David Newman wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/7/07 8:59 AM, Stuart Henderson wrote:
On 2007/09/07 08:41, David Newman wrote:
1. I believe "keep state" is still needed when using queuing. The
pf.conf manpage says it must be specified explicitly to apply options to
a rule.
Only for state-related options (max-src-conn-rate and so);
queue is separate (and may also be used where you don't keep state).
Ah, ok -- thanks.
2. The "queue (class1, class2)" syntax assumes class1 TOS == 0 and
class2 TOS != 0.
look for pqid in sys/net/pf.c or just look at QUEUEING in pf.conf(5):
Packets can be assigned to queues based on filter rules by using the
queue keyword. Normally only one queue is specified; when a second one
is specified it will instead be used for packets which have a TOS of
lowdelay and for TCP ACKs with no data payload.
Again, thanks. The OP's pass out rule puts at least some VoIP traffic
into the first queue:
pass out log quick on $ext_if proto {tcp,udp} from $VOIP_SERVERS to any
port $VOIP_PORTS queue (voip_out, tos_lowdelay_out)
We don't know how voip_out differs from tos_lowdelay_out
I'm not sure what you mean but I think they differ in that tos_lowdelay
out has +1 higher priority
, but my
understanding is that voip_out will only go into that queue if its TOS
value is 0. True?
My understanding is that any packets marked TOS lowdelay (by my VoIP
server for instance. ie, rtp packetes) will get pushed into the
tos_lowdelay_out queue.
Doing things the way Stuart said in his first post (queuing the inbound
packets) seems to work.
One question, though, because I'm not sure:
Once you have created a default queue - do all packets go into that
queue REGARDLESS of whether or not they match a rule in which they're
assigned to a specific queue?
