Date: Wed, 04 Feb 2004 11:04:52 +0300 From: "Vladimir B. Grebenschikov" <vova@fbsd.ru> To: Julian Elischer <julian@elischer.org> Cc: freebsd-net <net@freebsd.org> Subject: Re: Changing TOS of forwarded packets? Message-ID: <1075881891.779.9.camel@localhost> In-Reply-To: <Pine.BSF.4.21.0402031454380.88161-100000@InterJet.elischer.org> References: <Pine.BSF.4.21.0402031454380.88161-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
=F7 =D3=D2, 04.02.2004, =D7 03:17, Julian Elischer =D0=C9=DB=C5=D4:
> here's a suggestion..
> I have not done this but it might work:
I have tried such scheme (second, with two divert sockets, tee not
necessary). It works, only thing you should care about - packet should
not enter to this chain twice or kernel will panic.
As for rtprio - I guess it will not help for tens of megabits traffic.
ps:
change action for ipfw2 will be funny enough, like:
ipfw add X change iptos congestion ....
ipfw add Y change src-ip 1.1.1.1 ...
may be it is not bad feature for ipfw2 ?
> use ipfw to send sessions that match to a divert socket at port X.
>=20
> use netgraph ng_ksocket to connect to the divert port you selected
> above.
>=20
> Use a variant of the node given to hack the TOC value..
> (he's looking at ethernet packets where you would be looking at IP
> packets so it won't work directly). Hmmm having fiddled the packets
> we'd need to reinject them to a socket.. we could reinject them to teh
> same socket (we'd need to use a 'tee' node as follows:
>=20
>=20
> [divert]<--->[ksocket]<---->[tee]---->[hack]----\
> ^ |
> \ |
> ----------------/
>=20
>=20
> OR=20
> you could open another divert ksocket
>=20
> [divert]<--->[ksocket]<---->[tee]---->[hack]---->[ksocket]-->[divert]
>=20
> (the divert socket will always feed back into the IP stack.)
>=20
>=20
> On Tue, 3 Feb 2004, Andriy Korud wrote:
>=20
> > Thanks, but I'm looking for some solution that'd allow me to modify TOS=
of the
> > packets that match some filter rule, so I think I have to modify ipfilt=
er
> > code.
> >=20
> > Andriy
> >=20
> > > On Tue, Feb 03, 2004 at 06:46:18PM +0200, Andriy Korud wrote:
> > > =20
> > > Hello,
> > >=20
> > > > Hi, my question is simple - is it possible to set TOS value of forw=
arded
> > > packets
> > > > using ipfw, ipfilter or other magic on FreeBSD 4-STABLE?
> > >=20
> > > As far as I know there is nothing official for this purposes (hope =
someone
> > > will correct me if I am wrong). This is why I started to design som=
ething=20
> > > on my own. My little goodie is a netgraph node for packet mangling =
in its
> > > early stage. I *just* got it to work and it is tested now. Seems to=
work
> > > properly for me. However, it was written and used only on FreeBSD-5=
.2-R
> > > and
> > > I'am not sure about diffrences in netgraph implementation in STABLE=
.
> > >=20
> > > Nevertheless, if noone suggests better sollution you may want to gi=
ve it a
> > > try. Bear in mind it's early stage, though. There you can reach it:
> > > =20
> > > http://venus.wsb-nlu.edu.pl/~dlupinsk/ng_mangle/
> > >=20
> > > regards,
> > > Dominik Lupinski
> > >=20
> > >=20
> > > Ps. Any feedback appreciated.
> > > --=20
> > > "...they build you up only to tear you down."
> > >=20
> >=20
> >=20
> >=20
> > _______________________________________________
> > freebsd-net@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
> >=20
>=20
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
--=20
Vladimir B. Grebenschikov <vova@fbsd.ru>
SWsoft Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1075881891.779.9.camel>