Request for a pointer - Linux modifying DSCP on replies?
mysidia at gmail.com
Mon Aug 17 19:33:45 CDT 2009
On Mon, Aug 17, 2009 at 4:19 PM, Darren Bolding<darren at bolding.org> wrote:
> the ICMP reply leaves with the same DSCP marking.
ICMPs may have special treatment. This is the kernel replying, not a
> However, when I do this with apache and mysql connections (TCP 80/3306), the
> incoming packets are marked, but the replies are not.
I haven't known Linux to automatically apply DSCP markings.
Believe this operation may be by design. Not everyone is likely to
want response traffic to have the same markings for all TCP protocols.
HTTP requests are often small request, big response. People might
sometimes want low delay for the request but higher throughput for
HTTP responses (though higher delay compared to other applications
sharing that bandwidth).
If an application developer wants a Linux computer to apply DSCP or TOS bits,
either, the application needs to elect to set ToS bits using
setsockopt(), SO_PRIORITY, and SO_TOS on the socket descriptor
itself... the app must be running as superuser to do this
Or you may also be able to set the bits using iptables and the mangle table.
# iptables -t mangle -I OUTPUT -p tcp --sport 80 -j DSCP --set-dscp 0x1a
You may also be able to use a CONNMARK iptables target to mark a connection ,
and then use the mangle table to set the DSCP field of OUTPUT packets
that match the connection mark.
More information about the NANOG