On 2017/07/07 09:55, Sebastien Marie wrote: > On Thu, Jul 06, 2017 at 08:25:06PM +0100, Stuart Henderson wrote: > > Remove "default" from the rule. > > I am unsure how to interprete the sentence: if I remove "default", > shouldn't the queue apply only on states with "set queue fq" ? And in my > ruleset there are none like that. As I want to use the fq queue on all > my states, using "default" seems right. > > But I agree that testing show a different behaviour... > > If I define a bandwidth-queue without "default", pfctl complains: > # pfctl -f /etc/pf.conf > pfctl: no default queue specified > > If I define a flow-queue without "default", pfctl doesn't complains, and > queue statistic seems to follow activity (so the flow-queue to be used). > > If I define a flow-queue with "default", pfctl doesn't complains, and I > couldn't send packets... > > It is a bit weird for me, but at least it works without "default". > > Thanks Stuart.
As far as I know, with a flow-queue on an interface, you don't assign traffic, it applies to all traffic outbound of that interface. mikeb has some more bits to add, but the current status that if you use "default" it misconfigures the queue. (he's aware of that, he's away at the moment, which is why I jumped in rather than waiting for him to answer :) Other parts are in https://github.com/mbelop/src/commits/hfsq and add bandwidth control to the flow queue, e.g. queue hfsq-em1 on em1 flows 1024 bandwidth 1500K max 1500K quantum 400 qlimit 1000 default I had a deadlock with IPsec with this but otherwise it was working very well for me, latency under load is very good indeed.
