Hello, I am writing a routing daemon that is able to assign different gateways to a destination address for different classes of service. Multiple DiffServ Code Point values are mapped into a single class of service. I have accomplished this by using the iptables MARK target to label each packet with a class of service value and then using 'ip rule add fwmark' to have each packet routed in the appropriate class. However, I now need to combine this routing daemon with other programs to create a complete system and more than one of them requires the iptables QUEUE target. There exists an IPQ Multiplex Daemon (ipqmd), but it uses the iptables MARK target to identify which packets are sent to which program, and I can't use MARK for two different things. I have tried to use 'ip rule add tos' to map TOS field values into route tables directly (this works great with tc for the queues), but I am only allowed to set the 4 TOS bits, not the full field (I believe it is the kernel, not iproute2 that rejects the values). I have seen some man pages that also document a 'dsfield' option, but I have not found a version of iproute2 for which this is actually accepted. I have also not seen a u32 filter for 'ip rule' although 'tc' has one (iptables also has one in patch-o-matic), which would be extremely useful.
Does anyone have a suggestion on how I can get these things to work together? There are several options, if I can get any to work: 1. Find a way to filter TOS values directly into route tables 2. Find a way to get packets that come from a certain qdisc to map into a certain route table. (packets are already sorted into queues and queues map directly to route tables -- there is one of each for every class of service) 3. Find a way to pack multiple values into the iptables MARK (so more than one app can use it) 4. (If nothing else works:) Write my own IPQ multiplex daemon that doesn't use iptables MARK 5. Maybe I could abuse routing realms (thereby not allowing me to use them for their intended purpose if I should choose to do so in the future)? 6. Other (please specify in comments :-) I have looked through the past few months of the archives and haven't seen anything relating to the inability of 'ip rule' to handle dscp values, and I have tried the latest version of iproute2 and looked at source for the latest Linux kernel release (I am running on a 2.6.9 kernel) to see if it looked like it would handle non-TOS values (although I'm not certain I've looked at the right kernel code for that). I would prefer not to have to write my own IPQ multiplex daemon (or try to get my company to authorize me to "enhance" the existing GPL'ed one). Thank you, Ian Worden Rockwell Collins, Inc. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
