From owner-freebsd-ipfw@FreeBSD.ORG Mon Mar 11 11:06:44 2013 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 8EA32B1D for ; Mon, 11 Mar 2013 11:06:44 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 7FAA77CB for ; Mon, 11 Mar 2013 11:06:44 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r2BB6i6T089024 for ; Mon, 11 Mar 2013 11:06:44 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r2BB6ilp089021 for freebsd-ipfw@FreeBSD.org; Mon, 11 Mar 2013 11:06:44 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 11 Mar 2013 11:06:44 GMT Message-Id: <201303111106.r2BB6ilp089021@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Mar 2013 11:06:44 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/176503 ipfw [ipfw] ipfw layer2 problem o kern/174749 ipfw Unexpected change of default route o kern/169206 ipfw [ipfw] ipfw does not flush entries in table o conf/167822 ipfw [ipfw] [patch] start script doesn't load firewall_type o kern/166406 ipfw [ipfw] ipfw does not set ALTQ identifier for ipv6 traf o kern/165939 ipfw [ipw] bug: incomplete firewall rules loaded if tables o kern/165190 ipfw [ipfw] [lo] [patch] loopback interface is not marking o kern/158066 ipfw [ipfw] ipfw + netgraph + multicast = multicast packets o kern/157796 ipfw [ipfw] IPFW in-kernel NAT nat loopback / Default Route o kern/157689 ipfw [ipfw] ipfw nat config does not accept nonexistent int f kern/155927 ipfw [ipfw] ipfw stops to check packets for compliance with o bin/153252 ipfw [ipfw][patch] ipfw lockdown system in subsequent call o kern/153161 ipfw [ipfw] does not support specifying rules with ICMP cod o kern/152113 ipfw [ipfw] page fault on 8.1-RELEASE caused by certain amo o kern/148827 ipfw [ipfw] divert broken with in-kernel ipfw o kern/148430 ipfw [ipfw] IPFW schedule delete broken. o kern/148091 ipfw [ipfw] ipfw ipv6 handling broken. f kern/143973 ipfw [ipfw] [panic] ipfw forward option causes kernel reboo o kern/143621 ipfw [ipfw] [dummynet] [patch] dummynet and vnet use result o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l f kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o bin/83046 ipfw [ipfw] ipfw2 error: "setup" is allowed for icmp, but s o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes s kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 44 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Mar 12 13:27:40 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id D2E77D41; Tue, 12 Mar 2013 13:27:40 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id A2E63968; Tue, 12 Mar 2013 13:27:40 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r2CDReiZ095793; Tue, 12 Mar 2013 13:27:40 GMT (envelope-from melifaro@freefall.freebsd.org) Received: (from melifaro@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r2CDReIW095792; Tue, 12 Mar 2013 13:27:40 GMT (envelope-from melifaro) Date: Tue, 12 Mar 2013 13:27:40 GMT Message-Id: <201303121327.r2CDReIW095792@freefall.freebsd.org> To: melifaro@FreeBSD.org, freebsd-ipfw@FreeBSD.org, melifaro@FreeBSD.org From: melifaro@FreeBSD.org Subject: Re: kern/102471: [ipfw] [patch] add tos and dscp support X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Mar 2013 13:27:40 -0000 Synopsis: [ipfw] [patch] add tos and dscp support Responsible-Changed-From-To: freebsd-ipfw->melifaro Responsible-Changed-By: melifaro Responsible-Changed-When: Tue Mar 12 13:27:21 UTC 2013 Responsible-Changed-Why: Take http://www.freebsd.org/cgi/query-pr.cgi?pr=102471 From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 14 13:48:04 2013 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 36F3F4F9 for ; Thu, 14 Mar 2013 13:48:04 +0000 (UTC) (envelope-from melifaro@yandex-team.ru) Received: from forward17.mail.yandex.net (forward17.mail.yandex.net [IPv6:2a02:6b8:0:1402::2]) by mx1.freebsd.org (Postfix) with ESMTP id BEA89DFA for ; Thu, 14 Mar 2013 13:48:03 +0000 (UTC) Received: from smtpcorp4.mail.yandex.net (smtpcorp4.mail.yandex.net [95.108.252.2]) by forward17.mail.yandex.net (Yandex) with ESMTP id 3CAC310604FB; Thu, 14 Mar 2013 17:47:59 +0400 (MSK) Received: from smtpcorp4.mail.yandex.net (localhost [127.0.0.1]) by smtpcorp4.mail.yandex.net (Yandex) with ESMTP id 268E12C0226; Thu, 14 Mar 2013 17:47:59 +0400 (MSK) Received: from dhcp170-36-red.yandex.net (dhcp170-36-red.yandex.net [95.108.170.36]) by smtpcorp4.mail.yandex.net (nwsmtp/Yandex) with ESMTP id luWWrein-lxWKUlLM; Thu, 14 Mar 2013 17:47:59 +0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex-team.ru; s=default; t=1363268879; bh=xHN5E/6SJb/koGNGSLyUdyjA9QqVx0toXK5eQ/f57pU=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject: X-Enigmail-Version:Content-Type; b=Cp8/hrJAWclMyFnF9NSaYBkxMZ28Qgo1bmKMpXVxbNbWaOJ4MIqp1kkzRQAOs6c1L zWQTMtfxpJrZ7Zq16uiJysaCK/KUv4jHJx5OotmNZNEeOVUUQrfzA1rnRwaOrcQDA+ nadFvT41EzQk1CJp/qerLV7L1MW06FwxgSS2UfG0= Authentication-Results: smtpcorp4.mail.yandex.net; dkim=pass header.i=@yandex-team.ru Message-ID: <5141D50A.4070702@yandex-team.ru> Date: Thu, 14 Mar 2013 17:47:54 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/17.0 Thunderbird/17.0 MIME-Version: 1.0 To: ipfw@freebsd.org Subject: [patch] setting/matching DSCP with ipfw X-Enigmail-Version: 1.4.6 Content-Type: multipart/mixed; boundary="------------040807080603000200070701" Cc: Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 13:48:04 -0000 This is a multi-part message in MIME format. --------------040807080603000200070701 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello list! This is the obvious thing which should be done at least 5 years ago. There are several PRs like kern/102471 and kern/121122 with similar functionality. Given patch adds setting DSCP support (O_SETDSCP) which works for both IPv4 and IPv6 packets. Fast checksum recalculation (RFC 1624) is done in former case. Dscp can be specified by name (AFXY, CSX, BE, EF), by value (0..63) or via tablearg. Matching DSCP is done via another opcode (O_DSCP) which accepts several classes at once (af11,af22,be). Classes are stored in bitmask (2 u32 words). (Btw, current O_TOS can be modified to transparently match single DSCP point, probably later on..) Example: 00050 675 37800 setdscp ef ip from any to 2a02:978:11::/64 dscp be ipfw add 100 count ip from any to any dscp af11,cs3 00100 count ip from any to any dscp af11,cs3 I'm planning to commit updated patch (docs, some style(9)) on Mon 18 if there are no objections. --------------040807080603000200070701 Content-Type: text/plain; charset=UTF-8; name="ipfw_dscp.diff" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="ipfw_dscp.diff" Index: sys/netpfil/ipfw/ip_fw2.c =================================================================== --- sys/netpfil/ipfw/ip_fw2.c (revision 248114) +++ sys/netpfil/ipfw/ip_fw2.c (working copy) @@ -1624,6 +1624,32 @@ do { \ flags_match(cmd, ip->ip_tos)); break; + case O_DSCP: + { + uint32_t *p; + uint16_t x; + + p = ((ipfw_insn_u32 *)cmd)->d; + + if (is_ipv4) + x = ip->ip_tos >> 2; + else if (is_ipv6) { + uint8_t *v; + v = &((struct ip6_hdr *)ip)->ip6_vfc; + x = (*v & 0x0F) << 2; + v++; + x |= *v >> 6; + } else + break; + + /* DSCP bitmask is stored as low_u32 high_u32 */ + if (x > 32) + match = *(p + 1) & (1 << (x - 32)); + else + match = *p & (1 << x); + } + break; + case O_TCPDATALEN: if (proto == IPPROTO_TCP && offset == 0) { struct tcphdr *tcp; @@ -2353,6 +2379,32 @@ do { \ break; } + case O_SETDSCP: { + uint16_t code; + + code = IP_FW_ARG_TABLEARG(cmd->arg1) & 0x3F; + l = 0; /* exit inner loop */ + if (is_ipv4) { + uint16_t a; + + a = ip->ip_tos; + ip->ip_tos = (code << 2) | (ip->ip_tos & 0x03); + a += ntohs(ip->ip_sum) - ip->ip_tos; + ip->ip_sum = htons(a); + } else if (is_ipv6) { + uint8_t *v; + + v = &((struct ip6_hdr *)ip)->ip6_vfc; + *v = (*v & 0xF0) | (code >> 2); + v++; + *v = (*v & 0x3F) | ((code & 0x03) << 6); + } else + break; + + IPFW_INC_RULE_COUNTER(f, pktlen); + break; + } + case O_NAT: if (!IPFW_NAT_LOADED) { retval = IP_FW_DENY; Index: sys/netpfil/ipfw/ip_fw_log.c =================================================================== --- sys/netpfil/ipfw/ip_fw_log.c (revision 248114) +++ sys/netpfil/ipfw/ip_fw_log.c (working copy) @@ -292,12 +292,10 @@ ipfw_log(struct ip_fw *f, u_int hlen, struct ip_fw altq->qid); cmd += F_LEN(cmd); } - if (cmd->opcode == O_PROB) + if (cmd->opcode == O_PROB || cmd->opcode == O_TAG || + cmd->opcode == O_SETDSCP) cmd += F_LEN(cmd); - if (cmd->opcode == O_TAG) - cmd += F_LEN(cmd); - action = action2; switch (cmd->opcode) { case O_DENY: Index: sys/netpfil/ipfw/ip_fw_sockopt.c =================================================================== --- sys/netpfil/ipfw/ip_fw_sockopt.c (revision 248114) +++ sys/netpfil/ipfw/ip_fw_sockopt.c (working copy) @@ -671,6 +671,10 @@ check_ipfw_struct(struct ip_fw *rule, int size) case O_IPID: case O_IPTTL: case O_IPLEN: + case O_DSCP: + if (cmdlen != F_INSN_SIZE(ipfw_insn_u32) + 1) + goto bad_size; + break; case O_TCPDATALEN: case O_TCPWIN: case O_TAGGED: @@ -738,6 +742,7 @@ check_ipfw_struct(struct ip_fw *rule, int size) case O_ACCEPT: case O_DENY: case O_REJECT: + case O_SETDSCP: #ifdef INET6 case O_UNREACH6: #endif Index: sys/netinet/ip_fw.h =================================================================== --- sys/netinet/ip_fw.h (revision 248114) +++ sys/netinet/ip_fw.h (working copy) @@ -218,6 +218,9 @@ enum ipfw_opcodes { /* arguments (4 byte each) */ O_FORWARD_IP6, /* fwd sockaddr_in6 */ + O_DSCP, /* 2 u32 = DSCP mask */ + O_SETDSCP, /* arg1=DSCP value */ + O_LAST_OPCODE /* not an opcode! */ }; Index: sbin/ipfw/ipfw2.c =================================================================== --- sbin/ipfw/ipfw2.c (revision 248114) +++ sbin/ipfw/ipfw2.c (working copy) @@ -167,6 +167,32 @@ static struct _s_x f_iptos[] = { { NULL, 0 } }; +static struct _s_x f_ipdscp[] = { + { "af11", IPTOS_DSCP_AF11 >> 2 }, /* 001010 */ + { "af12", IPTOS_DSCP_AF12 >> 2 }, /* 001100 */ + { "af13", IPTOS_DSCP_AF13 >> 2 }, /* 001110 */ + { "af21", IPTOS_DSCP_AF21 >> 2 }, /* 010010 */ + { "af22", IPTOS_DSCP_AF22 >> 2 }, /* 010100 */ + { "af23", IPTOS_DSCP_AF23 >> 2 }, /* 010110 */ + { "af31", IPTOS_DSCP_AF31 >> 2 }, /* 011010 */ + { "af32", IPTOS_DSCP_AF32 >> 2 }, /* 011100 */ + { "af33", IPTOS_DSCP_AF33 >> 2 }, /* 011110 */ + { "af41", IPTOS_DSCP_AF41 >> 2 }, /* 100010 */ + { "af42", IPTOS_DSCP_AF42 >> 2 }, /* 100100 */ + { "af43", IPTOS_DSCP_AF43 >> 2 }, /* 100110 */ + { "be", IPTOS_DSCP_CS0 >> 2 }, /* 000000 */ + { "ef", IPTOS_DSCP_EF >> 2 }, /* 101110 */ + { "cs0", IPTOS_DSCP_CS0 >> 2 }, /* 000000 */ + { "cs1", IPTOS_DSCP_CS1 >> 2 }, /* 001000 */ + { "cs2", IPTOS_DSCP_CS2 >> 2 }, /* 010000 */ + { "cs3", IPTOS_DSCP_CS3 >> 2 }, /* 011000 */ + { "cs4", IPTOS_DSCP_CS4 >> 2 }, /* 100000 */ + { "cs5", IPTOS_DSCP_CS5 >> 2 }, /* 101000 */ + { "cs6", IPTOS_DSCP_CS6 >> 2 }, /* 110000 */ + { "cs7", IPTOS_DSCP_CS7 >> 2 }, /* 100000 */ + { NULL, 0 } +}; + static struct _s_x limit_masks[] = { {"all", DYN_SRC_ADDR|DYN_SRC_PORT|DYN_DST_ADDR|DYN_DST_PORT}, {"src-addr", DYN_SRC_ADDR}, @@ -237,6 +263,7 @@ static struct _s_x rule_actions[] = { { "nat", TOK_NAT }, { "reass", TOK_REASS }, { "setfib", TOK_SETFIB }, + { "setdscp", TOK_SETDSCP }, { "call", TOK_CALL }, { "return", TOK_RETURN }, { NULL, 0 } /* terminator */ @@ -714,6 +741,51 @@ fill_newports(ipfw_insn_u16 *cmd, char *av, int pr return (i); } +/* + * Fill the body of the command with the list of DiffServ codepoints. + */ +static void +fill_dscp(ipfw_insn *cmd, char *av, int cblen) +{ + uint32_t *low, *high; + char *s = av, *a; + int code; + + cmd->opcode = O_DSCP; + cmd->len |= F_INSN_SIZE(ipfw_insn_u32) + 1; + + CHECK_CMDLEN; + + low = (uint32_t *)(cmd + 1); + high = low + 1; + + *low = 0; + *high = 0; + + while (s != NULL) { + a = strchr(s, ','); + + if (a != NULL) + *a++ = '\0'; + + if (isalpha(*s)) { + if ((code = match_token(f_ipdscp, s)) == -1) + errx(EX_DATAERR, "Unknown DSCP code"); + } else { + code = strtoul(s, NULL, 10); + if (code < 0 || code > 63) + errx(EX_DATAERR, "Invalid DSCP value"); + } + + if (code > 32) + *high |= 1 << (code - 32); + else + *low |= 1 << code; + + s = a; + } +} + static struct _s_x icmpcodes[] = { { "net", ICMP_UNREACH_NET }, { "host", ICMP_UNREACH_HOST }, @@ -972,6 +1044,32 @@ print_icmptypes(ipfw_insn_u32 *cmd) } } +static void +print_dscp(ipfw_insn_u32 *cmd) +{ + int i, c; + uint32_t *v; + char sep= ' '; + const char *code; + + printf(" dscp"); + i = 0; + c = 0; + v = cmd->d; + while (i < 64) { + if (*v & (1 << i)) { + if ((code = match_value(f_ipdscp, i)) != NULL) + printf("%c%s", sep, code); + else + printf("%c%d", sep, i); + sep = ','; + } + + if ((++i % 32) == 0) + v++; + } +} + /* * show_ipfw() prints the body of an ipfw rule. * Because the standard rule has at least proto src_ip dst_ip, we use @@ -1205,6 +1303,17 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcw PRINT_UINT_ARG("setfib ", cmd->arg1); break; + case O_SETDSCP: + { + const char *code; + + if ((code = match_value(f_ipdscp, cmd->arg1)) != NULL) + printf("setdscp %s", code); + else + PRINT_UINT_ARG("setdscp ", cmd->arg1); + } + break; + case O_REASS: printf("reass"); break; @@ -1500,6 +1609,10 @@ show_ipfw(struct ip_fw *rule, int pcwidth, int bcw printf(" ipprecedence %u", (cmd->arg1) >> 5 ); break; + case O_DSCP: + print_dscp((ipfw_insn_u32 *)cmd); + break; + case O_IPLEN: if (F_LEN(cmd) == 1) printf(" iplen %u", cmd->arg1 ); @@ -3036,6 +3149,24 @@ chkarg: break; } + case TOK_SETDSCP: + { + int code; + + action->opcode = O_SETDSCP; + NEED1("missing DSCP code"); + if (_substrcmp(*av, "tablearg") == 0) { + action->arg1 = IP_FW_TABLEARG; + } else if (isalpha(*av[0])) { + if ((code = match_token(f_ipdscp, *av)) == -1) + errx(EX_DATAERR, "Unknown DSCP code"); + action->arg1 = code; + } else + action->arg1 = strtoul(*av, NULL, 10); + av++; + break; + } + case TOK_REASS: action->opcode = O_REASS; break; @@ -3448,6 +3579,12 @@ read_options: av++; break; + case TOK_DSCP: + NEED1("missing DSCP code"); + fill_dscp(cmd, *av, cblen); + av++; + break; + case TOK_IPOPTS: NEED1("missing argument for ipoptions"); fill_flags(cmd, O_IPOPT, f_ipopts, *av); Index: sbin/ipfw/ipfw2.h =================================================================== --- sbin/ipfw/ipfw2.h (revision 248114) +++ sbin/ipfw/ipfw2.h (working copy) @@ -203,6 +203,7 @@ enum tokens { TOK_SETFIB, TOK_LOOKUP, TOK_SOCKARG, + TOK_SETDSCP, }; /* * the following macro returns an error message if we run out of --------------040807080603000200070701-- From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 14 13:48:52 2013 Return-Path: Delivered-To: freebsd-ipfw@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4EAEC560; Thu, 14 Mar 2013 13:48:52 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 29A9CE13; Thu, 14 Mar 2013 13:48:52 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.6/8.14.6) with ESMTP id r2EDmqEI067070; Thu, 14 Mar 2013 13:48:52 GMT (envelope-from melifaro@freefall.freebsd.org) Received: (from melifaro@localhost) by freefall.freebsd.org (8.14.6/8.14.6/Submit) id r2EDmpTB067069; Thu, 14 Mar 2013 13:48:51 GMT (envelope-from melifaro) Date: Thu, 14 Mar 2013 13:48:51 GMT Message-Id: <201303141348.r2EDmpTB067069@freefall.freebsd.org> To: melifaro@FreeBSD.org, freebsd-ipfw@FreeBSD.org, melifaro@FreeBSD.org From: melifaro@FreeBSD.org Subject: Re: kern/121122: [ipfw] [patch] add support to ToS IP PRECEDENCE fields X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 13:48:52 -0000 Synopsis: [ipfw] [patch] add support to ToS IP PRECEDENCE fields Responsible-Changed-From-To: freebsd-ipfw->melifaro Responsible-Changed-By: melifaro Responsible-Changed-When: Thu Mar 14 13:48:37 UTC 2013 Responsible-Changed-Why: Take. http://www.freebsd.org/cgi/query-pr.cgi?pr=121122 From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 14 13:56:38 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 24F1C7A5; Thu, 14 Mar 2013 13:56:38 +0000 (UTC) (envelope-from lars@netapp.com) Received: from mx12.netapp.com (mx12.netapp.com [216.240.18.77]) by mx1.freebsd.org (Postfix) with ESMTP id ECC98E75; Thu, 14 Mar 2013 13:56:37 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.84,845,1355126400"; d="scan'208";a="30770478" Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx12-out.netapp.com with ESMTP; 14 Mar 2013 06:56:36 -0700 Received: from vmwexceht02-prd.hq.netapp.com (vmwexceht02-prd.hq.netapp.com [10.106.76.240]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id r2EDuaKr013327; Thu, 14 Mar 2013 06:56:36 -0700 (PDT) Received: from SACEXCMBX01-PRD.hq.netapp.com ([169.254.2.218]) by vmwexceht02-prd.hq.netapp.com ([10.106.76.240]) with mapi id 14.02.0342.003; Thu, 14 Mar 2013 06:56:36 -0700 From: "Eggert, Lars" To: "melifaro@freebsd.org" Subject: Re: kern/121122: [ipfw] [patch] add support to ToS IP PRECEDENCE fields Thread-Topic: kern/121122: [ipfw] [patch] add support to ToS IP PRECEDENCE fields Thread-Index: AQHOILqt1ahx7x7IOEmVwkMad3VkZ5ilq2CA Date: Thu, 14 Mar 2013 13:56:35 +0000 Message-ID: References: <201303141348.r2EDmpTB067069@freefall.freebsd.org> In-Reply-To: <201303141348.r2EDmpTB067069@freefall.freebsd.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.104.60.118] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 13:56:38 -0000 Hi, interpreting these bits as a TOS field has been deprecated since RFC2474 wa= s published in 1998. Since then, we've been having a DSCP codepoint and ECN= bits in the IP header. It would be actively harmful to add TOS byte support 15 years after it was = deprecated. Read http://en.wikipedia.org/wiki/Type_of_service Lars On Mar 14, 2013, at 9:48, melifaro@freebsd.org wrote: > Synopsis: [ipfw] [patch] add support to ToS IP PRECEDENCE fields >=20 > Responsible-Changed-From-To: freebsd-ipfw->melifaro > Responsible-Changed-By: melifaro > Responsible-Changed-When: Thu Mar 14 13:48:37 UTC 2013 > Responsible-Changed-Why:=20 > Take. >=20 > http://www.freebsd.org/cgi/query-pr.cgi?pr=3D121122 > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 14 14:18:52 2013 Return-Path: Delivered-To: ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 96289E2A for ; Thu, 14 Mar 2013 14:18:52 +0000 (UTC) (envelope-from araujobsdport@gmail.com) Received: from mail-wi0-x234.google.com (mail-wi0-x234.google.com [IPv6:2a00:1450:400c:c05::234]) by mx1.freebsd.org (Postfix) with ESMTP id 357E1FB6 for ; Thu, 14 Mar 2013 14:18:52 +0000 (UTC) Received: by mail-wi0-f180.google.com with SMTP id hi8so1843206wib.7 for ; Thu, 14 Mar 2013 07:18:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:reply-to:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=6cOEH7cHQbXy4Py097PNHug31O9kPQRvGt6OzD9AzBY=; b=HQ6biIxUHYOEjuADRBc81UhYLTdzzy8YgOqPqij1mTCvZ4mRb7SZF2lAtn/sEOPOO8 QiXCo5h2rMeX9iFN/sOHfHOFT41jvuk1cVv2r8sC9c/xpiLNyGXTGl6O9th9pSJFmUJh Dd663EpfNG7j6/HPy0b5az4wstvzDDrYwzpHCeNj1zXO08eOGcNMNthS6X4bJ+uCigwh gD1uexe1Fr7XxZkuD1ij7XbSux4f9SlVx6YYN/IrO95Ro7ls70NTSvmLtSiLqowEOJYG ew44xVPCcZCMghgx/sA0vCCXa/+MUFIfUZ8QCHQcUQCmP0Y1/t5OSLbdj5stKnAhcDVI F8aA== MIME-Version: 1.0 X-Received: by 10.180.87.98 with SMTP id w2mr4262579wiz.30.1363270260186; Thu, 14 Mar 2013 07:11:00 -0700 (PDT) Received: by 10.180.212.51 with HTTP; Thu, 14 Mar 2013 07:11:00 -0700 (PDT) In-Reply-To: <5141D50A.4070702@yandex-team.ru> References: <5141D50A.4070702@yandex-team.ru> Date: Thu, 14 Mar 2013 22:11:00 +0800 Message-ID: Subject: Re: [patch] setting/matching DSCP with ipfw From: Marcelo Araujo To: "Alexander V. Chernikov" Content-Type: text/plain; charset=KOI8-R X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: ipfw@freebsd.org, Luigi Rizzo X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: araujo@FreeBSD.org List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 14:18:52 -0000 2013/3/14 Alexander V. Chernikov > Hello list! > > This is the obvious thing which should be done at least 5 years