Subject: Help with ALTQ and pf
To: None <current-users@netbsd.org>
From: Dave Huang <khym@azeotrope.org>
List: current-users
Date: 05/20/2005 00:19:59
[ Didn't get any response from netbsd-help, so I'm trying my luck here :) ]
I heard that to use ALTQ, pf is the way to go these days, so I applied
the ALTQ patch from http://nedbsd.nl/~ppostma/pf/ to a netbsd-2 branch
i386 kernel and installed security/pflkm from pkgsrc.
I think I got the basic NAT and firewall part working, but I'm having
trouble assigning packets to the queues. I take it that there's no
separate pf.conf syntax to assign packets to queues; it just
piggybacks on the pass/block filter syntax?
I've set up priq for now, just as a simple test to start off with, and
I want to give IPTOS_THROUGHPUT packets lower priority than normal. I
thought "pass out on $ext_if tos throughput queue low" would be all I
needed to put those packets on the "low" queue, but no packets are
going there. Yet packets are going on the "hi" and "phone" queues,
even though I have no rules directing packets there? (I have the
queues defined as part of an earlier test, but my current pf.conf
shouldn't be assigning any packets to those queues).
My network setup is:
rtk0: IP address 208.180.124.100, connected to a cable modem (bridge)
to the Internet
fxp0: IP address 10.1.1.67, connected to internal 10.1.1.0/24 LAN
My pf.conf:
ext_if="rtk0"
int_if="fxp0"
scrub in
altq on $ext_if priq bandwidth 250Kb queue { low, std, med, hi, phone }
queue low priority 3
queue std priority 7 priq(default)
queue med priority 10
queue hi priority 14
queue phone priority 15
nat on $ext_if from !($ext_if) -> ($ext_if:0)
pass out keep state
pass out on $ext_if tos throughput queue low
pass quick on { lo $int_if }
antispoof log quick for { lo $int_if }
I started an ftp upload, then watched "pfctl -s queue -vv":
queue low priority 3
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/ 50 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue std priority 7 priq( default )
[ pkts: 5043 bytes: 6945477 dropped pkts: 0 bytes: 0 ]
[ qlength: 22/ 50 ]
[ measured: 22.5 packets/s, 250.27Kb/s ]
queue med priority 10
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/ 50 ]
[ measured: 0.0 packets/s, 0 b/s ]
queue hi priority 14
[ pkts: 3 bytes: 220 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/ 50 ]
[ measured: 0.0 packets/s, 0.31 b/s ]
queue phone priority 15
[ pkts: 18 bytes: 5364 dropped pkts: 0 bytes: 0 ]
[ qlength: 0/ 50 ]
[ measured: 0.0 packets/s, 101.47 b/s ]
tcpdump confirms that the outgoing ftp data packets have tos 0x8, but
the majority of the packets are still going to the default "std" queue.
What's wrong? :)
--
Name: Dave Huang | Mammal, mammal / their names are called /
INet: khym@azeotrope.org | they raise a paw / the bat, the cat /
FurryMUCK: Dahan | dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 29 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++