Fleming" <JimFleming@ameritech.net>
To: Oskar Andreasson <blueflux@koffein.net>,
Andrei Ivanov <andrei.ivanov@ines.ro>
Cc: netfilter@lists.netfilter.org
Subject: Setting and Routing on the TOS Source (SRC) and Destination (DST) Bits
Date: Sat, 21 Sep 2002 08:25:13 -0500 [thread overview]
Message-ID: <0a3801c26172$51f71af0$c6b22543@repligate> (raw)
In-Reply-To: Pine.LNX.4.44.0209202140330.2337-100000@laptop1.agatha
> On Fri, 20 Sep 2002, Andrei Ivanov wrote:
>
> >
> > What amazes me is that iptables doesn't know to match packets by a tos
> > value other then the ones in ip.h... this really SUCKS.
....that appears to be a "political policy" slipped into the software...
There are 160 bits in the IPv4 header, all can be considered for routing purposes.
Some of those bits are more useful than others, especially those controlled via the DNS.
128-bit DNS AAAA Record Flag Day Formats
2002:[IPv4]:[SDLL.OFFF.FFFF.TTTT]:[64-bit IPv8 or IPv16 Persistent Address]
[YMDD]:[IPv4]:[SDLL.OFFF.FFFF.TTTT]:[64-bit IPv8 or IPv16 Persistent Address]
1-bit to set the Reserved ("Spare") bit in Fragment Offset [S]
1-bit to set the Don't Fragment (DF) bit [D]
2-bits to select 1 of 4 common TTL values (255, 128, 32, 8) [LL]
1-bit for Options Control [O]
7-bits to set the Identification Field(dst) [FFFFFFF]
4-bits to set the TOS(dst) Field [TTTT]
Default SDLL.OFFF.FFFF.TTTT = 0000.0000.0000.0000
FFF.FFFF.TTTT = GGG.SSSS.SSSS
http://www.ntia.doc.gov/ntiahome/domainname/130dftmail/unir.txt
Jim Fleming
2002:[IPv4]:000X:03DB:...IPv8 is closer than you think...IPv16 is even closer...
http://www.netfilter.org/
http://www.analogx.com/contents/dnsdig.htm
http://ipv8.dyndns.tv
http://ipv8.yi.org
http://ipv8.dyns.cx
http://ipv8.no-ip.com
http://ipv8.no-ip.org
http://ipv8.no-ip.biz
http://ipv8.no-ip.info
http://ipv8.myip.us
http://ipv8.dyn.ee
http://ipv8.community.net.au
http://ipv8.ods.org
----- Original Message -----
From: "Oskar Andreasson" <blueflux@koffein.net>
To: "Andrei Ivanov" <andrei.ivanov@ines.ro>
Cc: <netfilter@lists.netfilter.org>
Sent: Friday, September 20, 2002 2:46 PM
Subject: RE: Iptables bandwidth limit
>
> First of all, the limitation was created since you should not use other
> TOS values than specified in the RFC's. You may get extremely strange
> problems if you start doing random TOS matches on packets.
>
> Anyways, iptables _is_ actually able to do irregular TOS matching with the
> ftos patch applied to the kernel (I _think_ it may still be in
> patch-o-matic, but I don't know for sure). It should also be available
> somewhere on the www.paktronix.com site.
>
> Have a nice day,
>
>
>
> On Fri, 20 Sep 2002, Andrei Ivanov wrote:
>
> >
> > What amazes me is that iptables doesn't know to match packets by a tos
> > value other then the ones in ip.h... this really SUCKS.
> >
> > On Fri, 20 Sep 2002, Rob Sterenborg wrote:
> >
> > > > You can almost do this with the limit module, but you should
> > > > better use
> > > > HTB or CBQ (QOS) which are really done for this.
> > > >
> > > I first accomplished it with CBQ, but later I switched to HTB which is a lot
> > > easier to configure.
> > >
> > >
> > > Rob
> > >
> >
> >
> >
>
> --
> ----
> Oskar Andreasson
> http://www.frozentux.net
> http://iptables-tutorial.frozentux.net
> http://ipsysctl-tutorial.frozentux.net
> mailto:blueflux@koffein.net
>
>
>
>
>
next prev parent reply other threads:[~2002-09-21 13:25 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-20 12:23 Iptables bandwidth limit Rob Sterenborg
2002-09-20 12:35 ` Andrei Ivanov
2002-09-20 19:46 ` Oskar Andreasson
2002-09-21 13:25 ` Jim Fleming [this message]
2002-09-21 13:38 ` Setting and Routing on the TOS Source (SRC) and Destination (DST) Bits Andrei Ivanov
2002-09-21 13:52 ` Antony Stone
2002-09-21 21:53 ` Jim Fleming
2002-09-21 21:59 ` Antony Stone
2002-09-21 23:15 ` Jim Fleming
2002-09-22 8:21 ` Antony Stone
2002-09-22 10:25 ` Sascha Reissner
2002-09-22 10:35 ` Antony Stone
2002-09-22 13:54 ` Jim Fleming
2002-09-22 13:35 ` Jim Fleming
2002-09-22 13:48 ` Antony Stone
2002-09-22 14:15 ` Sascha Reissner
2002-09-22 14:20 ` Antony Stone
2002-09-22 15:18 ` Jim Fleming
2002-09-22 14:39 ` Jim Fleming
2002-09-21 21:56 ` Jim Fleming
2002-09-21 22:01 ` Antony Stone
2002-09-21 22:57 ` Jim Fleming
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='0a3801c26172$51f71af0$c6b22543@repligate' \
--to=jimfleming@ameritech.net \
--cc=andrei.ivanov@ines.ro \
--cc=blueflux@koffein.net \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox