From owner-freebsd-net@FreeBSD.ORG Wed Feb 4 00:03:30 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 124E916A4CE for ; Wed, 4 Feb 2004 00:03:30 -0800 (PST) Received: from vbook.fbsd.ru (asplinux.ru [195.133.213.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41A8143D2F for ; Wed, 4 Feb 2004 00:03:26 -0800 (PST) (envelope-from vova@vbook.fbsd.ru) Received: from vova by vbook.fbsd.ru with local (Exim 4.30; FreeBSD) id 1AoI1l-0000FO-7t; Wed, 04 Feb 2004 11:04:53 +0300 From: "Vladimir B. Grebenschikov" To: Julian Elischer In-Reply-To: References: Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: quoted-printable Organization: SWsoft Inc. Message-Id: <1075881891.779.9.camel@localhost> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Wed, 04 Feb 2004 11:04:52 +0300 Sender: Vladimir Grebenschikov cc: freebsd-net Subject: Re: Changing TOS of forwarded packets? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Feb 2004 08:03:30 -0000 =F7 =D3=D2, 04.02.2004, =D7 03:17, Julian Elischer =D0=C9=DB=C5=D4: > here's a suggestion.. > I have not done this but it might work: I have tried such scheme (second, with two divert sockets, tee not necessary). It works, only thing you should care about - packet should not enter to this chain twice or kernel will panic. As for rtprio - I guess it will not help for tens of megabits traffic. ps: change action for ipfw2 will be funny enough, like: ipfw add X change iptos congestion .... ipfw add Y change src-ip 1.1.1.1 ... may be it is not bad feature for ipfw2 ? > use ipfw to send sessions that match to a divert socket at port X. >=20 > use netgraph ng_ksocket to connect to the divert port you selected > above. >=20 > Use a variant of the node given to hack the TOC value.. > (he's looking at ethernet packets where you would be looking at IP > packets so it won't work directly). Hmmm having fiddled the packets > we'd need to reinject them to a socket.. we could reinject them to teh > same socket (we'd need to use a 'tee' node as follows: >=20 >=20 > [divert]<--->[ksocket]<---->[tee]---->[hack]----\ > ^ | > \ | > ----------------/ >=20 >=20 > OR=20 > you could open another divert ksocket >=20 > [divert]<--->[ksocket]<---->[tee]---->[hack]---->[ksocket]-->[divert] >=20 > (the divert socket will always feed back into the IP stack.) >=20 >=20 > On Tue, 3 Feb 2004, Andriy Korud wrote: >=20 > > Thanks, but I'm looking for some solution that'd allow me to modify TOS= of the > > packets that match some filter rule, so I think I have to modify ipfilt= er > > code. > >=20 > > Andriy > >=20 > > > On Tue, Feb 03, 2004 at 06:46:18PM +0200, Andriy Korud wrote: > > > =20 > > > Hello, > > >=20 > > > > Hi, my question is simple - is it possible to set TOS value of forw= arded > > > packets > > > > using ipfw, ipfilter or other magic on FreeBSD 4-STABLE? > > >=20 > > > As far as I know there is nothing official for this purposes (hope = someone > > > will correct me if I am wrong). This is why I started to design som= ething=20 > > > on my own. My little goodie is a netgraph node for packet mangling = in its > > > early stage. I *just* got it to work and it is tested now. Seems to= work > > > properly for me. However, it was written and used only on FreeBSD-5= .2-R > > > and > > > I'am not sure about diffrences in netgraph implementation in STABLE= . > > >=20 > > > Nevertheless, if noone suggests better sollution you may want to gi= ve it a > > > try. Bear in mind it's early stage, though. There you can reach it: > > > =20 > > > http://venus.wsb-nlu.edu.pl/~dlupinsk/ng_mangle/ > > >=20 > > > regards, > > > Dominik Lupinski > > >=20 > > >=20 > > > Ps. Any feedback appreciated. > > > --=20 > > > "...they build you up only to tear you down." > > >=20 > >=20 > >=20 > >=20 > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >=20 >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" --=20 Vladimir B. Grebenschikov SWsoft Inc.