* Maxim Khitrov <m...@mxcrypt.com> [2013-12-22 18:44]: > On Fri, Dec 20, 2013 at 4:11 PM, Maxim Khitrov <m...@mxcrypt.com> wrote: > > I was under the impression that the packet priority was always set to > > 3 prior to the pf ruleset evaluation (ignoring VLAN and CARP for a > > moment), and that 'set prio' on an inbound rule only affected > > returning traffic that matched the state entry. Here's an artificial > > example: > > > > pass out on $wan > > pass in on $lan set prio 7 > > > > What will be the priority of outbound packets on the $wan interface, 3 > > or 7? Looking at the code in pf.c, the priority is copied to > > m->m_pkthdr.pf.prio, but I'm not sure where this value is initialized > > or reset. > > I think I figured this out, but I would appreciate a confirmation. The > m_pkthdr.pf.prio value is set to IFQ_DEFPRIO (3) in > sys/kern/uipc_mbuf.c when a new mbuf is allocated. It is not modified > after that except by pf rules. Therefore, packets going out on $wan in > my example will have their priority set to 7. Essentially, priorities > behave the same as tags. > > The difference is that priorities are saved in the state entries, so > all subsequent packets coming in on $lan and matching an existing > state will have a priority of 7 when going out on $wan. Returning > packets will keep a default priority of 3 after crossing $wan, but > this will be changed to 7 when they match the state outbound on $lan. > > Correct?
pretty much, there are a few cases (liek carp announcements) that get a higher priority by default. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
