{"id":6374,"date":"2024-04-15T17:12:19","date_gmt":"2024-04-15T14:12:19","guid":{"rendered":"https:\/\/skeletor.org.ua\/?p=6374"},"modified":"2024-04-15T17:12:19","modified_gmt":"2024-04-15T14:12:19","slug":"tos-dscp","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=6374","title":{"rendered":"ToS \/ DSCP"},"content":{"rendered":"\n

\u041d\u0430\u0433\u0430\u0434\u0430\u044e, \u0449\u043e \u0442\u0430\u043a\u0435 ToS (Type of Service)<\/strong> – \u0446\u0435 \u043c\u043e\u0436\u043b\u0438\u0432\u0456\u0441\u0442\u044c \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0437\u0443\u0432\u0430\u0442\u0438 \u043f\u0435\u0432\u043d\u0438\u0439 \u0442\u0440\u0430\u0444\u0456\u043a \u0437\u0430 \u0440\u0430\u0445\u0443\u043d\u043e\u043a \u0432\u0438\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044f \u0441\u043f\u0435\u0446\u0456\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u0430\u0439\u0442\u0430 \u0443 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0443 IP <\/strong>\u043f\u0430\u043a\u0435\u0442\u0443. DSCP <\/strong>– \u0434\u0435\u044f\u043a\u0435 \u0440\u043e\u0437\u0448\u0438\u0440\u0435\u043d\u043d\u044f (\u0430\u0431\u043e \u0432 \u0434\u0435\u044f\u043a\u043e\u043c\u0443 \u0441\u0435\u043d\u0441\u0456 \u043d\u043e\u0432\u0456\u0448\u0430 \u0432\u0435\u0440\u0441\u0456\u044f ToS<\/strong>), \u0431\u043e \u043c\u0430\u0454 \u0431\u0456\u043b\u044c\u0448\u0435 \u0440\u0456\u0437\u043d\u0438\u0445 \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0442\u0456\u0432 (64 \u043f\u0440\u043e\u0442\u0438 7 \u0443 ToS). <\/p>\n\n\n

<\/p>\n\n\n

\u041d\u044e\u0430\u043d\u0441 \u043f\u0435\u0440\u0448\u0438\u0439 \u0443 \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0437\u0430\u0446\u0456\u0457 – \u0432\u0438\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044f \u0446\u044c\u043e\u0433\u043e \u0431\u0430\u0439\u0442\u0443 \u043d\u0435 \u043e\u0437\u043d\u0430\u0447\u0430\u0454, \u0449\u043e \u0442\u0440\u0430\u0444\u0456\u043a \u0432\u0441\u044e\u0434\u0438 \u0431\u0443\u0434\u0435 \u0441\u043b\u0456\u0434\u0443\u0432\u0430\u0442\u0438 \u0446\u044c\u043e\u043c\u0443 \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0442\u0443. \u0422\u0440\u0435\u0431\u0430 \u0449\u043e\u0431 \u043d\u0430 \u0448\u043b\u044f\u0445\u0443 \u0432\u0441\u0435 \u043c\u0435\u0440\u0435\u0436\u0435\u0432\u0435 \u043e\u0431\u043b\u0430\u0434\u043d\u0430\u043d\u043d\u044f \u043f\u0456\u0434\u0442\u0440\u0438\u043c\u0443\u0432\u0430\u043b\u043e \u0446\u0456 \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0442\u0438. \u0417\u0430\u0437\u0432\u0438\u0447\u0430\u0439, \u0437\u0430\u0440\u0430\u0437 \u0431\u0430\u0433\u0430\u0442\u043e \u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0456\u0432 \u043f\u0440\u043e\u0441\u0442\u043e \u0456\u0433\u043d\u043e\u0440\u0443\u044e\u0442\u044c \u0446\u0435 \u043d\u0430 \u0441\u0432\u043e\u0454\u043c\u0443 \u043e\u0431\u043b\u0430\u0434\u043d\u0430\u043d\u043d\u0456. \u0422\u043e\u043c\u0443, \u0432\u0440\u0430\u0445\u043e\u0432\u0443\u044e\u0447\u0438 \u0446\u0435, ToS\/DSCP<\/strong> \u0431\u0443\u0434\u0435 \u0435\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u0438\u043c \u043b\u0438\u0448\u0435 \u0432 \u043c\u0435\u0436\u0430\u0445 \u0432\u0430\u0448\u043e\u0457 \u043c\u0435\u0440\u0435\u0436\u0456.<\/p>\n\n\n\n

