From owner-freebsd-net@FreeBSD.ORG Sat Jan 22 15:25:59 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDA6D16A4CE for ; Sat, 22 Jan 2005 15:25:59 +0000 (GMT) Received: from postfix3-1.free.fr (postfix3-1.free.fr [213.228.0.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E08C43D46 for ; Sat, 22 Jan 2005 15:25:59 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-1.free.fr (Postfix) with ESMTP id 5C99B1734E8; Sat, 22 Jan 2005 16:25:57 +0100 (CET) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id A245F407C; Sat, 22 Jan 2005 16:25:47 +0100 (CET) Date: Sat, 22 Jan 2005 16:25:46 +0100 From: Jeremie Le Hen To: Boris Kovalenko Message-ID: <20050122152546.GG36660@obiwan.tataz.chchile.org> References: <41F1E99A.5070001@ntmk.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41F1E99A.5070001@ntmk.ru> User-Agent: Mutt/1.5.6i cc: freebsd-net@freebsd.org Subject: Re: [PATCH] 802.1p priority (fixed) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Jan 2005 15:26:00 -0000 > 2. Mark 802.1p at PF/IPFW level. But we shold foresee a keyword to trust > application level information or override it. For example > ipfw add 802.1p trust 6 on any to any ssh <-- this trust application > level information and set 802.1p to 6 if it is omitted > ipfw add 802.1p override 6 on any to any ssh <-- this silently set > 802.1p == 6, regardless of application I'm not a 802.1q guru, but I think it would be relevant to be able to match against the 802.1p, at least when firewalling on layer 2 (bridging). Furthermore I would like to point out that we are going to introduce an extremely new feature into ipfw which will allow us to *modify* a packet. AFAIK, this is not possible for the moment, except when diverting to a socket. What I mean is that if I can set the 802.1p header then why wouldn't I be able to set the TOS value ? I think we should carefully choose a flexible way to extend ipfw syntax if we choose to go this way. Having the possibility to test and set the 802.1p or TOS values separately would avoid making a "trust"/"override" subtlety and will obviously make it more flexible. > 3. Mark 802.1p at vlan drivers like 2 > ifconfig vlan0 > vlan: 100 802.1p: 6 CFI: 0 mode: trust vlandev: bge0 > Here we are trusting received from low level information and set 6 if it > is omitted > ifconfig vlan0 > vlan: 100 802.1p: 6 CFI: 0 mode: override vlandev: bge0 > Here we silently set 6. I would really like this feature. Thanks for you work ! Best regards, -- Jeremie Le Hen jeremie@le-hen.org