bogus DSCP value for ssh

Mon Jul 12 17:03:06 UTC 2010

2010/7/12 Kevin Oberman <oberman at es.net>:
>> From: Andrei Kolu <antik at bsd.ee>
>> Date: Mon, 12 Jul 2010 15:31:58 +0300
>> Sender: owner-freebsd-stable at freebsd.org
>>
>> Hi!
>>
>> I am testing FreeBSD 8.1-RC2 amd64 networking stuff and notice one
>> strange DSCP message with wireshark:
>> ------------------------------------
>> Internet Protocol, Src: 192.168.1.111 (192.168.1.111), Dst:
>> 192.168.1.101 (192.168.1.101)
>> Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
>> 0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
>> .... ..0. = ECN-Capable Transport (ECT): 0
>> .... ...0 = ECN-CE: 0
>>
>> Transmission Control Protocol, Src Port: ssh (22), Dst Port:
>> attachmate-s2s (2419), Seq: 2902917, Ack: 29842, Len: 132
>> ------------------------------------
>>
>> There is no firewall enabled. Only thing I changed (should have no
>> effect) was: "net.inet.tcp.ecn.enable: 1"
>> _______________________________________________
>
> I don't know why Wireshark does not understand this, but it is defined
> in RFC2474 as Class Selector 2 or simply IP precedence of 2 (of 7).
>
> If you add the ECN bit, you have Assured Forwarding at IP priority 2.
>
> Whether you pass or respond to the DSCP bits is, of course, a personal
> choice, but there is nothing unusual with this and ssh has bee setting
> the bit for a long time.
> --

My calculations (X is not used and always zero):

000|100|00
421|21X|00
----------------
000|200|00

11= high drop probability
10= medium drop probability
01= low drop probability

So "Per-hop behavior" is 000binary= 0decimal and "Drop probability" is
10 binary=2 decimal="Medium drop probability".
There is no such a DSCP drop probability value as 4 in existence. I
think Wireshark is incorrect but how it is possible to define 000100
at all is beyound me- 000000 is "best effort" already. It is AF02? Yet
another bogus priority value?

Correct me if I'm wrong.

Andrei