Hi,
I'm (re)trying out queuing possibilities in 6.2.
I am trying out different possibilities, mixing queue with prio.
I have accidentally put two different lines in my pf.conf:
match proto tcp to any port domain set prio 6 set queue dns
match proto udp to any port domain set queue dns pri
Il 11/05/2017 01:42, Erling Westenvik ha scritto:
> Check out pfctl(8) and the -F option. The issue might be resolvable
> simply by flushing one or more of the filter parameters you'll find
> there.
I had always assumed that loading a new ruleset with pfctl -f also
implied "-F all".
This explain
On Thu, May 11, 2017 at 12:09:26AM +0200, Gabriele Tozzi wrote:
>
> Looks like I've solved by only renaming the queues.
>
> Instead of naming them "high", "normal" and "low", I have now named them
> "exthi", "extstd" and "extlo" and then everything seems to work as expended.
>
> Maybe "high" is a (
Looks like I've solved by only renaming the queues.
Instead of naming them "high", "normal" and "low", I have now named them
"exthi", "extstd" and "extlo" and then everything seems to work as expended.
Maybe "high" is a (maybe undocumented) reserved queue name?
Il 10/05/2017 20:56, Luis Coronado ha scritto:
> but perhaps someone else would be able to see something that you didn't,
> hence the requirement to share the file.
I understand, but it contains sensitive information that I prefer not to
share. If you could tell me what to look for, I will look f
but perhaps someone else would be able to see something that you didn't,
hence the requirement to share the file.
-luis
On Wed, May 10, 2017 at 12:50 PM, Gabriele Tozzi wrote:
>
> Il 10/05/2017 14:45, Daniel Melameth ha scritto:
> >> queue ext on $Ext bandwidth 900K
> >> queue normal parent e
Il 10/05/2017 14:45, Daniel Melameth ha scritto:
>> queue ext on $Ext bandwidth 900K
>> queue normal parent ext bandwidth 386K, max 850K qlimit 10 default
>> queue high parent ext bandwidth 193K qlimit 10
>> queue low parent ext bandwidth 193K, max 540Kb qlimit 10
>
> You'll have to post your p
On Wed, May 10, 2017 at 4:47 AM, Gabriele Tozzi wrote:
> I have a quite simple pf setup: I have defined 3 queues for my external
> interface in my pf.conf:
>
> queue ext on $Ext bandwidth 900K
> queue normal parent ext bandwidth 386K, max 850K qlimit 10 default
> queue high parent ext bandwidth
Hello there,
I have noticed some weirdness when using "pfctl -s queue -v" so I have
decided to investigate.
I have a quite simple pf setup: I have defined 3 queues for my external
interface in my pf.conf:
queue ext on $Ext bandwidth 900K
queue normal parent ext bandwidth 386K, max 850K qlimit 1
On Fri, 2 Dec 2016 12:14:56 + (UTC)
Stuart Henderson wrote:
> On 2016-11-25, Marko Cupać wrote:
> > Hi,
> >
> > I'd like to do limit bandwidth on gre tunnel protected with ipsec in
> > transport mode.
> I haven't tried this exact scenario. But I understand the general way
> things work and
On 2016-11-25, Marko Cupać wrote:
> Hi,
>
> I'd like to do limit bandwidth on gre tunnel protected with ipsec in
> transport mode.
>
> I've set single default queue on gre interface, matched everything
> that goes out to that queue, and finally passed everything out that
> interface:
>
> # SNIP
>
Hi,
I'd like to do limit bandwidth on gre tunnel protected with ipsec in
transport mode.
I've set single default queue on gre interface, matched everything
that goes out to that queue, and finally passed everything out that
interface:
# SNIP
queue mother on gre204 bandwidth 25M min 25M max 25M
On 2016-03-09, Mihai Popescu wrote:
>> -
>> queue download on $if_int bandwidth 10M max 10M
>> queue ssh parent download bandwidth 1M
>> queue web parent download bandwidth 8M
>> queue bulk parent download bandwidth 1M default
>>
>> match to port sshset queue ssh
>> match from port
On Wed, 9 Mar 2016 12:58:39 -0500
Christopher Sean Hilton wrote:
> I've also been trying to get help with queuing. Perhaps we can help
> each other out.
