|
I applied the DSCP patch to 2.4.17 and 2.4.18
kernel to match packets with bits tos set to 0x80 but again I can set
them, but I cannot match them.
Ex.:
iptables -I FORWARD -m dscp --dscp
0x20
The error is: iptables: No chain/target/match by
that name
I tried the other chains and tables and
I allways get this error.
but:
iptables -I FORWARD -m tos --tos 0x2
works.
What did I do wrong?
The DSCP is compiled in kernel as a module and is
loaded corectly.
----- Original Message -----
Sent: Sunday, April 21, 2002 4:40
PM
Subject: how to match bits with values
different from valid ones ?
Our
internet provider gives us two types of services:
international internet
and local exchange internet. This tow types of
services differs by setting
a certain value of tos of packet who's
coming from international internet
different from valid values who -m tos
accept.
I want to count(match and
not set) with iptables packets with tos let's
say, is 0x88. I applied the
ftos patch but this patch can only set(not
match) packets with any tos
value between 0x00 and 0xff. The tos target
instead can also match with -m
tos but it is limited to only valid values.
Is there a way I can do this
thing? a -m ftos module like -m tos etc...
I use the kernel 2.4.17 with iptables 1.2.5
and I preffer not to changed
it, because it has support for htb.
Can I
apply to this kernel(2.4.17) patch from iptables 1.2.6a who as I
understand
has another way of dealing with tos bits from
packets(DSCP)?
Daniel Sercaianu
| 