Just adding recognition to a parser for a couple of DSCP constants
to be mapped to TOS is not the solution. Keep in mind that DSCP
is a 6-bit field, and TOS is an 8-bit field. The remaining two bits
are used for ECN (Explicit Congestion Notification).
Setting TOS field with the intention of changing DSCP
clobbers ECN bits. Pf needs a proper support for DSCP,
currently it is unusable for this purpose in FreeBSD
(one can use the PF from OpenBSD).
Mark
2016-10-06 11:03, je Kristof Provost napisal
On 6 Oct 2016, at 10:30, Franco Fichtner wrote:
On 06 Oct 2016, at 10:10 AM, Kristof Provost <k...@freebsd.org> wrote:
On 6 Oct 2016, at 6:57, Eugene M. Zheganin wrote:
pf still lacks the DSCP handling, will it be difficult/expensive to
add
this ? AFAIK ipfw got this recently.
pf has set-tos and tos keywords. What is it not letting you do?
I think it works already with the plain hex/decimal values given,
though we're missing OpenBSD's parser support for special DSCP
options with its funky naming:
"This rule applies to packets with the specified TOS bits set. string
may be one of critical, inetcontrol, lowdelay, netcontrol,throughput,
reliability, or one of the DiffServ Code Points: ef, af11 ... af43,
cs0 ... cs7; number may be either a hex or decimal number."
http://man.openbsd.org/OpenBSD-current/man5/pf.conf.5
Looks like pfctl(8) is the only thing to "fix" here. I'll take a
look.
Oh, yes, if you want those constants that should be a straightforward
port of
their changes to parse.y. I have no objections to including that. It’s
another
(small) step in bringing our pf closer to openbsd pf.
Regards,
Kristof
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
