4. Diffserv Code Point

Diffserv Code Point

  • N

    how to see ip traffic that has been marked with a Diffserv Code Point.
    for example:

    pfctl -sr

    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to any port = http dscp 0xb8 label "USER_RULE" dnpipe(3, 2)
    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to 127.0.0.1 port = http dscp 0xb8 label "USER_RULE" dnpipe(3, 4)
    match out log quick on re0 inet proto udp from 192.168.30.0/26 to 127.0.0.1 port = http dscp 0xb8 label "USER_RULE" dnpipe(3, 4)
    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to any port = https dscp 0x28 label "USER_RULE" dnpipe(1, 2)
    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to 127.0.0.1 label "USER_RULE" dnpipe(3, 4)
    match out log quick on re0 inet proto udp from 192.168.30.0/26 to 127.0.0.1 label "USER_RULE" dnpipe(3, 4)
    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to 127.0.0.1 port = 3128 dscp 0xb8 label "USER_RULE" dnpipe(3, 4)

    I have tried to capture packets but can not be seen with certainty that the flow of traffic
    thank you

    0
  • Rebel Alliance Developer Netgate

    The rules do not set a DSCP value, they only match a value that already exists in the packet.

    It would show up in a packet capture if the packets have already been tagged by whatever originated the traffic.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy