From owner-freebsd-pf@freebsd.org  Thu Oct  6 13:01:30 2016
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD5D7BD88F0
 for <freebsd-pf@mailman.ysv.freebsd.org>; Thu,  6 Oct 2016 13:01:30 +0000 (UTC)
 (envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from mail.ijs.si (mail.ijs.si [IPv6:2001:1470:ff80::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3D5B9A1E
 for <freebsd-pf@freebsd.org>; Thu,  6 Oct 2016 13:01:30 +0000 (UTC)
 (envelope-from Mark.Martinec+freebsd@ijs.si)
Received: from amavis-ori.ijs.si (localhost [IPv6:::1])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.ijs.si (Postfix) with ESMTPS id 3sqXpb49ZVzRy
 for <freebsd-pf@freebsd.org>; Thu,  6 Oct 2016 15:01:27 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ijs.si; h=
 user-agent:message-id:references:in-reply-to:organization
 :subject:subject:from:from:date:date:content-transfer-encoding
 :content-type:content-type:mime-version:received:received
 :received:received; s=jakla4; t=1475758883; x=1478350884; bh=H4b
 sN9dOLsS6vDUMcCmgOjth82AkUC1h8afr6rVD/NQ=; b=WKUlml24Y7vU4CyhlrO
 tddxC4UkWM9Ssv5MPYd90+RVPczdu7JWqWAJmQj4oiU4+vVohw+aE4TU6ax4ND0t
 ZUto739U1ceMxSnXWugnvTT2tB3iNddHFEsys+8FSxVl/HPFgdsCZyvoNomF9dNE
 Wwhjrh9eVFr9HmTtUGQ3Q/OI=
X-Virus-Scanned: amavisd-new at ijs.si
Received: from mail.ijs.si ([IPv6:::1])
 by amavis-ori.ijs.si (mail.ijs.si [IPv6:::1]) (amavisd-new, port 10026)
 with LMTP id fafjCx7HbYvp for <freebsd-pf@freebsd.org>;
 Thu,  6 Oct 2016 15:01:23 +0200 (CEST)
Received: from mildred.ijs.si (mailbox.ijs.si [IPv6:2001:1470:ff80::143:1])
 by mail.ijs.si (Postfix) with ESMTP id 3sqXpW5SjfzRh
 for <freebsd-pf@freebsd.org>; Thu,  6 Oct 2016 15:01:23 +0200 (CEST)
Received: from nabiralnik.ijs.si (nabiralnik.ijs.si
 [IPv6:2001:1470:ff80::80:16])
 by mildred.ijs.si (Postfix) with ESMTP id 3sqXpW47dLzXy
 for <freebsd-pf@freebsd.org>; Thu,  6 Oct 2016 15:01:23 +0200 (CEST)
Received: from neli.ijs.si (2001:1470:ff80:88:21c:c0ff:feb1:8c91)
 by webmail.ijs.si
 with HTTP (HTTP/1.1 POST); Thu, 06 Oct 2016 15:01:23 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 8bit
Date: Thu, 06 Oct 2016 15:01:23 +0200
From: Mark Martinec <Mark.Martinec+freebsd@ijs.si>
To: freebsd-pf@freebsd.org
Subject: Re: dscp set/get
Organization: Jozef Stefan Institute
In-Reply-To: <C539471F-8C0C-4BCD-815C-D449EF1427DB@FreeBSD.org>
References: <57F5D9D2.1060103@norma.perm.ru>
 <311888F1-3BD6-4C4E-818D-C4A9C00B55ED@FreeBSD.org>
 <C1F20DD6-5B32-4856-A2F7-7DAFB38E4D3A@lastsummer.de>
 <C539471F-8C0C-4BCD-815C-D449EF1427DB@FreeBSD.org>
Message-ID: <bbfc73f2096ac204a752a800c2863e97@mailbox.ijs.si>
X-Sender: Mark.Martinec+freebsd@ijs.si
User-Agent: Roundcube Webmail/1.2.0
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 13:01:30 -0000

Just adding recognition to a parser for a couple of DSCP constants
to be mapped to TOS is not the solution. Keep in mind that DSCP
is a 6-bit field, and TOS is an 8-bit field. The remaining two bits
are used for ECN (Explicit Congestion Notification).

Setting TOS field with the intention of changing DSCP
clobbers ECN bits.  Pf needs a proper support for DSCP,
currently it is unusable for this purpose in FreeBSD
(one can use the PF from OpenBSD).

   Mark


2016-10-06 11:03, je Kristof Provost napisal
> On 6 Oct 2016, at 10:30, Franco Fichtner wrote:
>>> On 06 Oct 2016, at 10:10 AM, Kristof Provost <kp@FreeBSD.org> wrote:
>>> 
>>> On 6 Oct 2016, at 6:57, Eugene M. Zheganin wrote:
>>>> pf still lacks the DSCP handling, will it be difficult/expensive to 
>>>> add
>>>> this ? AFAIK ipfw got this recently.
>>>> 
>>> pf has set-tos and tos keywords. What is it not letting you do?
>> 
>> I think it works already with the plain hex/decimal values given,
>> though we're missing OpenBSD's parser support for special DSCP
>> options with its funky naming:
>> 
>> "This rule applies to packets with the specified TOS bits set. string
>> may be one of critical, inetcontrol, lowdelay, netcontrol,throughput,
>> reliability, or one of the DiffServ Code Points: ef, af11 ... af43,
>> cs0 ... cs7; number may be either a hex or decimal number."
>> 
>> http://man.openbsd.org/OpenBSD-current/man5/pf.conf.5
>> 
>> Looks like pfctl(8) is the only thing to "fix" here.  I'll take a 
>> look.
>> 
> Oh, yes, if you want those constants that should be a straightforward 
> port of
> their changes to parse.y. I have no objections to including that.  It’s 
> another
> (small) step in bringing our pf closer to openbsd pf.
> 
> Regards,
> Kristof