From araujo@FreeBSD.org  Tue Feb 26 03:40:59 2008
Return-Path: <araujo@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A9B2A16A401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 Feb 2008 03:40:59 +0000 (UTC)
	(envelope-from araujo@FreeBSD.org)
Received: from mail.intelbras.com.br (mail.intelbras.com.br [201.24.77.45])
	by mx1.freebsd.org (Postfix) with ESMTP id A93DD13C458
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 Feb 2008 03:40:58 +0000 (UTC)
	(envelope-from araujo@FreeBSD.org)
Received: from localhost (localhost.intelbras.com.br [127.0.0.1])
	by mail.intelbras.com.br (Postfix) with ESMTP id C46582DA44C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 Feb 2008 00:15:25 -0300 (BRT)
Received: from mail.intelbras.com.br ([127.0.0.1])
	by localhost (copernicus.intelbras.com.br [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id NBqmYg54gpki for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 26 Feb 2008 00:15:25 -0300 (BRT)
Received: from island.freebsd.org (200.146.36.203.adsl.gvt.net.br [200.146.36.203])
	by mail.intelbras.com.br (Postfix) with ESMTP id 176AF2DA426
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 26 Feb 2008 00:15:25 -0300 (BRT)
Message-Id: <1203995726.2841@island.freebsd.org>
Date: Tue, 26 Feb 2008 00:15:26 -0300
From: "Marcelo Araujo (araujo@FreeBSD.org)" <araujo@FreeBSD.org>
To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@freebsd.org>
Subject: [ipfw] [patch] add support to ToS IP PRECEDENCE fields
X-Send-Pr-Version: gtk-send-pr 0.4.8 
X-GNATS-Notify:

>Number:         121108
>Category:       kern
>Synopsis:       [ipfw] [patch] add support to ToS IP PRECEDENCE fields
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 26 03:50:01 UTC 2008
>Closed-Date:    Tue Feb 26 14:25:04 UTC 2008
>Last-Modified:  Tue Feb 26 14:25:04 UTC 2008
>Originator:     Marcelo Araujo (araujo@FreeBSD.org)
>Release:        FreeBSD 7.0-PRERELEASE i386
>Organization:
FreeBSD 
>Environment:


System: FreeBSD 7.0-PRERELEASE #10: Mon Feb 25 08:41:00 BRT 2008
    araujo@island.freebsd.org:/usr/obj/usr/src/sys/ISLAND



>Description:


The patch add some features described in:
- RFC 0791
- RFC 1122
- RFC 1349 
- http://www3.tools.ietf.org/html/draft-xiao-tcp-prec-01

You can change the IP PRECEDENCE fields within ToS header, you can also check packages that have this mark within your network, some benefits are relevant, you can classifies many type of packages and prioritize it in your network.

1 - Set some type of IP PRECEDENCE inside a package:

ipfw add 10 iptospre flashover ip from any to any

2 - You can check packages within your network that have the IP PRECEDENCE fields:

ipfw add 11 count ip from any to any iptospre flashover

The patch is based in PR kern/102471, 
novel@ thanks for your help.

References:
http://code.google.com/p/exports/wiki/ToSWorkAround


>How-To-Repeat:





>Fix:


--- ipfw-ToS8bits.diff begins here ---
Index: sbin/ipfw/ipfw2.c
===================================================================
RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
retrieving revision 1.117
diff -u -r1.117 ipfw2.c
--- sbin/ipfw/ipfw2.c	24 Feb 2008 15:37:45 -0000	1.117
+++ sbin/ipfw/ipfw2.c	26 Feb 2008 02:37:05 -0000
@@ -177,6 +177,20 @@
 	{ NULL,	0 }
 };
 
