[pkg-netfilter-team] Bug#923880: ssh: IPQoS defaults change interacts badly with iptables -m tos
Peter Lebbing
peter at digitalbrains.com
Thu Aug 8 10:28:08 BST 2019
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> We can make it more concrete. Let's create an iptables rule with
> numerical values that matches DSCP CS6, which corresponds to IP
> Precendence 6, numerical value 0xC0, where in the terms of RFC 1349 bits
> 0 and 1 are set in the PRECEDENCE portion of the ToS octet.
I think I should emphasise the point that DSCP CS6 is the same as IP
Precedence 6 *by design*, it's not a coincidence. So the experiment
proves that IP Precedence 6 is encoded as 0xc0, which is what proves the
layout of the octet.
Peter.
- --
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEZQCNwiCq4qJXTWzVlp4Bj95s3KEFAl1L6ycACgkQlp4Bj95s
3KHnVgf/a7pav4qO9gYI0rMXi2GsIAtjxWKHaJheph8YXP3vP1LE1v+vOStQB+zC
MPFN1IcUElo0+8ozrQ2RQsus3f4KxJIGPVRSXNAWnprlcEF3NRvVAZBkIjMYSWX9
se/v3BnExMk+IU9sUhDw1nH8KFYosa84zbxbT1buoGxbUzEoXZyezBkEB3CSqqtB
kn4mSZEoWrkahYsW71bFW7IEfuhCfh7GGq4VmO3aoLxGjIqhjrQgI6Cu+j3XUn3G
Sz32dfH5QGgDhsNBIHjlZPr2zlUAhVPJRv/+kdtgXVQiNAQUmFbHLEzoMeGlk4LP
Q6J6xy9ZOK66q1UpIC2cygqdx4WbCA==
=zRTY
-----END PGP SIGNATURE-----
More information about the pkg-netfilter-team
mailing list