On Thu, Mar 14, 2002 at 10:04:02AM -0600, Matthew G. Marsh wrote: > > I think we should remove the ftos.patch with the next iptables release, > > because people will have the following options: > > I agree. The original FTOS was a cheep hack in order to do testing of > various TOS field settings for some other projects. This patch is simply > to help out some people who have asked for an update.
Ok. I will remove the ftos.patch from patch-o-matic soon. the libipt_FTOS.c will stay for an indefinite amount of time. This is needed for backwards compatibility, somebody could run a very old kernel which had support for FTOS compiled in, and then build a new iptables package. > > The FTOS target is potentially harmful to ECN and makes it easy to > > violate both old and new usage of the TOS field. > > I agree strongly! - Just a question - feel free to redirect me to the > appropriate author - Will the new DHCP target allow all 6 bits to be set? I am the appropriate author ;) > One of the original reasons that FTOS was created was because TOS did not > allow any combination. Thanks again. DSCP does (it is in CVS for some weeks and now also included in the 1.2.6 releaes) support any arbitrary numeric value within the 6 bit DSCP field. This is mainly because I feel DSCP codepoints can be added to the IANA DSCP codepoint list at any time - and they don't have nice human-readable names anyway. The DSCP target will be submitted to the linux kernel in combination with the DSCP match during the next couple of days - as soon as I'm finished with my testing :) > Matthew G. Marsh, President -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