+/* ToS PRECEDENCE fields supporting. */
+static struct _s_x f_iptospre[] = {
+	{ "netcontrol",		IPTOSPRE_NETCONTROL}, 	/* 0xe0 = 111 */
+	{ "intercontrol",	IPTOSPRE_INTERCONTROL},	/* 0xc0 = 110 */
+	{ "criticecp",		IPTOSPRE_CRITICECP},		/* 0xa0 = 101 */
+	{ "flashover",		IPTOSPRE_FLASHOVER},		/* 0x80 = 100 */
+	{ "flash",			IPTOSPRE_FLASH},			/* 0x60 = 011 */
+	{ "immediate",		IPTOSPRE_IMMEDIATE},		/* 0x40 = 010 */
+	{ "priority",		IPTOSPRE_PRIORITY},		/* 0x20 = 001 */
+	{ "routine",		IPTOSPRE_ROUTINE},		/* 0x00 = 000 */
+	{ NULL, 0 }
+};
+/* ToS PRECEDENCE fields supporting. */
+
 static struct _s_x f_iptos[] = {
 	{ "lowdelay",	IPTOS_LOWDELAY},
 	{ "throughput",	IPTOS_THROUGHPUT},
@@ -282,6 +296,7 @@
 	TOK_IPLEN,
 	TOK_IPID,
 	TOK_IPPRECEDENCE,
+	TOK_IPTOSPRE, /* Add ToS PRECEDENCE supporting. */
 	TOK_IPTOS,
 	TOK_IPTTL,
 	TOK_IPVER,
@@ -317,6 +332,7 @@
 	TOK_GRED,
 	TOK_DROPTAIL,
 	TOK_PROTO,
+	TOK_SETIPTOSPRE, /* Add ToS PRECEDENCE supporting. */
 	TOK_WEIGHT,
 	TOK_IP,
 	TOK_IF,
@@ -411,6 +427,7 @@
 	{ "unreach6",		TOK_UNREACH6 },
 	{ "unreach",		TOK_UNREACH },
 	{ "check-state",	TOK_CHECKSTATE },
+	{ "iptospre",		TOK_SETIPTOSPRE }, /* Set IP ToS PRECEDENCE. */
 	{ "//",			TOK_COMMENT },
 	{ "nat",                TOK_NAT },
 	{ NULL, 0 }	/* terminator */
@@ -449,6 +466,7 @@
 	{ "ipid",		TOK_IPID },
 	{ "ipprecedence",	TOK_IPPRECEDENCE },
 	{ "iptos",		TOK_IPTOS },
+	{ "iptospre",	TOK_IPTOSPRE }, /* Add ToS PRECEDENCE supporting. */
 	{ "ipttl",		TOK_IPTTL },
 	{ "ipversion",		TOK_IPVER },
 	{ "ipver",		TOK_IPVER },
@@ -1599,6 +1617,13 @@
 		    }
 			break;
 
+		/* Set ToS PRECEDENCE. */
+		/* O erro pode estar aqui....(araujo). */
+		case O_SETIPTOSPRE:
+			printf("iptospre %s", match_value(f_iptospre, cmd->arg1));
+			break;
+		/* Set ToS PRECEDENCE. */
+
 		case O_LOG: /* O_LOG is printed last */
 			logptr = (ipfw_insn_log *)cmd;
 			break;
@@ -1906,6 +1931,12 @@
 				print_icmptypes((ipfw_insn_u32 *)cmd);
 				break;
 
+			/* Print ToS PRE in ipfw show */
+			case O_IPTOSPRE:
+				printf(" iptospre %s", match_value(f_iptospre, cmd->arg1));
+				break;
+			/* Print ToS PRE in ipfw show */
+
 			case O_ESTAB:
 				printf(" established");
 				break;
@@ -2712,7 +2743,7 @@
 "RULE-BODY:	check-state [PARAMS] | ACTION [PARAMS] ADDR [OPTION_LIST]\n"
 "ACTION:	check-state | allow | count | deny | unreach{,6} CODE |\n"
 "               skipto N | {divert|tee} PORT | forward ADDR |\n"
-"               pipe N | queue N | nat N\n"
+"               pipe N | queue N | iptospre CODE | nat N\n"
 "PARAMS: 	[log [logamount LOGLIMIT]] [altq QUEUE_NAME]\n"
 "ADDR:		[ MAC dst src ether_type ] \n"
 "		[ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"
@@ -2724,7 +2755,7 @@
 "OPTION_LIST:	OPTION [OPTION_LIST]\n"
 "OPTION:	bridged | diverted | diverted-loopback | diverted-output |\n"
 "	{dst-ip|src-ip} IPADDR | {dst-ip6|src-ip6|dst-ipv6|src-ipv6} IP6ADDR |\n"
-"	{dst-port|src-port} LIST |\n"
+"	iptospre CODE | {dst-ip|src-ip} IPADDR |\n"
 "	estab | frag | {gid|uid} N | icmptypes LIST | in | out | ipid LIST |\n"
 "	iplen LIST | ipoptions SPEC | ipprecedence | ipsec | iptos SPEC |\n"
 "	ipttl LIST | ipversion VER | keep-state | layer2 | limit ... |\n"
@@ -4848,10 +4879,21 @@
 		action->opcode = O_COUNT;
 		break;
 
