pf queue skipping

Lawrence Horvath Wed, 23 Aug 2006 03:33:32 -0700

I have the following config for my pf.conf and i noticed that nothing
shows in the queues for incomming:


##BEGIN_QUEUES##
altq on tl0 cbq bandwidth 3000Kb qlimit 200 queue { traffic_out, traffic_in }

queue traffic_out bandwidth 1500Kb qlimit 200 cbq { \
        other_out, ssh_out, ftp_data_out, ftp_control_out, http_out }

queue traffic_in  bandwidth 1500Kb qlimit 200 cbq { \
        other_in,  ssh_in,  ftp_data_in,  ftp_control_in,  http_in  }

        queue other_out bandwidth 100Kb qlimit 200 cbq (default, borrow)
      queue ssh_out bandwidth 100Kb qlimit 200 cbq (borrow)
      queue http_out bandwidth 200Kb qlimit 200 cbq (borrow)
      queue ftp_control_out bandwidth 100Kb qlimit 200 cbq (borrow)
        queue ftp_data_out bandwidth 1000Kb qlimit 200 cbq
        
        queue other_in  bandwidth 100Kb qlimit 200 cbq ( borrow )
      queue ssh_in  bandwidth 100Kb qlimit 200 cbq (borrow)
      queue http_in  bandwidth 200Kb qlimit 200 cbq (borrow)
      queue ftp_control_in  bandwidth 100Kb qlimit 200 cbq (borrow)
      queue ftp_data_in  bandwidth 1000Kb qlimit 200 cbq
##END_QUEUES##

##BEGIN_PACKETFILTERS##
block in on tl0 from any to any
pass in on tl0 proto tcp from any to any port 22 queue ssh_in
pass in on tl0 proto tcp from any to any port 20 queue ftp_data_in
pass in on tl0 proto tcp from any to any port 21 queue ftp_control_in
pass in on tl0 proto tcp from any to any port 80 queue http_in
pass in on tl0 proto udp from any to any port 53
pass in on tl0 proto icmp from any to any queue other_in

pass out on tl0 from any to any queue other_out keep state
pass out on tl0 proto tcp from any port 22 to any queue ssh_out
pass out on tl0 proto tcp from any port 20 to any queue ftp_data_out keep state
pass out on tl0 proto tcp from any port 21 to any queue ftp_control_out
pass out on tl0 proto tcp from any port 80 to any queue http_out
block out on tl0 proto icmp from any to any
##END_PACKETFILTERS##





queue root_tl0 bandwidth 3Mb priority 0 qlimit 200 cbq( wrr root )
{traffic_out, traffic_in}
 [ pkts:      44766  bytes:    2785500  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:   410.6 packets/s, 198.50Kb/s ]
queue  traffic_out bandwidth 1.50Mb qlimit 200 {other_out, ssh_out,
http_out, ftp_control_out, ftp_data_out}
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue   other_out bandwidth 100Kb qlimit 200 cbq( borrow default )
 [ pkts:          3  bytes:        374  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 4.14 b/s ]
queue   ssh_out bandwidth 100Kb qlimit 200 cbq( borrow )
 [ pkts:      44763  bytes:    2785126  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:  44016  suspends:      0 ]
 [ measured:   410.6 packets/s, 198.50Kb/s ]
queue   http_out bandwidth 200Kb qlimit 200 cbq( borrow )
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue   ftp_control_out bandwidth 100Kb qlimit 200 cbq( borrow )
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue   ftp_data_out bandwidth 1Mb qlimit 200
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue  traffic_in bandwidth 1.50Mb qlimit 200 {other_in, ssh_in,
http_in, ftp_control_in, ftp_data_in}
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue   other_in bandwidth 100Kb qlimit 200 cbq( borrow )
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue   ssh_in bandwidth 100Kb qlimit 200 cbq( borrow )
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue   http_in bandwidth 200Kb qlimit 200 cbq( borrow )
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue   ftp_control_in bandwidth 100Kb qlimit 200 cbq( borrow )
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]
queue   ftp_data_in bandwidth 1Mb qlimit 200
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
 [ qlength:   0/200  borrows:      0  suspends:      0 ]
 [ measured:     0.0 packets/s, 0 b/s ]



at this time i was transfering files into the server and it was not
showing in the incomming queues, not sure why, i know its hard to
"limit" incomming traffic, but this doesnt even show the traffic to
start with


# uname -a
OpenBSD localhost.localdomain 3.9 GENERIC.MP#598 i386

--
-Lawrence

pf queue skipping

Reply via email to