I'm setting up a firewall with queues and I'd like to know how much
traffic of a given class was ACTUALLY sent out of an interface (i.e.
not dropped by a queue). I mark the classes by means of labels.
I have a couple of questions:
1) Let's assume that every queue contains the traffic of only
Jason Dixon wrote:
On Aug 27, 2006, at 10:04 AM, Federico Giannici wrote:
Jason Dixon wrote:
On Aug 27, 2006, at 7:55 AM, Federico Giannici wrote:
I'm setting up a firewall with queues and I'd like to know how much
traffic of a given class was ACTUALLY sent out of an interface
(i.e
I have read a lot of past emails about HFSC and I have cleared myself a
lot of doubts.
As I understand it, with HFSC the bandwidth parameter is simply a
default for the linkshare one (if not specified or set to 0).
I have seen examples where bandwidth is not specified because the
linkshare
Having received no useful replies, let me try a simpler question: How
can I identify (i.e. filter) TCP ACKs with no data payload?
I know how to identify ACKs, but is there any way to identify packets
with no payload, something like a payload-size 0 condition?
Thanks.
Federico Giannici
OK, now I understood that the second queue specified with the queue
keyword apply to the ACKs in the SAME DIRECTION. I initially though that
it somehow applied to the ACKs that are the replies to the same flow, so
in the inverse direction.
Now I understand the logic of that second queue: it
Henning Brauer wrote:
* Federico Giannici [EMAIL PROTECTED] [2006-10-08 16:21]:
I'm trying to re-phrase this question too: is the PF code executed
during the NIC interrupts?
not really, it is executed in soft int context
Hummm...
Just to be sure, I'm re-re-phrasing it: in which of the four
enough knowledge of PF and C programming skills to
implement this feature by myself, but I thought that It could be useful
to propose a possible solution.
Federico Giannici wrote:
Daniel Hartmeier wrote:
For queueing in pf, the direction of the packet simply doesn't matter.
I guess your setup
Henning Brauer wrote:
* Federico Giannici [EMAIL PROTECTED] [2006-10-08 20:32]:
I solved my case in a good way, but I'm currently not using states. I
think that a general, intuitive and efficient solution could be useful.
The problem: queue assignment of back packets of TCP flows when keep
I'm using PF with a lot of HFSC queues in an OpenBSD 4.0 i386 firewall.
A few times (I presume during high traffic) it happened that the traffic
through the firewall freezed for a few minutes. When this happened, if I
tried to ping from the firewall I got a No buffer space available error.
understand what do you mean with tables based queue.
How can it change the way the bandwidth in excess is distributed between
queues?
Bye.
On 16/04/07, Federico Giannici [EMAIL PROTECTED] wrote:
As there was no reply to this email of mine, anybody can tell me if
there is some other place where
Bob DeBolt wrote:
Hi Federico Giannici
Posting you pf.conf will be of considerable benefit
when attempting to seek help for something that has the complexity you
are currently dealing with.
Additionally, the type connection you have, i.e. DSL, cable etc. as the
variations each of these has
!
There are 10 other queues with bytes to flow (QLEN != 0) but all the
packets are dropped (B/S = 0 and DROP_P keeps increasing).
To me this is a bug, or at least a bad behavior.
Am I wrong?
How can I make a single queue don't borrow ALL the traffic?
Thanks.
Federico Giannici wrote:
Bob DeBolt wrote
jared r r spiegel wrote:
On Tue, Apr 24, 2007 at 01:42:26AM -0400, jared r r spiegel wrote:
On Mon, Apr 23, 2007 at 10:12:56AM +0200, Federico Giannici wrote:
How can I make a single queue don't borrow ALL the traffic?
upperlimit
OK, my question was badly expressed.
I have already
I have a problem with the distribution of bandwidth in HFSC queues.
We are using an OpenBSD 4.2 amd64 with two sk nics as a firewall/QoS
server. We use a lot o f HFSC queues with up to 3 levels of nesting.
OUR GOALS
We want to be SURE that all VoIP traffic is ALWAYS and IMMEDIATELY
Tobias Wigand wrote:
Federico Giannici wrote:
I'd like to understand how the priority parameter works with the
HFSC scheduler. Well, actually I'd like to better understand the whole
interactions between priority, realtime and linkshare...
hereĀ“s some reading:
http://www.probsd.net/pf
Calomel wrote:
On Sun, Dec 23, 2007 at 10:59:10AM +0100, Federico Giannici wrote:
Tobias Wigand wrote:
hi,
Thank you for your suggestion.
Unfortunately I have found only generic sentences and not the answer
to my question: how exactly priority works?
Or, from a practical point of view
Calomel wrote:
On Fri, Dec 28, 2007 at 06:39:29PM +0100, Federico Giannici wrote:
Calomel wrote:
On Sun, Dec 23, 2007 at 10:59:10AM +0100, Federico Giannici wrote:
Tobias Wigand wrote:
hi,
Thank you for your suggestion.
Unfortunately I have found only generic sentences and not the answer
We have an OpenBSD server acting as a firewall/QoS router (no nat or rdr).
It has two requirements:
A) It has to be as transparent as possible. So, if firewall is
rebooted or the state table is flushed, it don't block already
established connections or not assign the packets to the right
18 matches
Mail list logo