\u041d\u044e\u0430\u043d\u0441 \u0434\u0440\u0443\u0433\u0438\u0439 – \u0432\u0438 \u043c\u043e\u0436\u0435\u0442\u0435 \u044f\u043a \u0432\u0438\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u0438 \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0442\u0438, \u0442\u0430\u043a \u0456 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0456 \u0432\u0436\u0435 \u0432\u0438\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u0438\u0445 \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0442\u0456\u0432 \u043a\u0435\u0440\u0443\u0432\u0430\u0442\u0438 \u0442\u0440\u0430\u0444\u0456\u043a\u043e\u043c (\u043d\u0430\u043f\u0440\u0438\u043a\u043b\u0430\u0434, drop<\/strong>)<\/p>\n\n\n\n

\u041d\u0438\u0436\u0447\u0435 \u0431\u0443\u0434\u0443\u0442\u044c \u043f\u043e\u043a\u0430\u0437\u0430\u043d\u0456 \u043d\u0430\u043b\u0430\u0448\u0442\u0443\u0432\u0430\u043d\u043d\u044f \u0434\u043b\u044f \u0440\u0456\u0437\u043d\u0438\u0445 \u0442\u0438\u043f\u0456\u0432 \u0444\u0430\u0439\u0435\u0440\u0432\u043e\u043b\u0456\u0432<\/p>\n\n\n\n

iptables<\/mark><\/h2>\n\n\n\n

TOS target options:<\/p>\n\n\n\n

\n

  –set-tos value[\/mask]  Set Type of Service\/Priority field to value (Zero out bits in mask and XOR value into TOS)<\/p>\n\n\n\n

  –set-tos symbol        Set TOS field (IPv4 only) by symbol<\/p>\n\n\n\n

                          (this zeroes the 4-bit Precedence part!)<\/p>\n\n\n\n

                          Accepted symbolic names for value are:<\/p>\n\n\n\n

                            (0x10) 16 Minimize-Delay<\/p>\n\n\n\n

                            (0x08)  8 Maximize-Throughput<\/p>\n\n\n\n

                            (0x04)  4 Maximize-Reliability<\/p>\n\n\n\n

                            (0x02)  2 Minimize-Cost<\/p>\n\n\n\n

                            (0x00)  0 Normal-Service<\/p>\n<\/blockquote>\n\n\n\n

DSCP target options:<\/p>\n\n\n\n

\n

  –set-dscp value              Set DSCP field in packet header to value. This value can be in decimal (ex: 32) or in hex (ex: 0x20)<\/p>\n\n\n\n

  –set-dscp-class class        Set the DSCP field in packet header to the value represented by the DiffServ class value.<\/p>\n\n\n\n

This class may be EF,BE or any of the CSxx or AFxx classes.<\/p>\n\n\n\n

These two options are mutually exclusive !<\/p>\n<\/blockquote>\n\n\n\n

\u0426\u0456 \u043e\u043f\u0446\u0456\u0457 \u043c\u043e\u0436\u043d\u0430 \u0442\u0430\u043a\u043e\u0436 \u0434\u0456\u0437\u043d\u0430\u0442\u0438\u0441\u044f \u0456 \u0447\u0435\u0440\u0435\u0437 \u043a\u043e\u043c\u0430\u043d\u0434\u0438:<\/p>\n\n\n\n

iptables -m tos -h (\u0430\u0431\u043e iptables -j TOS -h)
iptables -m dscp -h (\u0430\u0431\u043e iptables -j DSCP -h)<\/code><\/p>\n\n\n\n

