"man ip" on the freebsd box:
If the IP_RECVTTL option is enabled on a SOCK_DGRAM socket, the
recvmsg(2) call will return the IP TTL (time to live) field for a UDP
datagram. The msg_control field in the msghdr structure points to a
buffer that contains a cmsghdr structure followed by the TTL. The cms-
ghdr fields have the following values:
cmsg_len = CMSG_LEN(sizeof(u_char))
cmsg_level = IPPROTO_IP
cmsg_type = IP_RECVTTL
If the IP_RECVTOS option is enabled on a SOCK_DGRAM socket, the
recvmsg(2) call will return the IP TOS (type of service) field for a UDP
datagram. The msg_control field in the msghdr structure points to a
buffer that contains a cmsghdr structure followed by the TOS. The cms-
ghdr fields have the following values:
cmsg_len = CMSG_LEN(sizeof(u_char))
cmsg_level = IPPROTO_IP
cmsg_type = IP_RECVTOS
FreeBSD only support recv tos or ttl for udp packets. If you want split
some tcp request traffic for special purpose, may be you can set ttl or
tos on the front router/firewall ,then capture it with "ipfw" tool and
redirect it to the customed "frontend". But that leads complex
configurations.
Simon
于 2/1/14 下午11:56, Lukas Tribus 写道:
Hi,
Thats great, but is there can be anything like this?
acl bad_guys tos-acl 0x20
block if bad_guys
Ah ok, you want to match incoming TOS.
That is indeed not supported currently.
Also, not all *nixes provide an API for this. Linux has
IP_RECVTOS/IPV6_RECVTCLASS to do it, but BSD hasn't, also see:
http://stackoverflow.com/questions/1029849/what-is-the-bsd-or-portable-way-to-get-tos-byte-like-ip-recvtos-from-linux
Not sure what effort it would be to implement this.
Regards,
Lukas