>
> I'm using queuing to alleviate bufferbloat and make my son's gaming
> performance better. I'm on an asymetric cablemodem connection here in
On Wed, 9 Mar 2016 21:28:10 +0200
Mihai Popescu wrote:
> > -
> > queue download on $if_int bandwidth 10M max 10M
> > queue ssh parent download bandwidth 1M
> > queue web parent download bandwidth 8M
> > queue bulk parent download bandwidth 1M default
> >
> > match to port sshset q
On Thu, 10 Mar 2016 13:28:11 +1100
Darren Tucker wrote:
> On Thu, Mar 10, 2016 at 1:38 AM, Marko Cupać
> wrote: [...]
> > queue download on $if_int bandwidth 10M max 10M
>
> What's $if_int set to?
>
> I played with queueing recently and initially used interface group
> names instead of interface
On Thu, Mar 10, 2016 at 1:38 AM, Marko Cupać wrote:
[...]
> queue download on $if_int bandwidth 10M max 10M
What's $if_int set to?
I played with queueing recently and initially used interface group
names instead of interface names ("queue foo on egress ...") since
that's how the rest of my rules
On Wed, Mar 09, 2016 at 02:45:36PM -0700, Daniel Melameth wrote:
> On Wed, Mar 9, 2016 at 10:58 AM, Christopher Sean Hilton
> wrote:
> > I'm using queuing to alleviate bufferbloat and make my son's gaming
> > performance better. I'm on an asymetric cablemodem connection here in
> > the U.S. My dow
On Wed, Mar 9, 2016 at 10:58 AM, Christopher Sean Hilton
wrote:
> I'm using queuing to alleviate bufferbloat and make my son's gaming
> performance better. I'm on an asymetric cablemodem connection here in
> the U.S. My download is 100M and my upload is 40M. I use a queue
> definition similar to t
> -
> queue download on $if_int bandwidth 10M max 10M
> queue ssh parent download bandwidth 1M
> queue web parent download bandwidth 8M
> queue bulk parent download bandwidth 1M default
>
> match to port sshset queue ssh
> match from port sshset queue ssh
> match to port {
On Wed, Mar 09, 2016 at 03:38:30PM +0100, Marko CupaÄ wrote:
> Hi,
>
[... snip ...]
I've also been trying to get help with queuing. Perhaps we can help
each other out.
I'm using queuing to alleviate bufferbloat and make my son's gaming
performance better. I'm on an asymetric cablemodem connecti
On Wed, Mar 09, 2016 at 03:38:30PM +0100, Marko Cupać wrote:
> Hi,
>
[ ...snip... ]
> So, what exactly do I need to do to submit bug report? Any outputs of
> any commands? Logs? I understand developers won't take my word for it,
> but I simply don't know how to prove it, except watching output of
Hi,
Over last few months, in a few separate threads here on misc@, I have
been trying to call attention to the fact that pf queueing mechanism
does not shape traffic as it should, at least on my APU box.
It took me some time to test hundreds of possible configurations on 5.8,
both amd64 and i386
On Wed, Mar 02, 2016 at 10:46:08PM +1000, David Gwynne wrote:
> > On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton
> > wrote:
> >
> > I would like to apply queueing to packets traversing a gif tunnel. I'd
> > like to know what works better, Tagging outbound packets on the gif
> > interface and
> On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton
wrote:
>
> I would like to apply queueing to packets traversing a gif tunnel. I'd
> like to know what works better, Tagging outbound packets on the gif
> interface and applying them to queues by tag when they leave on the
> external interface? O
I would like to apply queueing to packets traversing a gif tunnel. I'd
like to know what works better, Tagging outbound packets on the gif
interface and applying them to queues by tag when they leave on the
external interface? Or assigning packets to the queues directly when
they are on the gif int
Oh wait I've forgot to specify the interface.
On Thu, Apr 18, 2013 at 5:45 AM, John Tate wrote:
> Well I had the bandwidth the wrong way around for my internet connection.
>
> I've been trying the other changes and now I have problems, I'm pretty
> sure I need to put _out and _in on the end...
Well I had the bandwidth the wrong way around for my internet connection.
I've been trying the other changes and now I have problems, I'm pretty sure
I need to put _out and _in on the end...
