So I can have queues on both interfaces :-) Which is what I am trying to do, but it just doesnt seem to work for me :-( Any suggestions please?
On Tue, Feb 26, 2008 at 3:23 PM, Calomel <[EMAIL PROTECTED]> wrote: > Stuart/Adam, > > Thanks for the correction. After a quick test, queues on both interfaces > using the same names or different names do work as expected. > > Thanks again. > > > -- > Calomel @ http://calomel.org > Open Source Research and Reference > > > > > On Tue, Feb 26, 2008 at 10:09:59AM +0000, Stuart Henderson wrote: > >On 2008/02/25 23:22, Adam Retter wrote: > >> All of the examples that I have seen use two queues, one on the > >> external interface and one on the internal interface. The example > >> given in the PF manual on the OpenBSD website itself also shows a 2 > >> queue setup - http://www.openbsd.org/faq/pf/queueing.html#example1 > > > >you can have queues on >1 interface with the same name. and > >queue assignment doesn't have to happen on the interface holding > >the queue. > > > >if you're queueing on internal+external interfaces, this can make > >it simpler to get filter rules written which assign traffic to the > >queues you want. > > > >I tried to explain this well enough to get it into pf.conf(5) but > >haven't managed to come up with anything suitable yet (it probably > >needs a bunch of existing text being rewritten rather than just > >adding something new ..) > > > >this post might help: > > > >From: Henning Brauer <[EMAIL PROTECTED]> > >Date: Mon, 9 Oct 2006 14:52:03 +0200 > >To: pf@benzedrine.cx > >User-Agent: Mutt/1.5.12-2006-07-14 > >Subject: Re: Request for feature: queue assignment for back packets (Was: > ACKs > > queueing) > > > >* Federico Giannici <[EMAIL PROTECTED]> [2006-10-09 12:51]: > >> Henning Brauer wrote: > >> >* Federico Giannici <[EMAIL PROTECTED]> [2006-10-08 20:32]: > >> >>I solved my case in a good way, but I'm currently not using states. I > >> >>think that a general, intuitive and efficient solution could be useful. > >> >> > >> >>The problem: queue assignment of "back" packets of TCP flows when "keep > >> >>state" is used and queues are used in both directions. Currently the > >> >>only solution seems to be to (almost) replicate the same rules for both > >> >>interfaces ("in" and "out"). So the same rules are evaluated two time: > >> >>more use of CPU and more rules to maintain. > >> > > >> >this is untrue, you can just create queues with the same names on both > >> >interfaces. queue assignment does not have to happen on the interface > >> >where the queue lives. > >> > >> That's really interesting. > >> > >> And now the "on _interface_" parameter of the "queue" command start to > >> make sense... > > > >well, let me explain (again. I did this before, must be in the > >archives). > > > >when a rule matches that has a queue assignment, the packet gets tagged > >with the queue name (not really the name, but that is what it comes > >down to). > > > >the packet then travels through the system like it always does. > > > >when it hits the outboind queuing stage (i. e. queueing on the > >interface where it will leave the machine), the altq routines check for > >the tag. if it is not there, the packet goes to teh default queue. if > >the tag is there, altq checks wether a queue with that name exists. if > >yes, the packet is queued there, otherwise it is put into the default > >queue. > > > >you see, it is not like the packets gets put into a queue when a pf > >rule assigns it. it happens way later. and thus your cas eis already > >covered. > > > >-- > >Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] > >BS Web Services, http://bsws.de > >Full-Service ISP - Secure Hosting, Mail and DNS Services > >Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam > -- Adam Retter Software Pimp Extraordinaire
