On 2007/08/23 11:59, Theo de Raadt wrote: > > >> And here we come full circle. Given the OpenBSD now IS a router -- > > >> whether it's a little two-interface pf box for home use or some big > > >> studly hardware running OpenBGPD and OpenOSPFD box for ISPs, I would say > > >> the addition of support for DSCP re-marking would be a very desirable > > >> feature. > > > > > > i'd call it a nice-to-have, yes. > > > > > > -- > > > Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] > > > > Just curious: Where would DSCP re-marking be implemented? > > > > My question was about pf, but I can see cases where an OpenBGPD and/or > > OpenOSPFD box could use re-marking with or without pf. > > It should probably be only done in pf. > > pf is the only policy engine we have that manipulates packets. Other > services like routing daemons make decisions at the route level, or > the network layer moves packets according to the RFC rules, but > nothing else changes packets outside those rules. > > If you want to do it, run pf. Doing it elsewhere will hurt the non-pf > case. That's silly.
Extending "scrub" for this makes the most sense to me, headers are already adjusted there (e.g. with max-mss).