+<<<<<<< ipfw2.c
+	/* Setting ToS PRECEDENCE fields. */
+	case TOK_SETIPTOSPRE:
+		NEED1("need iptospre arg\n");
+		fill_flags(action, O_SETIPTOSPRE, f_iptospre, *av);
+		ac--; av++;
+		break;
+	/* Setting ToS PRECEDENCE fields. */
+
+=======
 	case TOK_NAT:
  		action->opcode = O_NAT;
  		action->len = F_INSN_SIZE(ipfw_insn_nat);
 		goto chkarg;
+>>>>>>> 1.117
 	case TOK_QUEUE:
 		action->opcode = O_QUEUE;
 		goto chkarg;
@@ -5334,6 +5376,14 @@
 			ac--; av++;
 			break;
 
+		/* Some args to ToS PRECEDENCE. */
+		case TOK_IPTOSPRE:
+			NEED1("missing argument for iptospre");
+			fill_flags(cmd, O_IPTOSPRE, f_iptospre, *av);
+			ac--; av++;
+			break;
+		/* Some args to ToS PRECEDENCE. */
+
 		case TOK_IPTOS:
 			NEED1("missing argument for iptos");
 			fill_flags(cmd, O_IPTOS, f_iptos, *av);
Index: sys/netinet/ip_fw.h
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw.h,v
retrieving revision 1.111
diff -u -r1.111 ip_fw.h
--- sys/netinet/ip_fw.h	25 Jan 2008 14:38:27 -0000	1.111
+++ sys/netinet/ip_fw.h	26 Feb 2008 02:37:06 -0000
@@ -161,6 +161,9 @@
 	O_TAG,   		/* arg1=tag number */
 	O_TAGGED,		/* arg1=tag number */
 
+	O_SETIPTOSPRE,	/* setting ToS PRECEDENCE field. */
+	O_IPTOSPRE,		/* Add ToS PRECEDENCE supporting. */
+
 	O_LAST_OPCODE		/* not an opcode!		*/
 };
 
@@ -510,6 +513,18 @@
 #define	IP_FW_IPOPT_RR		0x04
 #define	IP_FW_IPOPT_TS		0x08
 
+/* Definitions for IP ToS PRECEDENCE. */ 
+/* Thanks to: http://www.easycalculation.com/binary-converter.php */
+#define	IPTOSPRE_NETCONTROL		224	/* bin = 111 dec = 224 hex = 0xe0 */
+#define	IPTOSPRE_INTERCONTROL		192	/* bin = 110 dec = 192 hex = 0xc0 */
+#define	IPTOSPRE_CRITICECP		160	/* bin = 101 dec = 160 hex = 0xa0 */
+#define	IPTOSPRE_FLASHOVER		128	/* bin = 100 dec = 128 hex = 0x80 */
+#define	IPTOSPRE_FLASH			96 	/* bin = 011 dec = 96  hex = 0x60 */
+#define	IPTOSPRE_IMMEDIATE		64 	/* bin = 010 dec = 64  hex = 0x40 */
+#define	IPTOSPRE_PRIORITY			32 	/* bin = 001 dec = 32  hex = 0x20 */
+#define	IPTOSPRE_ROUTINE			0  	/* bin = 000 dec = 0   hex = 0x00 */
+/* Definitions for IP ToS PRECEDENCE. */ 
+
 /*
  * Definitions for TCP option names.
  */
@@ -626,5 +641,22 @@
 extern	ip_fw_chk_t	*ip_fw_chk_ptr;
 #define	IPFW_LOADED	(ip_fw_chk_ptr != NULL)
 
