Only scanned your email but try removing the IN.
The rule I always remember is; When the SYN packet ingresses the interface
state will be created with the queue tag if a rule matches and states to do
so, as subsequent packets egress an interface if their is a matching state
with a queue name which matches one of the queues on that interface the
queue will be used.
So you look ok to me. Try adding the 'upperlimit' property to your hfsc
properties.
NB; I haven't tested Hennings new queuing subsystem yet so just guessing.
Cheers, Andy.
On Tue, 15 Oct 2013 16:32:16 +0400, Wesley MOUEDINE ASSABY
<open...@e-solutions.re> wrote:
> Le 2013-10-15 16:18, Norman Golisz a écrit :
>> On Tue Oct 15 2013 14:08, Norman Golisz wrote:
>>> On Tue Oct 15 2013 15:48, Wesley MOUEDINE ASSABY wrote:
>>> > When i download a file using the host 192.168.1.1
>>> > and do at the same time :
>>> >
>>> > # pfctl -vvs queue
>>> >
>>> > queue restriction on axe0 bandwidth 800K qlimit 50
>>> > [ pkts: 0 bytes: 0 dropped pkts: 0
>>> bytes:
>>> > 0 ]
>>> > [ qlength: 0/ 50 ]
>>> > [ measured: 0.0 packets/s, 0 b/s ]
>>> > queue employee parent restriction on axe0 bandwidth 10K qlimit 50
>>> > [ pkts: 21119 bytes: 30624777 dropped pkts: 0
>>> bytes:
>>> > 0 ]
>>> > [ qlength: 0/ 50 ]
>>> > [ measured: 115.8 packets/s, 1.35Mb/s ]
>>>
>>> yap, bandwidth restrictions apply on upload, only. So, you're
>>> effectively using 10K for TCP ACK packets.
>>
>> you might want to restrict bandwidth on the LAN interface, though.
>> You'd
>> configure the queues as above on the LAN interface and apply packets
>> going "out"/upload.
>
> Actually, queue is defined on axe0 ("IN"); it is the lan interface.
> It doesn't work (downloading limited).
>
> I already tried this:
> block all
> pass in log quick on lan from $employee set queue employee tag policy1
> pass in on lan
> pass log quick tagged policy1
> pass out on egress
> # Downloading still not limited.
>
> Any idea ?
>
> --
> Wesley
