On Tue, 16 Aug 2011 11:20:45 -0400 Michel Blais <mic...@targointernet.com> wrote
> Hi, > > I'm having a problem to shape download with PF. I have 2 HFSC queue > (main and second) created on my internal NIC. Main is my default > queue. If I try to match download traffic to the second queue, it still > go trought the main queue. > > The IP I want to download trought the second queue for my test > unit is 10.254.200.2 > $ext_if=re0 > $int_if=re1 > > My rule to foward traffic to second queue is : > match out on $int_if from any to 10.254.200.2 > I also try with pass instead of match > > Look fine if I check the bob exemple in this faq : > http://www.openbsd.org/faq/pf/queueing.html#example1 > > pfctl -vvsq still show traffic on main queue : > > queue main on re1 bandwidth 1Mb priority 2 qlimit 100 hfsc( red default > upperlimit 97Mb ) > [ pkts: 24701 bytes: 37333295 dropped pkts: 0 > bytes: 0 ] > [ qlength: 0/100 ] > [ measured: 236.4 packets/s, 2.86Mb/s ] > queue second on re1 bandwidth 1Mb priority 0 qlimit 250 hfsc( red > upperlimit 97Mb ) > [ pkts: 0 bytes: 0 dropped pkts: 0 > bytes: 0 ] > [ qlength: 0/250 ] > [ measured: 0.0 packets/s, 0 b/s ] > > pftop -v rules show me that the rule don't match > 12 Pass out re1 K 0 0 0 inet from any to 10.254.200.2/32 flags > S/SA queue second > > I can see my download with tcpdump : > # tcpdump -i re1 host 10.254.200.2 > ... > 10:49:19.802505 10.254.200.2.49266 > hammurabi.acc.umu.se.www: . ack > 832200 win 64240 (DF) > 10:49:19.802716 hammurabi.acc.umu.se.www > 10.254.200.2.49266: . > 832200:833660(1460) ack 1 win 6564 (DF) > 10:49:19.802911 hammurabi.acc.umu.se.www > 10.254.200.2.49266: . > 833660:835120(1460) ack 1 win 6564 (DF) > 10:49:19.803040 hammurabi.acc.umu.se.www > 10.254.200.2.49266: . > 835120:836580(1460) ack 1 win 6564 (DF) > 10:49:19.803211 10.254.200.2.49266 > hammurabi.acc.umu.se.www: . ack > 836580 win 64240 (DF) > 10:49:19.803248 hammurabi.acc.umu.se.www > 10.254.200.2.49266: . > 836580:838040(1460) ack 1 win 6564 (DF) > 10:49:19.803252 hammurabi.acc.umu.se.www > 10.254.200.2.49266: . > 838040:839500(1460) ack 1 win 6564 (DF) > 10:49:19.803367 hammurabi.acc.umu.se.www > 10.254.200.2.49266: . > 839500:840960(1460) ack 1 win 6564 (DF) > ... > > I have pass days on this with OpenBSD 4.9 and > FreeBSD 8.2 without result. > > I even tryed every 8 possible rules at the same time and > pfctl was still showing traffic trought the main queue on : > > match in on re0 from any to 10.254.200.2 queue second > match in on re1 from any to 10.254.200.2 queue second > match out on re0 from any to 10.254.200.2 queue second > match out on re0 from any to 10.254.200.2 queue second > match in on re0 from 10.254.200.2 to any queue second > match in on re1 from 10.254.200.2 to any queue second > match out on re0 from 10.254.200.2 to any queue second > match out on re0 from 10.254.200.2 to any queue second > > in this case, pftop was showing that it > match out on re0 from 10.254.200.2 to any > match on re1 from 10.254.200.2 to any > it look like only upload rule match > > Can somebody help me on this ? > > Thanks > > Michel > > P.S : I have a VoIP queue that I will add after that will need the > realtime option, that why I'm using HFSC. I don't know what is your complete ruleset. with "match(pass) out on $int_if from any to 10.254.200.2" pf will match your main (default) queue. Try this pass in quick on $int_if from 10.254.200.2 to any queue second pass in quick on $int_if from <other ip address> to any queue main
