Re: pf set prio
* Andy [2013-09-10 11:38]: > PS; Thanks for your great work Henning (and others of course). > Hoping and keeping fingers crossed the new subsystem will make it > into 5.4 :) queueing? no, looks like 5.5 -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: pf set prio
On 2013-09-10, Andy wrote: > Ah I feared as much as its so close to the 5.4 release date. > "Good things come to those who wait" In order to give time to build packages for release, prepare CDs, etc, the release was cut around the end of July. (Exact timings vary from release to release, iirc this one was a little earlier than usual to give plenty of time to handle any fallout from the 64-bit time_t flag day).
Re: pf set prio
Ah I feared as much as its so close to the 5.4 release date. "Good things come to those who wait" Thanks, Andy On Tue 10 Sep 2013 10:47:18 BST, Peter N. M. Hansteen wrote: On Tue, Sep 10, 2013 at 10:37:17AM +0100, Andy wrote: PS; Thanks for your great work Henning (and others of course). Hoping and keeping fingers crossed the new subsystem will make it into 5.4 :) it did not make it into 5.4, 5.5 is still a possibility but the commit hasn't happened yet. - P
Re: pf set prio
On Tue, Sep 10, 2013 at 10:37:17AM +0100, Andy wrote: > PS; Thanks for your great work Henning (and others of course). > Hoping and keeping fingers crossed the new subsystem will make it > into 5.4 :) it did not make it into 5.4, 5.5 is still a possibility but the commit hasn't happened yet. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: pf set prio
On Tue, Sep 10, 2013 at 11:37 AM, Andy wrote: > PS; Thanks for your great work Henning (and others of course). Hoping and > keeping fingers crossed the new subsystem will make it into 5.4 :) Certainly not. It will be into 5.5.
Re: pf set prio
PS; Thanks for your great work Henning (and others of course). Hoping and keeping fingers crossed the new subsystem will make it into 5.4 :) Andy On 10/09/13 08:29, Peter N. M. Hansteen wrote: On Tue, Sep 10, 2013 at 11:17:58AM +0400, ?? ?? wrote: where can I read more about "set prio" in pf? man pf.conf tends to be the best source, you could also browse http://home.nuug.no/~peter/pf/newest/ for mentions, http://bulabula.org/papers/2012/eurobsdcon/ has quite a bit of detail about the implementation and some work that will hopefully hit the tree soonish.
Re: pf set prio
I love Henning's slides ;) On Tue 10 Sep 2013 08:29:12 BST, Peter N. M. Hansteen wrote: On Tue, Sep 10, 2013 at 11:17:58AM +0400, ?? ?? wrote: where can I read more about "set prio" in pf? man pf.conf tends to be the best source, you could also browse http://home.nuug.no/~peter/pf/newest/ for mentions, http://bulabula.org/papers/2012/eurobsdcon/ has quite a bit of detail about the implementation and some work that will hopefully hit the tree soonish.
Re: pf set prio
On Tue, Sep 10, 2013 at 11:17:58AM +0400, ?? ?? wrote: > where can I read more about "set prio" in pf? man pf.conf tends to be the best source, you could also browse http://home.nuug.no/~peter/pf/newest/ for mentions, http://bulabula.org/papers/2012/eurobsdcon/ has quite a bit of detail about the implementation and some work that will hopefully hit the tree soonish. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
pf set prio
where can I read more about "set prio" in pf?
Re: pf set prio
> > Does (pf set prio) work on Openbsd 5.3 x64 or i386?
> of course.
How can i see that it works? tcpdump or others progs?
> > Please can you write simple config for set prio in pf.conf?
> match set prio 5
this rule set prio 5 only the out traffic from server and in when he out
("state")?
Re: pf set prio
* Михаил Швецов [2013-06-13 16:54]: > Does (pf set prio) work on Openbsd 5.3 x64 or i386? of course. > Please can you write simple config for set prio in pf.conf? match set prio 5
pf set prio
Does (pf set prio) work on Openbsd 5.3 x64 or i386?
Please can you write simple config for set prio in pf.conf?
For example(does it work?):
set skip on lo
match out on $ext_if from { $int_if:network } nat-to ($ext_if)
block
pass out
pass in on $int_if
pass in inet proto icmp
pass on $int_if proto tcp to port ssh set prio 6
pass on $int_if proto tcp from port ssh set prio 6
pass on $ext_if proto tcp to port ssh set prio 6
pass on $ext_if proto tcp from port ssh set prio 6
Set prio may prioritize only outbound trafic(how altq) or "in" too?
When i use queue i can see in `systat q`. And how with "set pf prio", HOW TO
SEE
that ssh (prio 6) go away before other trafic(www for example) WHAT command
to
use tcpdump or pfctl or log this trafic? How to know that prio works?
P.S
And read other posts(messages) i see 2 (two) commands "prio X" and "set prio
X"
1:(something OpenBSD 5.0 -5.1)
block all
pass in on $int_if prio 5
2:(OpenBSD 5.3)
block all
pass in on $int_if set prio 5
does rule1=rule2
or
rule1: pass in on $int_if only traffic with prio 5
rule2: pass in on $int_if all traffic and set him(traffic) prio 5
???