+/* Some novel@ code. */
+#define ADJUST_CHECKSUM(acc, cksum) \
+		do { \
+				acc += cksum; \
+				if (acc < 0) { \
+					acc = -acc; \
+					acc = (acc >> 16) + (acc & 0xffff); \
+					acc += acc >> 16; \
+					cksum = (u_short) ~acc; \
+				} else { \
+					acc = (acc >> 16) + (acc & 0xffff); \
+					acc += acc >> 16; \
+					cksum = (u_short) acc; \
+				} \
+		} while (0)
+/* Some novel@ code. */
+
 #endif /* _KERNEL */
 #endif /* _IPFW2_H */
Index: sys/netinet/ip_fw2.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.181
diff -u -r1.181 ip_fw2.c
--- sys/netinet/ip_fw2.c	24 Feb 2008 15:37:45 -0000	1.181
+++ sys/netinet/ip_fw2.c	26 Feb 2008 02:37:09 -0000
@@ -177,6 +177,21 @@
 
 extern int ipfw_chg_hook(SYSCTL_HANDLER_ARGS);
 
+/* some @novel code. */
+static __inline int
+twowords(void *p) {
+	uint8_t *c = p;
+#if BYTE_ORDER == LITTLE_ENDIAN
+	uint16_t s1 = ((uint16_t)c[1] << 8) + (uint16_t)c[0];
+	uint16_t s2 = ((uint16_t)c[3] << 8) + (uint16_t)c[2];
+#else
+	uint16_t s1 = ((uint16_t)c[0] << 8) + (uint16_t)c[1];
+	uint16_t s2 = ((uint16_t)c[2] << 8) + (uint16_t)c[3];
+#endif
+	return (s1 + s2);
+}
+/* some @novel code. */
+
 #ifdef SYSCTL_NODE
 SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
 SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable,
@@ -2700,6 +2715,7 @@
 	for (; f; f = f->next) {
 		ipfw_insn *cmd;
 		uint32_t tablearg = 0;
+		int accumulate; /* Novel@ code. */
 		int l, cmdlen, skip_or; /* skip rest of OR block */
 
 again:
@@ -3005,6 +3021,12 @@
 				match = (is_ipv4 &&
 				    flags_match(cmd, ip->ip_tos));
 				break;
+			/* Add supporting ToS PRECEDENCE field. */
+			case O_IPTOSPRE:
+				match = (is_ipv4 &&
+				    flags_match(cmd, ip->ip_tos));
+					break;
+			/* Add supporting ToS PRECEDENCE field. */
 
 			case O_TCPDATALEN:
 				if (proto == IPPROTO_TCP && offset == 0) {
@@ -3322,6 +3344,18 @@
 				match = 1;
 				break;
 
+			/* Insert within IP ToS PRECEDENCE field. */
+			case O_SETIPTOSPRE:
+				accumulate = twowords(&ip->ip_tos);
+				ip->ip_tos= cmd->arg1;
+				accumulate -= twowords(&ip->ip_tos);
+				ADJUST_CHECKSUM(accumulate, ip->ip_sum);
+				f->pcnt++; /* update stats */
+				f->bcnt += pktlen;
+				f->timestamp = time_second;
+				goto next_rule;
+			/* Insert within IP ToS PRECEDENCE field. */
+
 			case O_PROBE_STATE:
 			case O_CHECK_STATE:
 				/*
@@ -4119,6 +4153,7 @@
 		case O_FRAG:
 		case O_DIVERTED:
 		case O_IPOPT:
+		case O_IPTOSPRE: /* Add ToS PRECEDENCE supporting. */
 		case O_IPTOS:
 		case O_IPPRECEDENCE:
 		case O_IPVER:
@@ -4142,6 +4177,10 @@
 				goto bad_size;
 			break;
 
+		case O_SETIPTOSPRE: /* Set ToS IP PRECEDENCE. */
+			have_action = 1;
+			break;
+
 		case O_UID:
 		case O_GID:
 		case O_JAIL:
--- ipfw-ToS8bits.diff ends here ---



