Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using 2.4.18 kernel + iptables v1.2.7a .
After trying iptables -m dscp it replies "No match by that name"
Is the problem in my iptables version , ore the kernel must be preconfigured ?
Thanks for help
I've never heard of the 'dscp' match extension. Take a look at 'man iptables' under the 'MATCH EXTENSIONS' section for a list a valid match extensions.
dscp
This module matches the 6 bit DSCP field within the TOS field in the IP
header. DSCP has superseded TOS within the IETF.
--dscp value
Match against a numeric (decimal or hex) value [0-32].
--dscp-class DiffServ Class
Match the DiffServ class. This value may be any of the BE, EF,
AFxx or CSx classes. It will then be converted into it's
according numeric value.
May be I have to be more concrete .
I'm trying to filter packets in case of values of the prec bits in the ToS field of the header . My Linux is a forwarder&firewall and I am using only iptables rules for making decisions .
Then that's very new, I'm using version 1.2.5 (the difference between .5 and .7 is at patch level) and that specification can't be found in the man pages. Perhaps because you're using version "a" it has that extra function, I don't know. But it looks like it's brand new so I don't think you'll find too many people who will know what you're talking about.
I'm in the same boat, iptables v1.2.5 doesn't have support for this Match Extension. Sorry to be so quick to tell you to RTFM, but I'd never heard of this one before.
Distribution: Red Hat and Mandrake mostly, but I like them all
Posts: 2
Rep:
DSCP marking working on (iptables v1.2.7a on a Redhat 9.0 system)
To get DSCP working with netfilter/ iptables v1.2.7a on a Redhat 9.0 system.
1) as root
'insmod ipt_dscp'
I still got the following error ------
iptables -A ETH1_OUTPUT_PROTOCOLS -s 0/0 -m dscp-class af1
iptables v1.2.7a: Couldn't load match `dscp-class':/lib/iptables/libipt_dscp-class.so: cannot open shared object file: No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
------------------------------------------------------
Needless to say the "help" was of no help.
Next, I tried to look a the library to see what it expected
strings /lib/iptables/libipt_dscp.so | more
Based upon it's output, I tried the following and it seemed to take. I will get to testing it later today to make sure it actually marks the packets. Here is how it was done.
2) Set up a quick test
'iptables -A OUTPUT -s 0/0 -m dscp --dscp-class AF11'
Note the 2 instances of dscp in the command line '-m dscp --dscp-class'
I hope this helps, In the past I have received alot of on-line help from news groups and message boards. I am glad to give back a little.
Kevin
------------------------------------------------------------------
I have an error above. That rule is setup to match a particular DSCP, not mark it. I am still attempting to figure out how to mark code points usinf iptables.
I tried the following rule after another insmod -- ' insmod ipt_DSCP'. I still get an error.
iptables -t mangle -A ETH2_OUTPUT -p icmp -o eth2 -j DSCP --set-dscp-class af11
iptables: No chain/target/match by that name
Hi Kevin , Hi All ,
Actually I killed my problem before , upgrading to 2.4.20 and iptables 1.2.8 and compiling it as modules to kernel .
Now everything is working fine , I did'n know what was my mistake .
Distribution: Red Hat and Mandrake mostly, but I like them all
Posts: 2
Rep:
Found my problem. I was attempting to mangle a user defined chain. I guess you can't do that. The following worked. Note: I switched from using th eETH2_OUTPUT chain to the OUTPUT chain. I measured the paskets and they get the assigned diffserv code point.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.