* S. Scott <[email protected]> [2012-05-29 10:38]: > On 29 May 2012 03:56, Henning Brauer <[email protected]> wrote: > > * S. Scott <[email protected]> [2012-05-29 01:44]: > >> After upgrading to 5.1, we de-configured all altq-priq queuing in > >> favor of the new prio queuing. The re-configuration was > >> straightforward and it appears to be working. > > > > please be prepared to adjust your config again, prio syntax isn't > > final yet. > > > >> Congratulations on and thank you for these improvements. > >> > >> In respect of prio's point in time along its evolution, we'd like to > >> verify a few things about the operation of prio. > >> > >> 1. For the pf.conf INBOUND rule, > >> > >> pass in log quick on em0 inet proto tcp \ > >> from !(em0) to (em0) port ssh \ > >> keep state prio (4,7) > >> > >> is the ssh_daemon's stateful (OUTBOUND) traffic prioritized as prio > >> (4,7) as prescribed by the state-creating INBOUND rule. altq-priq > >> behaved this way and we'd just like to verify prio's behavior or a > >> workaround if it is not like behaved. > > > > if i parse your question correctly, yes it is exactly the same. the > > traffic is classified for those priorities, the actual queueing > > happens outbound. > > > >> 2. For any traffic NOT expressly or statefully prescribed a prio value > >> via the operation of pf.conf, what is the default (implied equivalent > >> of), > >> > >> prio (3) or (3,3) > >> or > >> prio (3,7) > >> > >> even though pfctl -vvvs rules omit "prio <anything>" where "prio" > >> was not expressly written in the pf.conf rule? > > > > very few things are prioritized by default, like carp. everything else > > remains at default prio, including emty acks and tos lowdelay packets. > > > >> 3. Is there any "instrumentation" of prio's operation at this time in > >> its evolution? > > > > not yet. > > > > -- > > Henning Brauer, [email protected], [email protected] > > BS Web Services, http://bsws.de, Full-Service ISP > > Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully > Managed > > Henning Brauer Consulting, http://henningbrauer.com/ > > > W> Thank you for the syntax-in-motion "heads up" and for verifying the > stateful prio behavior. For clarity on the default prio question, is > it correct that, at 5.1's syntax and all other things being equal, > > pass OUT quick on outside inet \ > from (inside:network) to ! (inside:network) > > and > > pass OUT quick on outside inet \ > from (inside:network) to ! (inside:network) \ > prio (3) > > are functionally equivalent?
in practice, in most cases pretty much. in fact the first rule leaves prios untouched, so whatever was there will remain, which in turn means 3 for almost everything. now there's the few exceptions that I mentioned (carp, stp) and if your inbound is a vlan interface you might inherit the prio from the vlan header. your second rule would reset those prios. -- Henning Brauer, [email protected], [email protected] BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