>Release-Note:
>Audit-Trail:

From: Maxim Konovalov <maxim@macomnet.ru>
To: "Marcelo Araujo (araujo@FreeBSD.org)" <araujo@freebsd.org>
Cc: bug-followup@freebsd.org
Subject: Re: kern/121108: [ipfw] [patch] add support to ToS IP PRECEDENCE
 fields
Date: Tue, 26 Feb 2008 12:54:44 +0300 (MSK)

 Hello,
 
 it seems your patch has some conflict deltas.  E.g. the following
 delta looks weird:
 
 +<<<<<<< ipfw2.c
 +       /* Setting ToS PRECEDENCE fields. */
 +       case TOK_SETIPTOSPRE:
 +               NEED1("need iptospre arg\n");
 +               fill_flags(action, O_SETIPTOSPRE, f_iptospre, *av);
 +               ac--; av++;
 +               break;
 +       /* Setting ToS PRECEDENCE fields. */
 +
 +=======
         case TOK_NAT:
                 action->opcode = O_NAT;
                 action->len = F_INSN_SIZE(ipfw_insn_nat);
                 goto chkarg;
 +>>>>>>> 1.117
 
 And it would be nice if you use english in comments :-)
 
 -- 
 Maxim Konovalov

From: Marcelo Araujo <araujobsdport@gmail.com>
To: Maxim Konovalov <maxim@macomnet.ru>
Cc: bug-followup@freebsd.org, Ion-Mihai Tetcu <itetcu@FreeBSD.org>, 
 stas@mbsd.msk.ru, Boris Samorodov <bsam@ipt.ru>, 
 Roman Bogorodskiy <novel@FreeBSD.org>
Subject: Re: kern/121108: [ipfw] [patch] add support to ToS IP PRECEDENCE
 fields
Date: Tue, 26 Feb 2008 10:39:34 -0300

 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --------------enigEFB958632A87BA2B77182DFC
 Content-Type: multipart/mixed;
  boundary="------------020303030608020802080703"
 
 This is a multi-part message in MIME format.
 --------------020303030608020802080703
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 I solved the problem with the revision conflicts and I removed all
 unnecessary comments.
 
 
 
 Best Regards.
 
 --=20
 Marcelo Araujo            (__)
 araujo@FreeBSD.org     \\\'',)
 http://www.FreeBSD.org   \/  \ ^
 Power To Server.         .\. /_)
 
 
 --------------020303030608020802080703
 Content-Type: text/x-patch;
  name="ipfw-ToS8bits.diff"
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: inline;
  filename="ipfw-ToS8bits.diff"
 