\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u0438:<\/p>\n\n\n\n

    \n
  • \u043c\u0430\u0440\u043a\u0443\u0432\u0430\u043d\u043d\u044f<\/mark><\/em><\/li>\n<\/ul>\n\n\n\n

    iptables -t mangle -A PREROUTING -p tcp--dport 22 -j TOS --set-tos 0x10<\/code><\/p>\n\n\n\n

    iptables -A OUTPUT -t mangle -p udp -m udp --dport 5060 -j DSCP --set-dscp 0\u00d728<\/code><\/p>\n\n\n\n

      \n
    • \u043a\u0435\u0440\u0443\u0432\u0430\u043d\u043d\u044f<\/mark><\/em>:<\/li>\n<\/ul>\n\n\n\n

      iptables -A INPUT -p tcp -m tos --tos 0x10 -j ACCEPT<\/code><\/p>\n\n\n\n

      ipfw<\/mark><\/h2>\n\n\n\n

      \u041e\u043f\u0446\u0456\u0457<\/p>\n\n\n\n

      \n

      RULE<\/strong> ACTIONS<\/strong><\/p>\n\n\n\n

      setdscp<\/strong> DSCP<\/em> | number<\/em> | tablearg<\/em><\/p>\n\n\n\n

            Set specified DiffServ codepoint for an IPv4\/IPv6 packet.  Processing continues at the next rule.<\/p>\n<\/blockquote>\n\n\n\n

      \n

      RULE<\/strong> OPTIONS<\/strong><\/p>\n\n\n\n

      iptos<\/strong> spec<\/em><\/p>\n\n\n\n

            Matches IPv4 packets whose tos<\/strong> field contains the  comma separated  list  of service types specified in spec<\/em>. The supported<\/p>\n\n\n\n

            IP types of service are:<\/p>\n\n\n\n

            lowdelay<\/strong>   (IPTOS_LOWDELAY),   throughput<\/strong>   (IPTOS_THROUGHPUT),<\/p>\n\n\n\n

            reliability<\/strong>   (IPTOS_RELIABILITY),   mincost<\/strong>   (IPTOS_MINCOST),<\/p>\n\n\n\n

            congestion<\/strong> (IPTOS_ECN_CE).  The absence of  a particula  type may be denoted with a `!’.<\/p>\n\n\n\n

      dscp<\/strong> spec<\/strong>[,spec<\/em>]<\/p>\n\n\n\n

            Matches IPv4\/IPv6 packets whose DS<\/strong> field value is contained in spec<\/em> mask.  Multiple values can be specified via the comma separated list.  Value can be one of keywords used in setdscp<\/strong>  action or exact number.<\/p>\n\n\n\n

      <\/p>\n<\/blockquote>\n\n\n\n

      \u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0438 ToS\/DSCP<\/strong> \u0442\u0430\u043a\u0456 \u0441\u0430\u043c\u0456, \u0442\u043e\u043c\u0443 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c\u043e \u0434\u043e \u043f\u0440\u0438\u043a\u043b\u0430\u0434\u0456\u0432:<\/p>\n\n\n\n

        \n
      • \u043c\u0430\u0440\u043a\u0443\u0432\u0430\u043d\u043d\u044f<\/mark><\/em><\/li>\n<\/ul>\n\n\n\n

        ipfw add setdscp be ip from any to any dscp af11,af21<\/code><\/p>\n\n\n\n

          \n
        • \u043a\u0435\u0440\u0443\u0432\u0430\u043d\u043d\u044f<\/mark><\/em><\/li>\n<\/ul>\n\n\n\n

          ipfw add block ip from 1.1.1.1 to any iptos lowdelay<\/code><\/p>\n\n\n\n

          pf<\/mark><\/h2>\n\n\n\n
          \n

          set tos string<\/em> | number<\/em><\/p>\n\n\n\n

          Enforces a TOS for matching packets. string<\/em> may be one of critical<\/strong>, inetcontrol<\/strong>, lowdelay<\/strong>, netcontrol<\/strong>, throughput<\/strong>, reliability<\/strong>, or one of the DiffServ Code Points: ef<\/strong>, af11<\/strong> … af43<\/strong>, cs0<\/strong> … cs7<\/strong>; number<\/em> may be either a hex or decimal number.<\/p>\n<\/blockquote>\n\n\n\n

