From owner-freebsd-net  Thu May 23 10: 0: 0 2002
Delivered-To: freebsd-net@freebsd.org
Received: from loquat.bbn.com (crodrigues.bbn.com [128.89.72.49])
	by hub.freebsd.org (Postfix) with ESMTP id 067CB37B40C
	for <freebsd-net@freebsd.org>; Thu, 23 May 2002 09:59:40 -0700 (PDT)
Received: (from crodrigu@localhost)
	by loquat.bbn.com (8.11.2/8.11.2) id g4NGxZd32272
	for freebsd-net@freebsd.org; Thu, 23 May 2002 12:59:35 -0400
Date: Thu, 23 May 2002 12:59:35 -0400
From: Craig Rodrigues <crodrigu@bbn.com>
To: freebsd-net@freebsd.org
Subject: Re: Question about Dummynet and Diffserv
Message-ID: <20020523125935.A32262@bbn.com>
References: <20020521234248.B13074@bbn.com> <20020522024323.A34030@iguana.icir.org> <20020522123100.A24632@bbn.com> <20020522173857.B8894@blossom.cjclark.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020522173857.B8894@blossom.cjclark.org>; from crist.clark@attbi.com on Wed, May 22, 2002 at 05:38:57PM -0700
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Wed, May 22, 2002 at 05:38:57PM -0700, Crist J. Clark wrote:
> 
> No. sbin/ipfw is just the userland command for modifying rules. The
> actual firewall code lives in sys/netinet/ip_fw.{c,h}.

Hi,

I merged from -CURRENT to my -STABLE tree some changes made in October 2000 to
sys/netinet/ip_fw.{c,h} and sbin/ipfw/ipfw.c which add ipfw
filtering based on iptos.

However, from reading the documentation, it seems that only the
older IP TOS precedence values are supported for filtering.
Is it possible to use ipfw to filter based on any Diffserv codepoint value?

This is from the man page:

"             iptos spec
                     Match if the IP header contains the comma separated list
                     of service types specified in spec.  The supported IP
                     types of service are:

                     lowdelay (IPTOS_LOWDELAY), throughput (IPTOS_THROUGHPUT),
                     reliability (IPTOS_RELIABILITY), mincost (IPTOS_MINCOST),
                     congestion (IPTOS_CE).  The absence of a particular type
                     may be denoted with a `'!.
"

Thanks.
-- 
Craig Rodrigues        Distributed Systems and Logistics, Office 6/304
crodrigu@bbn.com       BBN Technologies, a Verizon company
(617) 873-4725         Cambridge, MA

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message