 Index: sbin/ipfw/ipfw2.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sbin/ipfw/ipfw2.c,v
 retrieving revision 1.117
 diff -u -r1.117 ipfw2.c
 --- sbin/ipfw/ipfw2.c	24 Feb 2008 15:37:45 -0000	1.117
 +++ sbin/ipfw/ipfw2.c	26 Feb 2008 12:54:54 -0000
 @@ -177,6 +177,18 @@
  	{ NULL,	0 }
  };
 =20
 +static struct _s_x f_iptospre[] =3D {
 +	{ "netcontrol",		IPTOSPRE_NETCONTROL},
 +	{ "intercontrol",	IPTOSPRE_INTERCONTROL},
 +	{ "criticecp",		IPTOSPRE_CRITICECP},
 +	{ "flashover",		IPTOSPRE_FLASHOVER},
 +	{ "flash",			IPTOSPRE_FLASH},
 +	{ "immediate",		IPTOSPRE_IMMEDIATE},
 +	{ "priority",		IPTOSPRE_PRIORITY},
 +	{ "routine",		IPTOSPRE_ROUTINE},
 +	{ NULL, 0}
 +};
 +
  static struct _s_x f_iptos[] =3D {
  	{ "lowdelay",	IPTOS_LOWDELAY},
  	{ "throughput",	IPTOS_THROUGHPUT},
 @@ -282,6 +294,7 @@
  	TOK_IPLEN,
  	TOK_IPID,
  	TOK_IPPRECEDENCE,
 +	TOK_IPTOSPRE,
  	TOK_IPTOS,
  	TOK_IPTTL,
  	TOK_IPVER,
 @@ -317,6 +330,7 @@
  	TOK_GRED,
  	TOK_DROPTAIL,
  	TOK_PROTO,
 +	TOK_SETIPTOSPRE,
  	TOK_WEIGHT,
  	TOK_IP,
  	TOK_IF,
 @@ -411,6 +425,7 @@
  	{ "unreach6",		TOK_UNREACH6 },
  	{ "unreach",		TOK_UNREACH },
  	{ "check-state",	TOK_CHECKSTATE },
 +	{ "iptospre",		TOK_SETIPTOSPRE },
  	{ "//",			TOK_COMMENT },
  	{ "nat",                TOK_NAT },
  	{ NULL, 0 }	/* terminator */
 @@ -449,6 +464,7 @@
  	{ "ipid",		TOK_IPID },
  	{ "ipprecedence",	TOK_IPPRECEDENCE },
  	{ "iptos",		TOK_IPTOS },
 +	{ "iptospre",	TOK_IPTOSPRE },
  	{ "ipttl",		TOK_IPTTL },
  	{ "ipversion",		TOK_IPVER },
  	{ "ipver",		TOK_IPVER },
 @@ -1599,6 +1615,10 @@
  		    }
  			break;
 =20
 +		case O_SETIPTOSPRE:
 +			printf("iptospre %s", match_value(f_iptospre, cmd->arg1));
 +			break;
 +
  		case O_LOG: /* O_LOG is printed last */
  			logptr =3D (ipfw_insn_log *)cmd;
  			break;
 @@ -1910,6 +1930,10 @@
  				printf(" established");
  				break;
 =20
 +			case O_IPTOSPRE:
 +				printf(" iptospre %s", match_value(f_iptospre, cmd->arg1));
 +				break;
 +
  			case O_TCPDATALEN:
  				if (F_LEN(cmd) =3D=3D 1)
  				    printf(" tcpdatalen %u", cmd->arg1 );
 @@ -2712,7 +2736,7 @@
  "RULE-BODY:	check-state [PARAMS] | ACTION [PARAMS] ADDR [OPTION_LIST]\n"=
 