          \u0423 \u0432\u0435\u0440\u0441\u0456\u0457 FreeBSD <\/strong>\u0437\u0430\u043c\u0456\u0441\u0442\u044c set tos<\/strong> \u043f\u0438\u0448\u0435\u043c\u043e set-tos<\/strong><\/p>\n\n\n\n

          \n

          tos string<\/em> | number<\/em><\/p>\n\n\n\n

          This rule applies to packets with the specified TOS bits set. string<\/em> may be one of critical<\/strong>, inetcontrol<\/strong>, lowdelay<\/strong>, netcontrol<\/strong>, throughput<\/strong>, reliability<\/strong>, or one of the DiffServ Code Points: ef<\/strong>, af11<\/strong> … af43<\/strong>, cs0<\/strong> … cs7<\/strong>; number<\/em> may be either a hex or decimal number.<\/p>\n\n\n\n

          For example, the following rules are identical:<\/p>\n\n\n\n

          pass all tos lowdelay<\/p>\n\n\n\n

          pass all tos 0x10<\/p>\n\n\n\n

          pass all tos 16<\/p>\n<\/blockquote>\n\n\n\n

          \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u0438:<\/p>\n\n\n\n

            \n
          • \u043c\u0430\u0440\u043a\u0443\u0432\u0430\u043d\u043d\u044f<\/mark><\/em><\/li>\n<\/ul>\n\n\n\n

            pass in proto tcp to port 22 set tos lowdelay<\/code><\/p>\n\n\n\n

              \n
            • \u043a\u0435\u0440\u0443\u0432\u0430\u043d\u043d\u044f<\/mark><\/em><\/li>\n<\/ul>\n\n\n\n

              pass in quick inet proto udp from $vlan77 tos 0xB8 <\/code><\/p>\n","protected":false},"excerpt":{"rendered":"

              \u041d\u0430\u0433\u0430\u0434\u0430\u044e, \u0449\u043e \u0442\u0430\u043a\u0435 ToS (Type of Service) – \u0446\u0435 \u043c\u043e\u0436\u043b\u0438\u0432\u0456\u0441\u0442\u044c \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0437\u0443\u0432\u0430\u0442\u0438 \u043f\u0435\u0432\u043d\u0438\u0439 \u0442\u0440\u0430\u0444\u0456\u043a \u0437\u0430 \u0440\u0430\u0445\u0443\u043d\u043e\u043a \u0432\u0438\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u044f \u0441\u043f\u0435\u0446\u0456\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0431\u0430\u0439\u0442\u0430 \u0443 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0443 IP \u043f\u0430\u043a\u0435\u0442\u0443. DSCP – \u0434\u0435\u044f\u043a\u0435 \u0440\u043e\u0437\u0448\u0438\u0440\u0435\u043d\u043d\u044f (\u0430\u0431\u043e \u0432 \u0434\u0435\u044f\u043a\u043e\u043c\u0443 \u0441\u0435\u043d\u0441\u0456 \u043d\u043e\u0432\u0456\u0448\u0430 \u0432\u0435\u0440\u0441\u0456\u044f ToS), \u0431\u043e \u043c\u0430\u0454 \u0431\u0456\u043b\u044c\u0448\u0435 \u0440\u0456\u0437\u043d\u0438\u0445 \u043f\u0440\u0456\u043e\u0440\u0438\u0442\u0435\u0442\u0456\u0432 (64 \u043f\u0440\u043e\u0442\u0438 7 \u0443 ToS).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5,25,12,24],"tags":[],"class_list":["post-6374","post","type-post","status-publish","format-standard","hentry","category-freebsd","category-linux","category-openbsd","category-routers","category-solaris"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6374","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6374"}],"version-history":[{"count":1,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6374\/revisions"}],"predecessor-version":[{"id":6375,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6374\/revisions\/6375"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6374"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6374"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6374"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}