* iptables and TOS 15
@ 2004-11-12 8:40 tepesu
2004-11-12 9:25 ` a.ledvinka
2004-11-12 15:23 ` Jason Opperisano
0 siblings, 2 replies; 6+ messages in thread
From: tepesu @ 2004-11-12 8:40 UTC (permalink / raw)
To: netfilter
hi,
my ISP mark packets from some internet traffic with TOS 15 and i musst
filter this traffic. how and where i must odified iptables to can do some
filtering using this marks, TOS 15.
thanks.
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: iptables and TOS 15
2004-11-12 8:40 iptables and TOS 15 tepesu
@ 2004-11-12 9:25 ` a.ledvinka
2004-11-12 15:23 ` Jason Opperisano
1 sibling, 0 replies; 6+ messages in thread
From: a.ledvinka @ 2004-11-12 9:25 UTC (permalink / raw)
To: tepesu; +Cc: netfilter
tos
This module matches the 8 bits of Type of Service field in the
IP header (ie.
including the precedence bits).
--tos tos
The argument is either a standard name, (use
iptables -m tos -h
to see the list), or a numeric value to match.
iptables -m tos -h
TOS match v1.2.6a options:
[!] --tos value Match Type of Service field from one of
the
following numeric or descriptive values:
Minimize-Delay 16 (0x10)
Maximize-Throughput 8 (0x08)
Maximize-Reliability 4 (0x04)
Minimize-Cost 2 (0x02)
Normal-Service 0 (0x00)
INPUT and FORWARD
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: iptables and TOS 15
2004-11-12 8:40 iptables and TOS 15 tepesu
2004-11-12 9:25 ` a.ledvinka
@ 2004-11-12 15:23 ` Jason Opperisano
2004-11-12 16:54 ` Lopsch
1 sibling, 1 reply; 6+ messages in thread
From: Jason Opperisano @ 2004-11-12 15:23 UTC (permalink / raw)
To: netfilter
On Fri, 2004-11-12 at 03:40, tepesu@australia.edu wrote:
> hi,
>
> my ISP mark packets from some internet traffic with TOS 15 and i musst
> filter this traffic. how and where i must odified iptables to can do some
> filtering using this marks, TOS 15.
as far as i'm aware, "15" is not a valid TOS value. as a result of the
way the TOS bits are set in the packet header, there are only 5 possible
TOS settings (from RFC 1349):
1000 -- minimize delay
0100 -- maximize throughput
0010 -- maximize reliability
0001 -- minimize monetary cost
0000 -- normal service
some products configure these simply as values 1 - 5 (i.e. cisco boxes).
iptables allows you to use two different notations, decimal and hex:
Minimize-Delay 16 (0x10)
Maximize-Throughput 8 (0x08)
Maximize-Reliability 4 (0x04)
Minimize-Cost 2 (0x02)
Normal-Service 0 (0x00)
so for the "minimize delay" TOS value, you could write your rule as:
iptables -t mangle -A PREROUTING -m tos --tos 16 [ ... ]
or
iptables -t mangle -A PREROUTING -m tos --tos 0x10 [ ... ]
but before you do anything--talk with your ISP and figure out what TOS
setting they are actually using (i.e. "15" is not the right answer).
-j
--
"I hope I didn't brain my damage."
--The Simpsons
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: iptables and TOS 15
2004-11-12 15:23 ` Jason Opperisano
@ 2004-11-12 16:54 ` Lopsch
2004-11-12 16:50 ` Jason Opperisano
0 siblings, 1 reply; 6+ messages in thread
From: Lopsch @ 2004-11-12 16:54 UTC (permalink / raw)
To: Netfilter-Mailinglist
Jason Opperisano schrieb:
> On Fri, 2004-11-12 at 03:40, tepesu@australia.edu wrote:
>
>> hi,
>>
>> my ISP mark packets from some internet traffic with TOS 15 and i musst
>>filter this traffic. how and where i must odified iptables to can do some
>>filtering using this marks, TOS 15.
>
>
> as far as i'm aware, "15" is not a valid TOS value. as a result of the
> way the TOS bits are set in the packet header, there are only 5 possible
> TOS settings (from RFC 1349):
>
> 1000 -- minimize delay
> 0100 -- maximize throughput
> 0010 -- maximize reliability
> 0001 -- minimize monetary cost
> 0000 -- normal service
>
Concerning to
http://www.lartc.org/howto/lartc.qdisc.classless.html#AEN659 the value
15 is a combination of all possible TOS values. What would be logical
because with a 4bit field you are able to get the max decimal value of
15. In my opinion marking with 15 or not marking have the same effect.
Also using the TOS values only makes sense when using for example the
pfifo_fast queueing discipline to schedule pakets.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: iptables and TOS 15
@ 2004-11-12 9:43 tepesu
0 siblings, 0 replies; 6+ messages in thread
From: tepesu @ 2004-11-12 9:43 UTC (permalink / raw)
To: netfilter
i want to make traffic management of WAN and MAN .... the WAN traffic
is marked with TOS 15 by my ISP ... and i want to redirect the WAN trafic
with iptables through an IMQ interface and then to use HTB
> tos
> This module matches the 8 bits of Type of Service field in the
>IP header (ie.
> including the precedence bits).
>
> --tos tos
> The argument is either a standard name, (use
> iptables -m tos -h
> to see the list), or a numeric value to match.
>
>iptables -m tos -h
>TOS match v1.2.6a options:
>[!] --tos value Match Type of Service field from one of
>the
> following numeric or descriptive values:
> Minimize-Delay 16 (0x10)
> Maximize-Throughput 8 (0x08)
> Maximize-Reliability 4 (0x04)
> Minimize-Cost 2 (0x02)
> Normal-Service 0 (0x00)
>
>INPUT and FORWARD
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2004-11-12 16:54 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-12 8:40 iptables and TOS 15 tepesu
2004-11-12 9:25 ` a.ledvinka
2004-11-12 15:23 ` Jason Opperisano
2004-11-12 16:54 ` Lopsch
2004-11-12 16:50 ` Jason Opperisano
-- strict thread matches above, loose matches on Subject: below --
2004-11-12 9:43 tepesu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox