[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    TOS Question/Feature Request
From:       John Merriam <johnm () ntplx ! net>
Date:       2005-04-22 19:42:25
Message-ID: 426953A1.6060102 () ntplx ! net
[Download RAW message or body]

Is there a way that I can get around doing the following:

# IP Precedence 5 In (No ECN)
pass out quick on $int_if from any to $int_if:network tos 0xa0 keep 
state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xa4 keep 
state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xa8 keep 
state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xac keep 
state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xb0 keep 
state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xb4 keep 
state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xb8 keep 
state queue ipp5_in
pass out quick on $int_if from any to $int_if:network tos 0xbc keep 
state queue ipp5_in

That matches against all the possible TOS bytes in IP precedence 5 (DSCP 
40-47) ignoring the ECN bits.  If I wanted to include all the possible 
TOS bytes with ECN bits set it would be 32 entries instead of 8.

What I really want to do is this (using PF port number syntax):

(hexadecimal)
pass out quick on $int_if from any to $int_if:network tos 0xa0:0xbf keep 
state queue ipp5_in

or

(decimal)
pass out quick on $int_if from any to $int_if:network tos 160:191 keep 
state queue ipp5_in

When I parse either of those with pfctl though, it parses as just:

pass out quick on $int_if from any to $int_if:network tos 0xa0 keep 
state queue ipp5_in

No errors, but it seems to just ignore the :0xbf.  Since the 
number:number syntax only seems to be supported for port numbers 
according to the PF documentation, I guess that makes sense.

So unless I'm missing something, I supppose this becomes a feature 
request for support of TOS byte ranges when using the tos keyword?


If it was possible to just match against the first three IP precedence 
bits in the TOS byte, that would work too, but that isn't possible with 
PF as far as I know.

Before you mention that I should just use 'tos lowdelay' in my rules, 
that isn't adequate for what I'm doing.  IPTOS_LOWDELAY isn't compatible 
with the new TOS byte standards.


On another note, more priority levels in queues would be nice (I'm using 
priq for what I'm doing now).  70-100 or so levels would allow full DSCP 
priority support.  Supporting that many levels would probably waste a 
bit of memory for what most people would do, but it would still be nice 
for some things.  I don't really need that, using 8 levels for the 
different IP precedences is fine for now.

Thanks.

-- 

John Merriam
johnm@ntplx.net
[prev in list] [next in list] [prev in thread] [next in thread]