Re: pf queue max bug

[Atanas Vladimirov]

Hi,
I rewrote my rulesets with no luck:

QUEUE                   BW SCH  PRIO     PKTS    BYTES   DROP_P   DROP_B 
QLEN BORROW SUSPEN     P/S     B/S
rootq on em0           98M                  0        0        0        0 
   0                     0       0
 inter                  1M             179572  214136K        0        0 
   0                   898 1232993
 bg                    10M               6360   727764        0        0 
   0                     3     308

queue rootq on em0 bandwidth 98M, max 99M qlimit 50
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     
 0 ]
  [ qlength:   0/ 50 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue inter parent rootq on em0 bandwidth 1M, max 2M default qlimit 50
  [ pkts:      67209  bytes:   80035513  dropped pkts:      0 bytes:     
 0 ]
  [ qlength:   0/ 50 ]
  [ measured:  1172.0 packets/s, 11.13Mb/s ]
queue bg parent rootq on em0 bandwidth 10M, max 15M qlimit 50
  [ pkts:       1858  bytes:     215486  dropped pkts:      0 bytes:     
 0 ]
  [ qlength:   0/ 50 ]
  [ measured:    32.5 packets/s, 30.58Kb/s ]


----------------------------------------
pf.conf
----------------------------------------
### Interfaces ###
 ExtIf ="em0"
 IntIf ="vlan41"
 Free  ="vlan81"

 sam = "192.168.1.18"

### Tables ###
  table <bgnets> file "/etc/bgnets"
  table <spamd-white> persist
  table <bgp-spamd-bypass> persist

### Misc Options
 set loginterface $ExtIf
 set skip on { lo, enc0 }
 set limit table-entries 400000  # Full list is 200k entries as of March 
1

################ Queueing 
####################################################

 queue rootq on $ExtIf bandwidth 98M, max 99M
  queue inter parent rootq bandwidth 1M, max 2M default
  queue bg parent rootq bandwidth 10M, max 15M

################ Translation and Filtering 
###################################

### BLOCK all in/out on all interfaces by default and log
 block return log on $ExtIf
 block return log on $IntIf
 block return log on $Free

### Network Address Translation (NAT with outgoing source port 
randomization)
 match out log on egress from $IntIf:network \
        to any nat-to ($ExtIf:0)
 match out log on egress from $Free:network \
        to any nat-to ($ExtIf:0)

### NAT from IntIf to FreeWifi
 match out log on $Free from $IntIf:network \
        to $Free:network nat-to ($Free:0)

### Packet normalization ( "scrubbing" )
 match log on $ExtIf all scrub (random-id max-mss 1440)

### $ExtIf inbound ################

# dns nsd
  pass in log on $ExtIf inet proto {tcp, udp} from any \
 to ($ExtIf) port domain set queue inter
  pass in log on $ExtIf inet proto {tcp, udp} from <bgnets> \
 to ($ExtIf) port domain set queue bg

# OpenSMTPD
  pass in log quick on $ExtIf inet proto tcp from <bgp-spamd-bypass> \
 to ($ExtIf) port smtp set queue  inter rdr-to lo0
  pass in log on $ExtIf inet proto tcp from any \
 to ($ExtIf) port smtp rdr-to lo0 port spamd
  pass in log on $ExtIf inet proto tcp from <spamd-white> \
 to ($ExtIf) port smtp set queue  inter rdr-to lo0

# Nginx
  pass in log on $ExtIf inet proto tcp from any \
 to ($ExtIf) port {www, https} set queue  inter rdr-to lo0
  pass in log on $ExtIf inet proto tcp from <bgnets> \
 to ($ExtIf) port {www, https} set queue bg rdr-to lo0


# Ntpd ( time server )
  pass in log on $ExtIf inet proto udp from any \
 to ($ExtIf) port ntp set queue inter
  pass in log on $ExtIf inet proto udp from <bgnets> \
 to ($ExtIf) port ntp set queue bg

### End $ExtIf inbound ###########

### $IntIf outbound ###########

# Allow self to reach Lan
  pass out log on $IntIf inet proto {tcp, udp, icmp} from (self) \
 to $IntIf:network

### End $IntIf outbound ###

### $IntIf inbound ###############

# Allow all out
  pass in log on $IntIf inet proto {tcp, udp, icmp} from $IntIf:network 
\
 to any

# Allow SamKnows to run it's tests
  pass in log on $IntIf inet proto {tcp, udp, icmp} from $sam \
 to any tag SAM

### End $IntIf inbound ###

### $ExtIf outbound ###

## TCP ##
# Queue default
  pass out log on $ExtIf inet proto tcp from ($ExtIf) \
 to any set queue inter
  pass out log on $ExtIf inet proto tcp from ($ExtIf) \
 to <bgnets> set queue bg

# Queue dns
  pass out log on $ExtIf inet proto tcp from ($ExtIf) \
 to any port domain set queue inter
  pass out log on $ExtIf inet proto tcp from ($ExtIf) \
 to <bgnets> port domain set queue bg

## UDP ##
# Queue default
  pass out log on $ExtIf inet proto udp from ($ExtIf) \
 to any set queue inter
  pass out log on $ExtIf inet proto udp from ($ExtIf) \
 to <bgnets> set queue bg

# Queue dns
  pass out log on $ExtIf inet proto udp from ($ExtIf) \
 to any port domain set queue inter
  pass out log on $ExtIf inet proto udp from ($ExtIf) \
 to <bgnets> port domain set queue bg

# Queue ntp
  pass out log on $ExtIf inet proto udp from ($ExtIf) \
 to any port ntp set queue inter
  pass out log on $ExtIf inet proto udp from ($ExtIf) \
 to <bgnets> port ntp set queue bg

# ICMP
  pass out log on $ExtIf inet proto icmp from ($ExtIf) \
 to any set queue inter
  pass out log on $ExtIf inet proto icmp from ($ExtIf) \
 to <bgnets> set queue bg

# SamKnows
  pass out log on $ExtIf inet proto {tcp, udp, icmp} from ($ExtIf) \
 to any set queue inter tagged SAM
  pass out log on $ExtIf inet proto {tcp, udp, icmp} from ($ExtIf) \
 to <bgnets> set queue bg tagged SAM

### End $ExtIf outbound ###########