Re: dscp set/get
> On 06 Oct 2016, at 3:32 PM, Kristof Provost wrote: > > OpenBSD seem to just always preserve the ECN bits (so there’s no dscp > keyword). > Perhaps we should do the same. The following will import the OpenBSD code regarding the subject. I retained the old manual style that is in FreeBSD to make the additions fit in better. Completely backwards-compatible, except for the change in behaviour regarding to ignore ECN on set/match. The ECN change is from 2012, so it's safe to assume it works. ;) https://reviews.freebsd.org/D8165 Cheers, Franco ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: dscp set/get
On 6 Oct 2016, at 15:01, Mark Martinec wrote: Just adding recognition to a parser for a couple of DSCP constants to be mapped to TOS is not the solution. Keep in mind that DSCP is a 6-bit field, and TOS is an 8-bit field. The remaining two bits are used for ECN (Explicit Congestion Notification). Setting TOS field with the intention of changing DSCP clobbers ECN bits. Pf needs a proper support for DSCP, currently it is unusable for this purpose in FreeBSD (one can use the PF from OpenBSD). Hmm, that’s a good point. OpenBSD seem to just always preserve the ECN bits (so there’s no dscp keyword). Perhaps we should do the same. Regards, Kristof ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: dscp set/get
> On 06 Oct 2016, at 3:32 PM, Kristof Provost wrote: > > On 6 Oct 2016, at 15:01, Mark Martinec wrote: >> Just adding recognition to a parser for a couple of DSCP constants >> to be mapped to TOS is not the solution. Keep in mind that DSCP >> is a 6-bit field, and TOS is an 8-bit field. The remaining two bits >> are used for ECN (Explicit Congestion Notification). >> >> Setting TOS field with the intention of changing DSCP >> clobbers ECN bits. Pf needs a proper support for DSCP, >> currently it is unusable for this purpose in FreeBSD >> (one can use the PF from OpenBSD). >> > > Hmm, that’s a good point. That's two one-liners, one for set and one for match? Surprised that this wasn't included already. > OpenBSD seem to just always preserve the ECN bits (so there’s no dscp > keyword). > Perhaps we should do the same. I have a full patch for review tonight. Cheers, Franco ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: dscp set/get
Just adding recognition to a parser for a couple of DSCP constants to be mapped to TOS is not the solution. Keep in mind that DSCP is a 6-bit field, and TOS is an 8-bit field. The remaining two bits are used for ECN (Explicit Congestion Notification). Setting TOS field with the intention of changing DSCP clobbers ECN bits. Pf needs a proper support for DSCP, currently it is unusable for this purpose in FreeBSD (one can use the PF from OpenBSD). Mark 2016-10-06 11:03, je Kristof Provost napisal On 6 Oct 2016, at 10:30, Franco Fichtner wrote: On 06 Oct 2016, at 10:10 AM, Kristof Provost wrote: On 6 Oct 2016, at 6:57, Eugene M. Zheganin wrote: pf still lacks the DSCP handling, will it be difficult/expensive to add this ? AFAIK ipfw got this recently. pf has set-tos and tos keywords. What is it not letting you do? I think it works already with the plain hex/decimal values given, though we're missing OpenBSD's parser support for special DSCP options with its funky naming: "This rule applies to packets with the specified TOS bits set. string may be one of critical, inetcontrol, lowdelay, netcontrol,throughput, reliability, or one of the DiffServ Code Points: ef, af11 ... af43, cs0 ... cs7; number may be either a hex or decimal number." http://man.openbsd.org/OpenBSD-current/man5/pf.conf.5 Looks like pfctl(8) is the only thing to "fix" here. I'll take a look. Oh, yes, if you want those constants that should be a straightforward port of their changes to parse.y. I have no objections to including that. It’s another (small) step in bringing our pf closer to openbsd pf. Regards, Kristof ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: dscp set/get
On 6 Oct 2016, at 10:30, Franco Fichtner wrote: On 06 Oct 2016, at 10:10 AM, Kristof Provost wrote: On 6 Oct 2016, at 6:57, Eugene M. Zheganin wrote: pf still lacks the DSCP handling, will it be difficult/expensive to add this ? AFAIK ipfw got this recently. pf has set-tos and tos keywords. What is it not letting you do? I think it works already with the plain hex/decimal values given, though we're missing OpenBSD's parser support for special DSCP options with its funky naming: "This rule applies to packets with the specified TOS bits set. string may be one of critical, inetcontrol, lowdelay, netcontrol,throughput, reliability, or one of the DiffServ Code Points: ef, af11 ... af43, cs0 ... cs7; number may be either a hex or decimal number." http://man.openbsd.org/OpenBSD-current/man5/pf.conf.5 Looks like pfctl(8) is the only thing to "fix" here. I'll take a look. Oh, yes, if you want those constants that should be a straightforward port of their changes to parse.y. I have no objections to including that. It’s another (small) step in bringing our pf closer to openbsd pf. Regards, Kristof ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: dscp set/get
Hi, > On 06 Oct 2016, at 10:10 AM, Kristof Provost wrote: > > On 6 Oct 2016, at 6:57, Eugene M. Zheganin wrote: >> pf still lacks the DSCP handling, will it be difficult/expensive to add >> this ? AFAIK ipfw got this recently. >> > pf has set-tos and tos keywords. What is it not letting you do? I think it works already with the plain hex/decimal values given, though we're missing OpenBSD's parser support for special DSCP options with its funky naming: "This rule applies to packets with the specified TOS bits set. string may be one of critical, inetcontrol, lowdelay, netcontrol,throughput, reliability, or one of the DiffServ Code Points: ef, af11 ... af43, cs0 ... cs7; number may be either a hex or decimal number." http://man.openbsd.org/OpenBSD-current/man5/pf.conf.5 Looks like pfctl(8) is the only thing to "fix" here. I'll take a look. Cheers, Franco ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
Re: dscp set/get
On 6 Oct 2016, at 6:57, Eugene M. Zheganin wrote: > pf still lacks the DSCP handling, will it be difficult/expensive to add > this ? AFAIK ipfw got this recently. > pf has set-tos and tos keywords. What is it not letting you do? Regards, Kristof ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
dscp set/get
Hi. pf still lacks the DSCP handling, will it be difficult/expensive to add this ? AFAIK ipfw got this recently. Eugene. ___ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
