dear all,
i have this setup :
internet <--> squid <--> openbsd limiter <--> client
on squid using zph i've mark with tos 0x30,
on limiter:
pass out quick log on $client_if proto tcp from any to <client> tos
0x30 no state queue q_tos
then when i'm monitor on pflog0 there's no match for rule with tos
describe above, but
when i tcpdump $client_if there are packets with tos 0x30.
no state used because after searching archive i found some suggest to use it.
but i'm still not able to queue the tos packet.
my question is what may cause this behaviour? is it because pf was too
late to see
the marked packet or what ?
thanks n regards,
-Agung
===
my pf:
client_if = vlan100
set ruleset-optimization none
set optimization normal
set block-policy drop
set skip on { lo0 }
set reassemble yes no-df
match out all scrub (random-id no-df)
match in all scrub (no-df)
altq on $client_if hfsc bandwidth 100Mb $ql queue { q_def q_tos }
queue q_def on $client_if bandwidth 50% hfsc(red upperlimit 75% default)
queue q_tos on $client_if bandwidth 70% hfsc(red upperlimit 85%)
pass out quick log on $client_if proto tcp from any to <client> tos
0x30 no state queue q_tos
pass out quick log on $client_if from any to <client> queue q_def