ago. > There are several PRs like kern/102471 and kern/121122 with similar > functionality. > > Given patch adds setting DSCP support (O_SETDSCP) which works for both > IPv4 and IPv6 packets. Fast checksum recalculation (RFC 1624) is done in > former case. Dscp can be specified by name (AFXY, CSX, BE, EF), by value > (0..63) or via tablearg. > > Matching DSCP is done via another opcode (O_DSCP) which accepts several > classes at once (af11,af22,be). Classes are stored in bitmask (2 u32 > words). > > (Btw, current O_TOS can be modified to transparently match single DSCP > point, probably later on..) > > Example: > 00050 675 37800 setdscp ef ip from any to 2a02:978:11::/64 dscp be > ipfw add 100 count ip from any to any dscp af11,cs3 > 00100 count ip from any to any dscp af11,cs3 > > I'm planning to commit updated patch (docs, some style(9)) on Mon 18 if > there are no objections. > > Hello, Great that you will take care of those PR, a lot of people want it a long time ago. By the way, a long time ago, I tried to create a new entry called as "modip" and there would concentrated everything related with QoS. Something such like the examples below: *ipfw add 10 modip tos:lowdelay ip from any to any ipfw add 11 modip dscp:af14 ip from any to any * *ipfw add 12 modip ippre:flash ip from any to any* Also, there are some discussion around "modip" you can google it. Here is some patches, also the modip implementation: http://people.freebsd.org/~araujo/ipfw_patchs/ Best Regards, -- Marcelo Araujo araujo@FreeBSD.org From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 14 14:29:37 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 03F7E90; Thu, 14 Mar 2013 14:29:37 +0000 (UTC) (envelope-from melifaro@ipfw.ru) Received: from mail.ipfw.ru (unknown [IPv6:2a01:4f8:120:6141::2]) by mx1.freebsd.org (Postfix) with ESMTP id BE346D1; Thu, 14 Mar 2013 14:29:35 +0000 (UTC) Received: from dhcp-202-73-wifi.yandex.net ([213.180.202.73] helo=yafree.ipfw.ru) by mail.ipfw.ru with esmtpsa (TLSv1:CAMELLIA256-SHA:256) (Exim 4.76 (FreeBSD)) (envelope-from ) id 1UG9DJ-00088A-By; Thu, 14 Mar 2013 18:33:01 +0400 Message-ID: <5141DEB3.2050703@ipfw.ru> Date: Thu, 14 Mar 2013 18:29:07 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:14.0) Gecko/20120824 Thunderbird/14.0 MIME-Version: 1.0 To: "Eggert, Lars" Subject: Re: kern/121122: [ipfw] [patch] add support to ToS IP PRECEDENCE fields References: <201303141348.r2EDmpTB067069@freefall.freebsd.org> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: "" , "melifaro@freebsd.org" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 14:29:37 -0000 On 14.03.2013 17:56, Eggert, Lars wrote: > Hi, Hello. > > interpreting these bits as a TOS field has been deprecated since RFC2474 was published in 1998. Since then, we've been having a DSCP codepoint and ECN bits in the IP header. Yes. I'm going to commit DSCP-based approach, so I'm grabbing all related PRs. Please see http://lists.freebsd.org/pipermail/freebsd-ipfw/2013-March/005318.html for more info. > > It would be actively harmful to add TOS byte support 15 years after it was deprecated. Read http://en.wikipedia.org/wiki/Type_of_service > > Lars > > On Mar 14, 2013, at 9:48, melifaro@freebsd.org wrote: > >> Synopsis: [ipfw] [patch] add support to ToS IP PRECEDENCE fields >> >> Responsible-Changed-From-To: freebsd-ipfw->melifaro >> Responsible-Changed-By: melifaro >> Responsible-Changed-When: Thu Mar 14 13:48:37 UTC 2013 >> Responsible-Changed-Why: >> Take. >> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=121122 >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@FreeBSD.ORG Thu Mar 14 15:02:00 2013 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 103F8C82; Thu, 14 Mar 2013 15:02:00 +0000 (UTC) (envelope-from lars@netapp.com) Received: from mx12.netapp.com (mx12.netapp.com [216.240.18.77]) by mx1.freebsd.org (Postfix) with ESMTP id E8FF32DF; Thu, 14 Mar 2013 15:01:59 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.84,845,1355126400"; d="scan'208";a="30786669" Received: from smtp1.corp.netapp.com ([10.57.156.124]) by mx12-out.netapp.com with ESMTP; 14 Mar 2013 08:01:59 -0700 Received: from vmwexceht04-prd.hq.netapp.com (vmwexceht04-prd.hq.netapp.com [10.106.77.34]) by smtp1.corp.netapp.com (8.13.1/8.13.1/NTAP-1.6) with ESMTP id r2EF1wh0029878; Thu, 14 Mar 2013 08:01:59 -0700 (PDT) Received: from SACEXCMBX01-PRD.hq.netapp.com ([169.254.2.218]) by vmwexceht04-prd.hq.netapp.com ([10.106.77.34]) with mapi id 14.02.0342.003; Thu, 14 Mar 2013 08:01:58 -0700 From: "Eggert, Lars" To: "Alexander V. Chernikov" Subject: Re: kern/121122: [ipfw] [patch] add support to ToS IP PRECEDENCE fields Thread-Topic: kern/121122: [ipfw] [patch] add support to ToS IP PRECEDENCE fields Thread-Index: AQHOILqt1ahx7x7IOEmVwkMad3VkZ5ilq2CAgAAJFYCAAAkxgA== Date: Thu, 14 Mar 2013 15:01:58 +0000 Message-ID: References: <201303141348.r2EDmpTB067069@freefall.freebsd.org> <5141DEB3.2050703@ipfw.ru> In-Reply-To: <5141DEB3.2050703@ipfw.ru> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.104.60.118] Content-Type: text/plain; charset="iso-8859-1" Content-ID: <461D371281302047B89C4BDFC1C7AF9A@tahoe.netapp.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "" , "melifaro@freebsd.org" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Mar 2013 15:02:00 -0000 I suspected that that was what's happening, but it wasn't obvious. Thanks f= or clarifying! Lars On Mar 14, 2013, at 10:29, Alexander V. Chernikov wrote: > On 14.03.2013 17:56, Eggert, Lars wrote: >> Hi, > Hello. >>=20 >> interpreting these bits as a TOS field has been deprecated since RFC2474= was published in 1998. Since then, we've been having a DSCP codepoint and = ECN bits in the IP header. > Yes. I'm going to commit DSCP-based approach, so I'm grabbing all related= PRs. > Please see http://lists.freebsd.org/pipermail/freebsd-ipfw/2013-March/005= 318.html for more info. >>=20 >> It would be actively harmful to add TOS byte support 15 years after it w= as deprecated. Read http://en.wikipedia.org/wiki/Type_of_service >>=20 >> Lars >>=20 >> On Mar 14, 2013, at 9:48, melifaro@freebsd.org wrote: >>=20 >>> Synopsis: [ipfw] [patch] add support to ToS IP PRECEDENCE fields >>>=20 >>> Responsible-Changed-From-To: freebsd-ipfw->melifaro >>> Responsible-Changed-By: melifaro >>> Responsible-Changed-When: Thu Mar 14 13:48:37 UTC 2013 >>> Responsible-Changed-Why: >>> Take. >>>=20 >>> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D121122 >>> _______________________________________________ >>> freebsd-ipfw@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >>=20 >=20