[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Full TOS field Netfilter Module





This sounds like a very expensive way to do things, given that you will
have to redo the checksum for each mungled packet.
What is wrong with fwmark?

cheers,
jamal

On Thu, 9 Nov 2000, Matthew G. Marsh wrote:

> 
> As I hinted in one of the emails discussing the ingres queue I have a
> cheap hack using NetFilter to set the TOS field of a packet. I cleaned it
> up a bit so it will use the Patch-O-Matic. 
> 
> Basically you untar it in the /usr/src/netfilter/ directory then change
> into userspace and make patch-o-matic. Select the ftos patch.
> 
> What this does is provides a new target called FTOS that takes an
> argument.
> 
> iptables -t mangle -A PREROUTING { selections } -j FTOS --set-ftos <value>
> 
> Where <value> is a number from 0-255 decimal or 0x0 - oxff hex
> 
> This value is then placed into the TOS field within the packet. Then you
> can use ip rule or egress to take action on the packet from there.
> 
> You can also set this to use the OUTPUT chain thus setting the TOS field
> on output from localhost.
> 
> Note that this makes no attempt to check on the current value of the TOS
> field or to split the field up into DiffServ etc. It just sets the field
> to the value you put on the command line.
> 
> BTW - it makes a great testing utility for sending packets with known TOS
> values...
> 
> HTH!
> 
> --------------------------------------------------
> Matthew G. Marsh,  President
> Paktronix Systems LLC
> 1506 North 59th Street
> Omaha  NE  68104
> Phone: (402) 932-7250
> Email: mgm@paktronix.com
> WWW:  http://www.paktronix.com
> --------------------------------------------------
> 
> 
>