On Jan 11, 2:44=A0pm, s...@spacehopper.org (Stuart Henderson) wrote: > On 2011/01/11 12:46, Bonnie Packet wrote: > > > =A0 =A0 =A0 =A0 the question is how to manage it simultaneously with th= e > > download direction when those packets already part of an established, > > stateful TCP connection that bypasses the firewall rules. > > the PF state is associated with queue by name - you can use > the same queue name on more than one interface. in many situations > doing this gives you just enough control that you can limit traffic > in both directions on a single machine.
Stuart: *Ah* thanks - light bulb moment here. The only small problem that the way I want to "slice" the traffic up may be different in the inbound versus outbound directions (for example, prioritizing TCP acks in one direction matters a whole lot more than the other) - but as you helpfully point out, this still may give me "just enough" control to do what I need to. So would I have to have all the queues AND subqueues have exactly the same names, just on different interfaces? In other words, would I have to mirror them exactly (except they could have different characteristics/rates)? eg: altq on $internal_if cbq bandwidth 12Mb queue { std_wls, slow_wls, fast_wls, tcp_ack_wls } queue std_wls bandwidth 4Mb priority 1 cbq(default borrow) queue slow_wls bandwidth 1Mb priority 0 cbq(ecn) queue fast_wls bandwidth 6Mb priority 2 cbq(borrow) queue tcp_ack_wls bandwidth 1Mb priority 4 cbq(borrow) altq on $extl_if cbq bandwidth 1Mb queue { std_wls, slow_wls, fast_wls, tcp_ack_wls } queue std_wls bandwidth 300Kb priority 1 cbq(default borrow) queue slow_wls bandwidth 100Kb priority 0 cbq(ecn) queue fast_wls bandwidth 500Kb priority 1 cbq(borrow) queue tcp_ack_wls bandwidth 100Kb priority 3 cbq(borrow) (Note different queue sizes and priorities on external_if vs internal_if queues...) If this way works, it's not quite ideal, but it would certainly be Good Enough. /BP/