# pfctl -nf /etc/pf.conf
/etc/pf.conf:39: exactly one scheduler type per interface allowed
/etc/pf.conf:39:
Stuart Henderson writes:
> On 2013-04-17, John Tate wrote:
>> Well the ruleset loads, can anyone do a quick check of this in case I've
>> done something stupid. I've never used match rules before. I'm not really
>> sure how to test queueing to see if it works.
>
> see "systat queue"; run it as r
On 2013-04-17, John Tate wrote:
> Well the ruleset loads, can anyone do a quick check of this in case I've
> done something stupid. I've never used match rules before. I'm not really
> sure how to test queueing to see if it works.
see "systat queue"; run it as root.
> #queues
> altq on $ext_if p
Well the ruleset loads, can anyone do a quick check of this in case I've
done something stupid. I've never used match rules before. I'm not really
sure how to test queueing to see if it works.
# $OpenBSD: pf.conf,v 1.50 2011/04/28 00:19:42 mikeb Exp $
#
# See pf.conf(5) for syntax and exampl
Found it in the manpage pretty quick;y, silly me, apparently is the same.
On Wed, Apr 17, 2013 at 5:16 PM, John Tate wrote:
> I can't find any description of the match rules here:
> http://openbsd.org/faq/pf/filter.html
>
> Are they the same syntax as block and pass rules?
>
>
> On Wed, Apr 17,
I can't find any description of the match rules here:
http://openbsd.org/faq/pf/filter.html
Are they the same syntax as block and pass rules?
On Wed, Apr 17, 2013 at 4:56 AM, Peter N. M. Hansteen wrote:
> John Tate writes:
>
> > I think I understand, can someone give me a look at a pf.conf wit
John Tate writes:
> I think I understand, can someone give me a look at a pf.conf with queueing
> and nat rules.
With an existing rule set in place, it's probably easier to do the queue
assignment with a block of match rules. That way at least you don't
affect the pass or block decision.
- P
I think I understand, can someone give me a look at a pf.conf with queueing
and nat rules.
It's hard to experiment because I'm logged in via ssh and would lose my
connection every time I make a change. Unfortunately the machine connected
to the firewall via null modem for a serial console has died
as far as i remember in the man page of pf there are places where u can
usually put the queueing rules so nat rules :)
> Date: Wed, 17 Apr 2013 03:32:52 +1000
> Subject: pf queueing and nat
> From: j...@johntate.org
> To: misc@openbsd.org
>
> I am adding queueing to my pf bas
On Wed, 17 Apr 2013 03:32:52 +1000
John Tate wrote:
> I am adding queueing to my pf based nat for my home network. Since
> there isn't a complete example involving nat and queuing I am not
> entirely sure where to put things. I've read the manual and I think I
> put things before the rdr-to rules
I am adding queueing to my pf based nat for my home network. Since there
isn't a complete example involving nat and queuing I am not entirely sure
where to put things. I've read the manual and I think I put things before
the rdr-to rules. I also have a transparent ftp and http proxy. I am not
entir
On Tue, Feb 27, 2007 at 07:57:58PM +, Stuart Henderson wrote:
> On 2007/02/27 12:31, Albert Chin wrote:
> > I created a queue to limit traffic on the internal interface
> > connecting 'EXTERNAL FIREWALL' to 'WWW/FTP SERVER':
> > altq on fxp1 cbq bandwidth 1.5Mb queue \
> > { queue_std, qu
On Tue, Feb 27, 2007 at 12:40:41PM -0700, Tim Kuhlman wrote:
> On Tuesday 27 February 2007 11:31 am, Albert Chin wrote:
> > [ snip snip ]
>
> You are queueing on fxp1 on the external firewall. This should
> affect traffic going from the external firewall to the www/ftp
> server, however it sounds
On Tuesday 27 February 2007 11:31 am, Albert Chin wrote:
> I have the following setup:
> | (67.95.100.16 - fxp4)
> | (67.95.100.17 - fxp4)
>
>
>
> |EXTERNAL
On 2007/02/27 12:31, Albert Chin wrote:
> I created a queue to limit traffic on the internal interface
> connecting 'EXTERNAL FIREWALL' to 'WWW/FTP SERVER':
> altq on fxp1 cbq bandwidth 1.5Mb queue \
> { queue_std, queue_ftp, queue_http }
>
> queue queue_std bandwidth 1.48Mb cbq(default)
>
I have the following setup:
|
| (67.95.100.16 - fxp4)
| (67.95.100.17 - fxp4)
|EXTERNAL|
|
That rules-set design is where i'm stuck, If the upload of the pc in
the lan is obeying to the std queue if should be able to queue to
whatever speed i want, right?...
