Changing TOS of forwarded packets?
Vladimir B. Grebenschikov
vova at fbsd.ru
Wed Feb 4 00:03:30 PST 2004
В ср, 04.02.2004, в 03:17, Julian Elischer пишет:
> here's a suggestion..
> I have not done this but it might work:
I have tried such scheme (second, with two divert sockets, tee not
necessary). It works, only thing you should care about - packet should
not enter to this chain twice or kernel will panic.
As for rtprio - I guess it will not help for tens of megabits traffic.
ps:
change action for ipfw2 will be funny enough, like:
ipfw add X change iptos congestion ....
ipfw add Y change src-ip 1.1.1.1 ...
may be it is not bad feature for ipfw2 ?
> use ipfw to send sessions that match to a divert socket at port X.
>
> use netgraph ng_ksocket to connect to the divert port you selected
> above.
>
> Use a variant of the node given to hack the TOC value..
> (he's looking at ethernet packets where you would be looking at IP
> packets so it won't work directly). Hmmm having fiddled the packets
> we'd need to reinject them to a socket.. we could reinject them to teh
> same socket (we'd need to use a 'tee' node as follows:
>
>
> [divert]<--->[ksocket]<---->[tee]---->[hack]----\
> ^ |
> \ |
> ----------------/
>
>
> OR
> you could open another divert ksocket
>
> [divert]<--->[ksocket]<---->[tee]---->[hack]---->[ksocket]-->[divert]
>
> (the divert socket will always feed back into the IP stack.)
>
>
> On Tue, 3 Feb 2004, Andriy Korud wrote:
>
> > Thanks, but I'm looking for some solution that'd allow me to modify TOS of the
> > packets that match some filter rule, so I think I have to modify ipfilter
> > code.
> >
> > Andriy
> >
> > > On Tue, Feb 03, 2004 at 06:46:18PM +0200, Andriy Korud wrote:
> > >
> > > Hello,
> > >
> > > > Hi, my question is simple - is it possible to set TOS value of forwarded
> > > packets
> > > > using ipfw, ipfilter or other magic on FreeBSD 4-STABLE?
> > >
> > > As far as I know there is nothing official for this purposes (hope someone
> > > will correct me if I am wrong). This is why I started to design something
> > > on my own. My little goodie is a netgraph node for packet mangling in its
> > > early stage. I *just* got it to work and it is tested now. Seems to work
> > > properly for me. However, it was written and used only on FreeBSD-5.2-R
> > > and
> > > I'am not sure about diffrences in netgraph implementation in STABLE.
> > >
> > > Nevertheless, if noone suggests better sollution you may want to give it a
> > > try. Bear in mind it's early stage, though. There you can reach it:
> > >
> > > http://venus.wsb-nlu.edu.pl/~dlupinsk/ng_mangle/
> > >
> > > regards,
> > > Dominik Lupinski
> > >
> > >
> > > Ps. Any feedback appreciated.
> > > --
> > > "...they build you up only to tear you down."
> > >
> >
> >
> >
> > _______________________________________________
> > freebsd-net at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
> >
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
--
Vladimir B. Grebenschikov <vova at fbsd.ru>
SWsoft Inc.
More information about the freebsd-net
mailing list