  "ACTION:	check-state | allow | count | deny | unreach{,6} CODE |\n"
  "               skipto N | {divert|tee} PORT | forward ADDR |\n"
 -"               pipe N | queue N | nat N\n"
 +"               pipe N | queue N | iptospre CODE | nat N\n"
  "PARAMS: 	[log [logamount LOGLIMIT]] [altq QUEUE_NAME]\n"
  "ADDR:		[ MAC dst src ether_type ] \n"
  "		[ ip from IPADDR [ PORT ] to IPADDR [ PORTLIST ] ]\n"
 @@ -2725,6 +2749,7 @@
  "OPTION:	bridged | diverted | diverted-loopback | diverted-output |\n"
  "	{dst-ip|src-ip} IPADDR | {dst-ip6|src-ip6|dst-ipv6|src-ipv6} IP6ADDR |=
 \n"
  "	{dst-port|src-port} LIST |\n"
 +"	iptospre CODE | {dst-ip|src-ip} IPADDR |\n"
  "	estab | frag | {gid|uid} N | icmptypes LIST | in | out | ipid LIST |\n=
 "
  "	iplen LIST | ipoptions SPEC | ipprecedence | ipsec | iptos SPEC |\n"
  "	ipttl LIST | ipversion VER | keep-state | layer2 | limit ... |\n"
 @@ -4848,6 +4873,12 @@
  		action->opcode =3D O_COUNT;
  		break;
 =20
 +	case TOK_SETIPTOSPRE:
 +		NEED1("need iptospre arg\n");
 +		fill_flags(action, O_SETIPTOSPRE, f_iptospre, *av);
 +		ac--; av++;
 +		break;
 +
  	case TOK_NAT:
   		action->opcode =3D O_NAT;
   		action->len =3D F_INSN_SIZE(ipfw_insn_nat);
 @@ -5334,6 +5365,12 @@
  			ac--; av++;
  			break;
 =20
 +		case TOK_IPTOSPRE:
 +			NEED1("missing argument for iptospre");
 +			fill_flags(cmd, O_IPTOSPRE, f_iptospre, *av);
 +			ac--; av++;
 +			break;
 +
  		case TOK_IPTOS:
  			NEED1("missing argument for iptos");
  			fill_flags(cmd, O_IPTOS, f_iptos, *av);
 Index: sys/netinet/ip_fw.h
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sys/netinet/ip_fw.h,v
 retrieving revision 1.111
 diff -u -r1.111 ip_fw.h
 --- sys/netinet/ip_fw.h	25 Jan 2008 14:38:27 -0000	1.111
 +++ sys/netinet/ip_fw.h	26 Feb 2008 12:54:54 -0000
 @@ -161,6 +161,9 @@
  	O_TAG,   		/* arg1=3Dtag number */
  	O_TAGGED,		/* arg1=3Dtag number */
 =20
 +	O_SETIPTOSPRE,	/* Add ToS PRECEDENCE support. */
 +	O_IPTOSPRE,		/* Add ToS PRECEDENCE support. */
 +
  	O_LAST_OPCODE		/* not an opcode!		*/
  };
 =20
 @@ -510,6 +513,18 @@
  #define	IP_FW_IPOPT_RR		0x04
  #define	IP_FW_IPOPT_TS		0x08
 =20
 +/* Definitions for IP ToS PRECEDENCE. */=20
 +/* Thanks to: http://www.easycalculation.com/binary-converter.php */
 +#define	IPTOSPRE_NETCONTROL		224 /* bin =3D 111 dec =3D 224 hex =3D 0xe0=
  */
 +#define	IPTOSPRE_INTERCONTROL	192 /* bin =3D 110 dec =3D 192 hex =3D 0xc=
 0 */
 +#define	IPTOSPRE_CRITICECP		160 /* bin =3D 101 dec =3D 160 hex =3D 0xa0 =
 */
 +#define	IPTOSPRE_FLASHOVER		128 /* bin =3D 100 dec =3D 128 hex =3D 0x80 =
 */
 +#define	IPTOSPRE_FLASH			96  /* bin =3D 011 dec =3D 96  hex =3D 0x60 */
 +#define	IPTOSPRE_IMMEDIATE		64  /* bin =3D 010 dec =3D 64  hex =3D 0x40 =
 */
 +#define	IPTOSPRE_PRIORITY		32  /* bin =3D 001 dec =3D 32  hex =3D 0x20 *=
 /
 +#define	IPTOSPRE_ROUTINE		0   /* bin =3D 000 dec =3D 0   hex =3D 0x00 */=
 
