On Mon, Aug 17, 2009 at 4:19 PM, Darren Bolding<darren@bolding.org> wrote:
the ICMP reply leaves with the same DSCP marking. ICMPs may have special treatment. This is the kernel replying, not a user application. However, when I do this with apache and mysql connections (TCP 80/3306), the incoming packets are marked, but the replies are not.
I haven't known Linux to automatically apply DSCP markings. Believe this operation may be by design. Not everyone is likely to want response traffic to have the same markings for all TCP protocols. HTTP requests are often small request, big response. People might sometimes want low delay for the request but higher throughput for HTTP responses (though higher delay compared to other applications sharing that bandwidth). If an application developer wants a Linux computer to apply DSCP or TOS bits, either, the application needs to elect to set ToS bits using setsockopt(), SO_PRIORITY, and SO_TOS on the socket descriptor itself... the app must be running as superuser to do this Or you may also be able to set the bits using iptables and the mangle table. e.g. # iptables -t mangle -I OUTPUT -p tcp --sport 80 -j DSCP --set-dscp 0x1a You may also be able to use a CONNMARK iptables target to mark a connection , and then use the mangle table to set the DSCP field of OUTPUT packets that match the connection mark. -- -J