Windows Packets And TOS
Results 1 to 8 of 8

Thread: Windows Packets And TOS

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    188

    Windows Packets And TOS

    I made a strange observation, every windows packet no matter what has TOS value in the packet
    as interactive, which means windows packets always get preference over other packets during
    routing.Is that not unfair ???

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'm not sure what you mean by interactive... Can't say I've heard that word mentioned with reference to the ToS field.

    Here's a brief run down on the subject. The ToS field was never really utilized as intended.... leaving it open for manufacturers and ISPs to use as they please.

    The result (originally) was IP Precedence was commonly used... This used the first three bits of the field (which is 8 bits long)... You then had 8 options from best effort delivery up to a guarenteed delivery. Now the more common way is to use something called DSCP (Differentiated Services Code Point)... WIth this you use the last 6 bits of the field and you have 64 options (0 - 63)...

    There's also a layer 2 precedence type setting called Class of Service (CoS)... This is set in the 802.1q tag using 802.1p (prioritization).. it uses 8 options (0 - 7) and is transfered to layer 3 TOS as IP Precedence (when you do the math you can see that IP Precedence and DSCP can be directly linked due to the over lapping bits).

    These are only supported by switches (CoS) and routers (IP Prec/DSCP) that are configured to handle them... There are a few options that you can set on switches (primarily because anyone that bought a 802.1q compliant card could give themselves a higher priority)... A Switch can accept the set value, can set it's own value if no value is set, or override a set value and return it to 0/reset it. This is primarily used these days for integrated voice, video, data... You have to ensure certain bandwidth to certain applications...

    To sum it all up... having a certain bit set in your TOS field in the IP Header doesn't mean anything.. It depends on the configuration of all the devices in the path that that packet will travel.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    Picture this then

    Linux pays attention to TOS field especially when it is configured as a gateway.
    So windows packets will always get preference hogging the Un!x machines!!!.

    We need to turn off the TOS-Routing option in the kernel during a kernel rebuild.

    http://www.cs.helsinki.fi/linux/linu...1-22/0386.html

  4. #4
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by warl0ck7
    Picture this then

    Linux pays attention to TOS field especially when it is configured as a gateway.
    So windows packets will always get preference hogging the Un!x machines!!!.

    We need to turn off the TOS-Routing option in the kernel during a kernel rebuild.

    http://www.cs.helsinki.fi/linux/linu...1-22/0386.html
    Hey Hey,

    All that link does (which is 4 years old and rather outdated now) is point out how to patch the kernel to function based on DSCP instead of IP Precedence. You still have to understand how it works... it won't hog the machines... The precedence is used along with the queuing type you have to determine what happens. Do you have queuing enabled on your linux gateway? Is it Class Based Weighted Fair Queuing, Low Latency Queuing, Weighted Fair Queuing or others. The precedence along with the formula that the queuing type uses determines how many of each packet are sent from the queue. It may work out to 10 of this type of packet, and then 5 of this type of packet... There's a lot more to it than just setting a bit to on or off. If you're worried about it then turn it off... but the ToS field is still considered to technically be an unused field.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  5. #5
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    Linux pays attention to TOS field especially when it is configured as a gateway.
    So windows packets will always get preference hogging the Un!x machines!!!.

    We need to turn off the TOS-Routing option in the kernel during a kernel rebuild.
    Im not sure of that. But i cant argue without some research, but..

    If you have a linux router, you can change packets thru Netfilter (a.k.a. iptables), using mangle tables
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  6. #6
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by warl0ck7
    So windows packets will always get preference hogging the Un!x machines!!!.
    Wow. How did a really interesting start to a thread turn into a "My disc is bigger than your disc!" OS pissing contest? Lame.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  7. #7
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    TOS routing is real as it can get. What i am trying to emphasize is; it is bad
    on micro$ofts part to label TOS value on each packet as Interactive.

    Also see RFC 2474.

  8. #8
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    The RFC that you posted is for DSCP.... that's a method of setting the Quality of Service.... it doesn't necessily imply ToS routing.. it's entirely possible that Linux using IP Precedence for anything that's related to Linux QoS (what you call ToS Routing)... If not.. it's possible that it only uses DSCP and it's entirely possible that Linux is using IP Precedence... it may not even look at the fields that are being set. As for every packet setting itself to Interactive... I'm not sure you get it... The field sets priority (Best Effort, Less than Best Effort, Guaranteed, etc).

    I'm also not sure why you think that every Windows packet sets it... Check the attached screenshot and you will see a Windows ICMP Echo and that the ToS field has a value of 0.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides