Date: Mon, 18 Oct 2004 10:38:53 +0300 From: Andrew Degtiariov <freebsd-net@astral-on.net> To: freebsd-net@freebsd.org Subject: Re: TOS and IPFW-1 Message-ID: <20041018073853.GA53824@astral-on.net> In-Reply-To: <00b001c4b4eb$4ef3eee0$9f90a8c0@donatas> References: <00b001c4b4eb$4ef3eee0$9f90a8c0@donatas>
next in thread | previous in thread | raw e-mail | index | archive | help
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Mon, Oct 18, 2004 at 11:20:20AM +0300, donatas wrote:
> Hello,
> is there any possibility to use TOS on IPFW-1 machines?
> Wee need to prioritize VOIP (MGCP) packets for high throughput.
> FreeBSD 4.10.
>
> than you in advance
No, TOS field matching implement only in IPFW2 (limited to well known
TOS types like a lowdelay, throughput... you can't specify TOS as
number).
But *prioritization* with dummynet it is a bad idea. ALTQ provides more
right way to do *prioritization* (but not so good which you can get
with Cisco).
So, i have some patches to IPFW2 which provides maching any TOS
(both numbers and names). It's for FreeBSD 4.8 but which no problems
applies (handmade required of course) to any systems what ipfw2
support.
--
Andrew Degtiariov
DA-RIPE
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ip_fw2.c.patch"
--- sys/netinet/ip_fw2.c.orig Wed Sep 17 14:11:18 2003
+++ sys/netinet/ip_fw2.c Wed Sep 17 14:16:54 2003
@@ -1699,8 +1699,16 @@
break;
case O_IPTOS:
- match = (hlen > 0 &&
- flags_match(cmd, ip->ip_tos));
+ if (hlen > 0) {
+ u_int16_t *p =
+ ((ipfw_insn_u16 *)cmd)->ports;
+ int i;
+
+ for (i = cmdlen - 1; !match && i>0;
+ i--, p += 2)
+ match = (ip->ip_tos>=p[0] &&
+ ip->ip_tos<=p[1]);
+ }
break;
case O_TCPFLAGS:
@@ -2309,7 +2317,6 @@
case O_IPOPT:
case O_IPLEN:
case O_IPID:
- case O_IPTOS:
case O_IPPRECEDENCE:
case O_IPTTL:
case O_IPVER:
@@ -2375,6 +2382,7 @@
goto bad_size;
break;
+ case O_IPTOS:
case O_MAC_TYPE:
case O_IP_SRCPORT:
case O_IP_DSTPORT: /* XXX artificial limit, 30 port pairs */
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="ipfw2.c.patch"
--- sbin/ipfw/ipfw2.c.orig Wed Sep 17 14:17:44 2003
+++ sbin/ipfw/ipfw2.c Wed Sep 17 14:28:53 2003
@@ -143,6 +143,12 @@
* This is only used in this code.
*/
#define IPPROTO_ETHERTYPE 0x1000
+
+/*
+ * faked protocol for TOS
+ */
+#define IPPROTO_IPTOS 0x2000
+
static struct _s_x ether_types[] = {
/*
* Note, we cannot use "-:&/" in the names because they are field
@@ -377,13 +383,16 @@
print_port(int proto, u_int16_t port)
{
- if (proto == IPPROTO_ETHERTYPE) {
+ if (proto == IPPROTO_ETHERTYPE || proto == IPPROTO_IPTOS) {
char *s;
- if (do_resolv && (s = match_value(ether_types, port)) )
- printf("%s", s);
- else
- printf("0x%04x", port);
+ if (do_resolv &&
+ (s = match_value(proto == IPPROTO_ETHERTYPE ? ether_types :
+ f_iptos, port)) )
+ printf("%s", s);
+ else
+ printf(proto == IPPROTO_ETHERTYPE ? "0x%04x": "0x%02x",
+ port);
} else {
struct servent *se = NULL;
if (do_resolv) {
@@ -413,7 +422,8 @@
printf(" not");
if (opcode != 0)
printf ("%s", opcode == O_MAC_TYPE ? " mac-type" :
- (opcode == O_IP_DSTPORT ? " dst-port" : " src-port"));
+ (opcode == O_IPTOS ? " iptos" :
+ (opcode == O_IP_DSTPORT ? " dst-port" : " src-port")) );
for (i = F_LEN((ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) {
printf(sep);
print_port(proto, p[0]);
@@ -445,8 +455,16 @@
if ( *s == '\0')
return 0; /* not found */
- if (isdigit(*s))
- return strtol(s, end, base);
+ if (isdigit(*s)) {
+ i = strtol(s, end, base);
+
+ if (proto == IPPROTO_IPTOS && (i < 0 || i > 255)) {
+ *end = s;
+ return 0;
+ } else
+ return i;
+ }
+
/*
* find separator. '\\' escapes the next char.
@@ -467,8 +485,9 @@
buf[i++] = *p;
buf[i++] = '\0';
- if (proto == IPPROTO_ETHERTYPE) {
- i = match_token(ether_types, buf);
+ if (proto == IPPROTO_ETHERTYPE || proto == IPPROTO_IPTOS) {
+ i = match_token(proto == IPPROTO_ETHERTYPE ? ether_types :
+ f_iptos, buf);
free(buf);
if (i != -1) { /* found */
*end = s1;
@@ -1109,7 +1128,8 @@
break;
case O_IPTOS:
- print_flags("iptos", cmd, f_iptos);
+ print_newports((ipfw_insn_u16 *)cmd,
+ IPPROTO_IPTOS, cmd->opcode);
break;
case O_ICMPTYPE:
@@ -2954,7 +2974,13 @@
case TOK_IPTOS:
NEED1("missing argument for iptos");
- fill_flags(cmd, O_IPTOS, f_iptos, *av);
+ if (!fill_newports ((ipfw_insn_u16 *)cmd, *av,
+ IPPROTO_IPTOS))
+ {
+ errx(EX_DATAERR, "invalid TOS value \"%s\"", *av);
+
+ }
+ cmd->opcode = O_IPTOS;
ac--; av++;
break;
--jRHKVT23PllUwdXP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041018073853.GA53824>