Date: Sat, 22 Jan 2005 12:33:47 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Jeremie Le Hen <jeremie@le-hen.org> Cc: Boris Kovalenko <boris@ntmk.ru> Subject: Re: [PATCH] 802.1p priority (fixed) Message-ID: <20050122203347.GB4466@odin.ac.hmc.edu> In-Reply-To: <20050122152546.GG36660@obiwan.tataz.chchile.org> References: <41F1E99A.5070001@ntmk.ru> <20050122152546.GG36660@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--+pHx0qQiF2pBVqBT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 22, 2005 at 04:25:46PM +0100, Jeremie Le Hen wrote: > > 2. Mark 802.1p at PF/IPFW level. But we shold foresee a keyword to trus= t=20 > > application level information or override it. For example > > ipfw add 802.1p trust 6 on any to any ssh <-- this trust application=20 > > level information and set 802.1p to 6 if it is omitted > > ipfw add 802.1p override 6 on any to any ssh <-- this silently set=20 > > 802.1p =3D=3D 6, regardless of application >=20 > I'm not a 802.1q guru, but I think it would be relevant to be able to > match against the 802.1p, at least when firewalling on layer 2 (bridging). >=20 > Furthermore I would like to point out that we are going to introduce an > extremely new feature into ipfw which will allow us to *modify* a packet. > AFAIK, this is not possible for the moment, except when diverting to a > socket. What I mean is that if I can set the 802.1p header then why > wouldn't I be able to set the TOS value ? I think we should carefully > choose a flexible way to extend ipfw syntax if we choose to go this way. The nice thing about ipfw2 is that extension is easy. I envision that we won't actually touch the packet at all in the 801.1p case and will just add, modify, or delete a tag that the ethernet layer uses when sending. Setting TOS values could be done in place since we have the header at that point. > Having the possibility to test and set the 802.1p or TOS values > separately would avoid making a "trust"/"override" subtlety and will > obviously make it more flexible. I agree on this point. The one thing to be careful of is that 802.1p priorities and TOS values work rather differently in that TOS values fit in to an existing field of the packet and 802.1p values require modifications to the header and adding data between the header and the real body, possiably with a resuling reduction in MTU (though what you're doing trying to use 802.1p priority with crappy nic I don't know :-). -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --+pHx0qQiF2pBVqBT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFB8riqXY6L6fI4GtQRAkg2AKDJLm9MDBmtAzAJ2aoU1nPeGwg7ewCg5bLj X/QxoY0MYppQ9c1bbrm4peM= =RqFR -----END PGP SIGNATURE----- --+pHx0qQiF2pBVqBT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050122203347.GB4466>