 +/* Definitions for IP ToS PRECEDENCE. */=20
 +
  /*
   * Definitions for TCP option names.
   */
 @@ -626,5 +641,22 @@
  extern	ip_fw_chk_t	*ip_fw_chk_ptr;
  #define	IPFW_LOADED	(ip_fw_chk_ptr !=3D NULL)
 =20
 +/* Some novel@ code. */
 +#define ADJUST_CHECKSUM(acc, cksum) \
 +		do { \
 +				acc +=3D cksum; \
 +				if (acc < 0) { \
 +					acc =3D -acc; \
 +					acc =3D (acc >> 16) + (acc & 0xffff); \
 +					acc +=3D acc >> 16; \
 +					cksum =3D (u_short) ~acc; \
 +				} else { \
 +					acc =3D (acc >> 16) + (acc & 0xffff); \
 +					acc +=3D acc >> 16; \
 +					cksum =3D (u_short) acc; \
 +				} \
 +		} while (0)
 +/* Some novel@ code. */
 +
  #endif /* _KERNEL */
  #endif /* _IPFW2_H */
 Index: sys/netinet/ip_fw2.c
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
 RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
 retrieving revision 1.181
 diff -u -r1.181 ip_fw2.c
 --- sys/netinet/ip_fw2.c	24 Feb 2008 15:37:45 -0000	1.181
 +++ sys/netinet/ip_fw2.c	26 Feb 2008 12:55:28 -0000
 @@ -177,6 +177,21 @@
 =20
  extern int ipfw_chg_hook(SYSCTL_HANDLER_ARGS);
 =20
 +/* some @novel code. */
 +static __inline int
 +twowords(void *p) {
 +	uint8_t *c =3D p;
 +#if BYTE_ORDER =3D=3D LITTLE_ENDIAN
 +	uint16_t s1 =3D ((uint16_t)c[1] << 8) + (uint16_t)c[0];
 +	uint16_t s2 =3D ((uint16_t)c[3] << 8) + (uint16_t)c[2];
 +#else
 +	uint16_t s1 =3D ((uint16_t)c[0] << 8) + (uint16_t)c[1];
 +	uint16_t s2 =3D ((uint16_t)c[2] << 8) + (uint16_t)c[3];
 +#endif
 +	return (s1 + s2);
 +}
 +/* some @novel code. */
 +
  #ifdef SYSCTL_NODE
  SYSCTL_NODE(_net_inet_ip, OID_AUTO, fw, CTLFLAG_RW, 0, "Firewall");
  SYSCTL_PROC(_net_inet_ip_fw, OID_AUTO, enable,
 @@ -2700,6 +2715,7 @@
  	for (; f; f =3D f->next) {
  		ipfw_insn *cmd;
  		uint32_t tablearg =3D 0;
 +		int accumulate; /* Novel@ code. */
  		int l, cmdlen, skip_or; /* skip rest of OR block */
 =20
  again:
 @@ -3006,6 +3022,11 @@
  				    flags_match(cmd, ip->ip_tos));
  				break;
 =20
 +			case O_IPTOSPRE:
 +				match =3D (is_ipv4 &&
 +				    flags_match(cmd, ip->ip_tos));
 +					break;
 +
  			case O_TCPDATALEN:
  				if (proto =3D=3D IPPROTO_TCP && offset =3D=3D 0) {
  				    struct tcphdr *tcp;
 @@ -3322,6 +3343,18 @@
  				match =3D 1;
  				break;
 =20
 +			/* Insert within IP ToS PRECEDENCE field. */
 +			case O_SETIPTOSPRE:
 +				accumulate =3D twowords(&ip->ip_tos);
 +				ip->ip_tos=3D cmd->arg1;
 +				accumulate -=3D twowords(&ip->ip_tos);
 +				ADJUST_CHECKSUM(accumulate, ip->ip_sum);
 +				f->pcnt++; /* update stats */
 +				f->bcnt +=3D pktlen;
 +				f->timestamp =3D time_second;
 +				goto next_rule;
 +			/* Insert within IP ToS PRECEDENCE field. */
 +
  			case O_PROBE_STATE:
  			case O_CHECK_STATE:
  				/*
 @@ -4119,6 +4152,7 @@
  		case O_FRAG:
  		case O_DIVERTED:
  		case O_IPOPT:
 +		case O_IPTOSPRE:
  		case O_IPTOS:
  		case O_IPPRECEDENCE:
  		case O_IPVER:
 @@ -4142,6 +4176,10 @@
  				goto bad_size;
  			break;
 =20
 +		case O_SETIPTOSPRE:
 +			have_action =3D 1;
 +			break;
 +
  		case O_UID:
  		case O_GID:
  		case O_JAIL:
 
 --------------020303030608020802080703--
 
 --------------enigEFB958632A87BA2B77182DFC
 Content-Type: application/pgp-signature; name="signature.asc"
 Content-Description: OpenPGP digital signature
 Content-Disposition: attachment; filename="signature.asc"
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.7 (FreeBSD)
 
 iD8DBQFHxBacovxJd1Pkz6gRAnKGAKCHs4KNB1M3IC0ii5JXvuiRXYJ9xACgiuMn
 vKLCJEusdTaOviePhj8i0OM=
 =lKcp
 -----END PGP SIGNATURE-----
 
 --------------enigEFB958632A87BA2B77182DFC--
State-Changed-From-To: open->closed 
State-Changed-By: araujo 
State-Changed-When: Tue Feb 26 14:25:03 UTC 2008 
State-Changed-Why:  
I re-open another PR with this patch without *quoted-printable*. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=121108 
>Unformatted:
