# Ipfw / tos



## ponemetski (Sep 26, 2009)

Hello

FreeBSD 7.1-release

Can you help me to set TOS of IP-packet?

```
[root@y22 /home/askn]# ipfw add 10 modip tos:lowdelay ip from any to any
ipfw: getsockopt(IP_FW_ADD): Invalid argument
```
firewal is in kernel (not module)

thank you


----------



## vlad2005 (Sep 26, 2009)

I check that problem and seem to be for real. I see one possibly wrong sequence in patch, an will correct that in short time (few hours).
Thanks for interest!


----------



## vlad2005 (Sep 26, 2009)

Ok, so easy way: edit this file /usr/src/sbin/ipfw/ipfw2.c
Identify line where have this (I think it's line number 4975):

```
fill_flags(action, O_IPTOS, f_iptos, s);
```
and change to be like this:

```
fill_flags(action, O_SET_IPTOS, f_iptos, s);
```
Then recompile kernel in your case.
I test and now command load without error. Please post what u get, and if it's ok i will post an new patch to resolve this issue.


----------



## ponemetski (Sep 28, 2009)

Rules are in IPFW but they dont change TOS.


```
# ipfw show
00011   18   2856 modip [b]tos:throughput[/b] ip from 192.168.101.3 to 192.168.101.191 dst-port 80
00011   10   1680 modip [b]tos:reliability[/b] ip from 192.168.101.3 to 192.168.101.191 dst-port 80
```

I am looking in tcpdump


```
#tcpdump -v | grep http
14:11:15.333008 IP ([b]tos 0x0[/b], ttl 128, id 12463, offset 0, flags [DF], proto TCP (6), length 464) 192.168.101.3.5500 > natasha.workgroup.http: P 849:1273(424) ack 660 win 64876
14:11:15.333877 IP (tos 0x0, ttl 64, id 916, offset 0, flags [DF], proto TCP (6), length 369) natasha.workgroup.http > 192.168.101.3.5500: P 660:989(329) ack 1273 win 65535
14:11:15.500165 IP (tos 0x0, ttl 128, id 12470, offset 0, flags [DF], proto TCP (6), length 40) 192.168.101.3.5500 > natasha.workgroup.http: ., cksum 0x55dc (correct), ack 989 win 64547
```


----------



## vlad2005 (Sep 28, 2009)

I'm not an guru in networking, and i don't know when tcpdump capture occur, before or after modification. Best, it's to use freebsd as router, and then capture packets that pass through router to another pc (capture on that pc). In this case it's sure that packet come after the rule it's applied. For moment i don't have an possibility to check but if u can will be great to know.


----------



## ponemetski (Sep 29, 2009)

Yes. It works. 
Thank you very much.
(7.1-release)


----------



## vlad2005 (Sep 29, 2009)

I'm glad to hear that!


----------



## WrEtCh (Oct 24, 2011)

*modip patch for FreeBSD 8.1, 8.2*

I am very interested about this patch, however, I work on FreeBSD 8.1 and 8.2. I am writing this post asking if anybody can make the patch to apply and then compile ipfw for FreeBSD version 8.1 and 8.2. 

Thank you in advance and best regards.


----------

