Is there a way that I can get around doing the following:
# IP Precedence 5 In (No ECN)
pass out quick on $int_if from any to $int_if:network tos 0xa0 keep state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xa4 keep state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xa8 keep state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xac keep state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xb0 keep state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xb4 keep state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xb8 keep state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xbc keep state queue ipp5_in
That matches against all the possible TOS bytes in IP precedence 5 (DSCP 40-47) ignoring the ECN bits. If I wanted to include all the possible TOS bytes with ECN bits set it would be 32 entries instead of 8.
What I really want to do is this (using PF port number syntax):
(hexadecimal)
pass out quick on $int_if from any to $int_if:network tos 0xa0:0xbf keep state queue ipp5_in
or
(decimal)
pass out quick on $int_if from any to $int_if:network tos 160:191 keep state queue ipp5_in
When I parse either of those with pfctl though, it parses as just:
pass out quick on $int_if from any to $int_if:network tos 0xa0 keep state queue ipp5_in
No errors, but it seems to just ignore the :0xbf. Since the number:number syntax only seems to be supported for port numbers according to the PF documentation, I guess that makes sense.
So unless I'm missing something, I supppose this becomes a feature request for support of TOS byte ranges when using the tos keyword?
If it was possible to just match against the first three IP precedence bits in the TOS byte, that would work too, but that isn't possible with PF as far as I know.
Before you mention that I should just use 'tos lowdelay' in my rules, that isn't adequate for what I'm doing. IPTOS_LOWDELAY isn't compatible with the new TOS byte standards.
On another note, more priority levels in queues would be nice (I'm using priq for what I'm doing now). 70-100 or so levels would allow full DSCP priority support. Supporting that many levels would probably waste a bit of memory for what most people would do, but it would still be nice for some things. I don't really need that, using 8 levels for the different IP precedences is fine for now.
Thanks.
--
John Merriam [EMAIL PROTECTED]
