From owner-freebsd-net@FreeBSD.ORG Mon Oct 18 07:39:00 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B160116A4CE for ; Mon, 18 Oct 2004 07:39:00 +0000 (GMT) Received: from therion.astral-on.net (therion.astral-on.net [193.41.4.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id DDE4043D46 for ; Mon, 18 Oct 2004 07:38:58 +0000 (GMT) (envelope-from ad@astral-on.net) Received: from odin.astral-on.net (odin.astral-on.net [193.41.4.6]) i9I7csol079393 for ; Mon, 18 Oct 2004 10:38:55 +0300 (EEST) (envelope-from ad@astral-on.net) Received: from odin.astral-on.net (localhost.astral-on.net [127.0.0.1]) by odin.astral-on.net (8.12.8p2/8.12.8) with ESMTP id i9I7cswk058987 for ; Mon, 18 Oct 2004 10:38:54 +0300 (EEST) (envelope-from ad@odin.astral-on.net) Received: (from ad@localhost) by odin.astral-on.net (8.12.8p2/8.12.8/Submit) id i9I7crbQ058986 for freebsd-net@freebsd.org; Mon, 18 Oct 2004 10:38:53 +0300 (EEST) Date: Mon, 18 Oct 2004 10:38:53 +0300 From: Andrew Degtiariov To: freebsd-net@freebsd.org Message-ID: <20041018073853.GA53824@astral-on.net> Mail-Followup-To: freebsd-net@freebsd.org References: <00b001c4b4eb$4ef3eee0$9f90a8c0@donatas> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="jRHKVT23PllUwdXP" Content-Disposition: inline In-Reply-To: <00b001c4b4eb$4ef3eee0$9f90a8c0@donatas> User-Agent: Mutt/1.5.6i Subject: Re: TOS and IPFW-1 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-net@astral-on.net List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Oct 2004 07:39:00 -0000 --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Oct 18, 2004 at 11:20:20AM +0300, donatas wrote: > Hello, > is there any possibility to use TOS on IPFW-1 machines? > Wee need to prioritize VOIP (MGCP) packets for high throughput. > FreeBSD 4.10. > > than you in advance No, TOS field matching implement only in IPFW2 (limited to well known TOS types like a lowdelay, throughput... you can't specify TOS as number). But *prioritization* with dummynet it is a bad idea. ALTQ provides more right way to do *prioritization* (but not so good which you can get with Cisco). So, i have some patches to IPFW2 which provides maching any TOS (both numbers and names). It's for FreeBSD 4.8 but which no problems applies (handmade required of course) to any systems what ipfw2 support. -- Andrew Degtiariov DA-RIPE --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ip_fw2.c.patch" --- sys/netinet/ip_fw2.c.orig Wed Sep 17 14:11:18 2003 +++ sys/netinet/ip_fw2.c Wed Sep 17 14:16:54 2003 @@ -1699,8 +1699,16 @@ break; case O_IPTOS: - match = (hlen > 0 && - flags_match(cmd, ip->ip_tos)); + if (hlen > 0) { + u_int16_t *p = + ((ipfw_insn_u16 *)cmd)->ports; + int i; + + for (i = cmdlen - 1; !match && i>0; + i--, p += 2) + match = (ip->ip_tos>=p[0] && + ip->ip_tos<=p[1]); + } break; case O_TCPFLAGS: @@ -2309,7 +2317,6 @@ case O_IPOPT: case O_IPLEN: case O_IPID: - case O_IPTOS: case O_IPPRECEDENCE: case O_IPTTL: case O_IPVER: @@ -2375,6 +2382,7 @@ goto bad_size; break; + case O_IPTOS: case O_MAC_TYPE: case O_IP_SRCPORT: case O_IP_DSTPORT: /* XXX artificial limit, 30 port pairs */ --jRHKVT23PllUwdXP Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="ipfw2.c.patch" --- sbin/ipfw/ipfw2.c.orig Wed Sep 17 14:17:44 2003 +++ sbin/ipfw/ipfw2.c Wed Sep 17 14:28:53 2003 @@ -143,6 +143,12 @@ * This is only used in this code. */ #define IPPROTO_ETHERTYPE 0x1000 + +/* + * faked protocol for TOS + */ +#define IPPROTO_IPTOS 0x2000 + static struct _s_x ether_types[] = { /* * Note, we cannot use "-:&/" in the names because they are field @@ -377,13 +383,16 @@ print_port(int proto, u_int16_t port) { - if (proto == IPPROTO_ETHERTYPE) { + if (proto == IPPROTO_ETHERTYPE || proto == IPPROTO_IPTOS) { char *s; - if (do_resolv && (s = match_value(ether_types, port)) ) - printf("%s", s); - else - printf("0x%04x", port); + if (do_resolv && + (s = match_value(proto == IPPROTO_ETHERTYPE ? ether_types : + f_iptos, port)) ) + printf("%s", s); + else + printf(proto == IPPROTO_ETHERTYPE ? "0x%04x": "0x%02x", + port); } else { struct servent *se = NULL; if (do_resolv) { @@ -413,7 +422,8 @@ printf(" not"); if (opcode != 0) printf ("%s", opcode == O_MAC_TYPE ? " mac-type" : - (opcode == O_IP_DSTPORT ? " dst-port" : " src-port")); + (opcode == O_IPTOS ? " iptos" : + (opcode == O_IP_DSTPORT ? " dst-port" : " src-port")) ); for (i = F_LEN((ipfw_insn *)cmd) - 1; i > 0; i--, p += 2) { printf(sep); print_port(proto, p[0]); @@ -445,8 +455,16 @@ if ( *s == '\0') return 0; /* not found */ - if (isdigit(*s)) - return strtol(s, end, base); + if (isdigit(*s)) { + i = strtol(s, end, base); + + if (proto == IPPROTO_IPTOS && (i < 0 || i > 255)) { + *end = s; + return 0; + } else + return i; + } + /* * find separator. '\\' escapes the next char. @@ -467,8 +485,9 @@ buf[i++] = *p; buf[i++] = '\0'; - if (proto == IPPROTO_ETHERTYPE) { - i = match_token(ether_types, buf); + if (proto == IPPROTO_ETHERTYPE || proto == IPPROTO_IPTOS) { + i = match_token(proto == IPPROTO_ETHERTYPE ? ether_types : + f_iptos, buf); free(buf); if (i != -1) { /* found */ *end = s1; @@ -1109,7 +1128,8 @@ break; case O_IPTOS: - print_flags("iptos", cmd, f_iptos); + print_newports((ipfw_insn_u16 *)cmd, + IPPROTO_IPTOS, cmd->opcode); break; case O_ICMPTYPE: @@ -2954,7 +2974,13 @@ case TOK_IPTOS: NEED1("missing argument for iptos"); - fill_flags(cmd, O_IPTOS, f_iptos, *av); + if (!fill_newports ((ipfw_insn_u16 *)cmd, *av, + IPPROTO_IPTOS)) + { + errx(EX_DATAERR, "invalid TOS value \"%s\"", *av); + + } + cmd->opcode = O_IPTOS; ac--; av++; break; --jRHKVT23PllUwdXP--