Diffserv Code Point



  • how to see ip traffic that has been marked with a Diffserv Code Point.
    for example:

    pfctl -sr

    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to any port = http dscp 0xb8 label "USER_RULE" dnpipe(3, 2)
    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to 127.0.0.1 port = http dscp 0xb8 label "USER_RULE" dnpipe(3, 4)
    match out log quick on re0 inet proto udp from 192.168.30.0/26 to 127.0.0.1 port = http dscp 0xb8 label "USER_RULE" dnpipe(3, 4)
    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to any port = https dscp 0x28 label "USER_RULE" dnpipe(1, 2)
    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to 127.0.0.1 label "USER_RULE" dnpipe(3, 4)
    match out log quick on re0 inet proto udp from 192.168.30.0/26 to 127.0.0.1 label "USER_RULE" dnpipe(3, 4)
    match out log quick on re0 inet proto tcp from 192.168.30.0/26 to 127.0.0.1 port = 3128 dscp 0xb8 label "USER_RULE" dnpipe(3, 4)

    I have tried to capture packets but can not be seen with certainty that the flow of traffic
    thank you


  • Rebel Alliance Developer Netgate

    The rules do not set a DSCP value, they only match a value that already exists in the packet.

    It would show up in a packet capture if the packets have already been tagged by whatever originated the traffic.


Log in to reply