Note: Trying to set upload speeds for a pc on the lan.
# macros
ext_if="dc0"
int_if="vr1"
tcp_services="{ 22, 113 }"
icmp_types
Tried that, didn't work.
On 7/13/06, Pablo Halamaj <[EMAIL PROTECTED]> wrote:
>
> On 13/07/06, Der Engel <[EMAIL PROTECTED]> wrote:
> > But isn't there some config or trick to do between the two interfaces to
> > achieve this?
> >
> > On 7/13/06, Jeff Quast <[EMAIL PROTECTED]> wrote:
> > >
> > > O
On 14/07/06, Jeff Quast <[EMAIL PROTECTED]> wrote:
>
> On 7/14/06, Bernd Schoeller <[EMAIL PROTECTED]> wrote:
> > On Thu, Jul 13, 2006 at 08:53:31PM -0400, Jeff Quast wrote:
> > > You cannot control the speed at which packets arrive on an interface.
> > Are you sure?
>
> I am sure. If it sounds unr
On Friday 14 July 2006 20:43, Jeff Quast wrote:
> I am sure. If it sounds unreasonable, get a live firehose, and see if
> you can control the amount of water received in your mouth.
Sure, but you can close your mouth a little and hope that he guy holding the
hose will notice and throttle the flow
On 7/14/06, Bernd Schoeller <[EMAIL PROTECTED]> wrote:
On Thu, Jul 13, 2006 at 08:53:31PM -0400, Jeff Quast wrote:
> You cannot control the speed at which packets arrive on an interface.
Are you sure?
I am sure. If it sounds unreasonable, get a live firehose, and see if
you can control the amou
On Thu, Jul 13, 2006 at 08:53:31PM -0400, Jeff Quast wrote:
> You cannot control the speed at which packets arrive on an interface.
> Think about it. It may not be documented because its pretty much a
> duh.
Are you sure? One can control the speed that the other side is sending
packets by randomly
But isn't there some config or trick to do between the two interfaces to
achieve this?
On 7/13/06, Jeff Quast <[EMAIL PROTECTED]> wrote:
>
> On 7/13/06, Der Engel <[EMAIL PROTECTED]> wrote:
> > Hi! I have try for several days to achieve the following goal with PF
> but
> > failed repeatedly, have
On 7/13/06, Jeff Quast <[EMAIL PROTECTED]> wrote:
You cannot control the speed at which packets arrive on an interface.
Think about it. It may not be documented because its pretty much a
duh.
Yesterday I desperately tried to teach someone that burning the <1kb
shortcut to a program that is on y
On 7/13/06, Der Engel <[EMAIL PROTECTED]> wrote:
Hi! I have try for several days to achieve the following goal with PF but
failed repeatedly, have read all the docs also, especially this
http://www.openbsd.org/faq/pf/queueing.html
The goal is: To be able to set dowload/upload speeds to PC's on th
vr0 is another inferface in the box that i'm not using, $comp3 is typo, it
should be $pc.
On 7/13/06, takeshi hirai <[EMAIL PROTECTED]> wrote:
>
> Hi. Engel,
>
> i could'nt help you...but,
> i watching your macro,
>
> 2006/7/14, Der Engel <[EMAIL PROTECTED]>:
> > Hi! I have try for several days to
Well, not the speed, the bandwidth.
On 7/13/06, Jeff Quast <[EMAIL PROTECTED]> wrote:
>
> you do realize you cannot control with pf the speed at which packets
> arrive on the interface.
>
> not really reading your pf, but im thinking you may have gotten this
> notion some how. just checking.
>
>
Hi! I have try for several days to achieve the following goal with PF but
failed repeatedly, have read all the docs also, especially this
http://www.openbsd.org/faq/pf/queueing.html
The goal is: To be able to set dowload/upload speeds to PC's on the lan, so
far i have succed in setting dowload spee
55 matches
Mail list logo
