iptables doesn't do TOS/DSCP masking : The Fugue

iptables doesn't do TOS/DSCP masking

Posted by Hans Fugal Sat, 29 Mar 2008 14:14:00 GMT

iptables, I'm really disappointed in you. If I'm reading your manpage correctly, and the NAG says that I am, you don't support matching or setting the TOS field (whether as a TOS byte or as the DSCP 6-bit subfield) with a mask. You can only match exact values.

That's just about pretty much useless. And considering that ipchains did let you do masks (although it was a cumbersome and-mask and xor-mask pair), inexcusable. One could use -m u32, but this doesn't seem to be available in OpenWRT. Luckily the goal is to mark packets for QoS, and I can just drop into tc directly to accomplish what I need. So to match any packet with the low delay bit set,

tc filter add dev $DEV parent $PARENT protocol ip u32 \
    match ip tos 0x10 0xff flowid $FLOW

no comments | Tags dscp, ipchains, iptables, mask, qos, tc, tos | atom

Trackbacks

Use the following link to trackback from your own site:
http://hans.fugal.net/blog/trackbacks?article_id=iptables-doesnt-do-tos-dscp-masking&day=29&month=03&year=2008

Comments

Leave a response

No comments

The Fugue