Limit downloading using the new queueing subsystem (OpenBSD-5.4)

[Wesley MOUEDINE ASSABY]

Hi,

I built this small network:
192.168.1.0/29----axe0-obsd54-re0---WAN

I want to limit a host (192.168.1.1/29) to download at 10KBps.
The pf ruleset is loaded. I can see the queue "employee" used
but download is still high, not limited at 10 KBps.

# pfctl -vvs queue

 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     
0 ]
 [ qlength:   0/ 50 ]
queue restriction on axe0 bandwidth 800K qlimit 50
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     
0 ]
 [ qlength:   0/ 50 ]
queue employee parent restriction on axe0 bandwidth 10K qlimit 50
 [ pkts:       1744  bytes:    2496373  dropped pkts:      0 bytes:     
0 ]
 [ qlength:   0/ 50 ]
queue network parent restriction on axe0 bandwidth 790K default qlimit 
50
 [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:     
0 ]
 [ qlength:   0/ 50 ]

Is there someone to help me on ?

For more informations, see below :

# uname -a

OpenBSD testing.pf.queue 5.4 GENERIC.MP#80 i386

# cat /etc/pf.conf

employee="192.168.1.1"

set skip on lo

match out on egress inet from lan:network to any nat-to egress
match in all scrub (no-df max-mss 1440)

queue restriction on axe0 bandwidth 800K
queue employee parent restriction bandwidth 10K
queue network parent restriction bandwidth 790K default

block all

pass out on egress
pass in on egress inet proto tcp from egress:network to any port ssh

pass in log quick on lan from $employee set queue employee
pass in on lan


# ifconfig

lo0: flags=8049 mtu 33192
       priority: 0
       groups: lo
       inet6 ::1 prefixlen 128
       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
       inet 127.0.0.1 netmask 0xff000000
re0: flags=8843 mtu 1500
       lladdr 00:1e:33:25:a5:33
       priority: 0
       groups: egress
       media: Ethernet autoselect (1000baseT 
full-duplex,rxpause,txpause)
       status: active
       inet6 fe80::21e:33ff:fe25:a533%re0 prefixlen 64 scopeid 0x2
       inet 192.168.0.19 netmask 0xffffffe0 broadcast 192.168.0.31
enc0: flags=0<>
       priority: 0
       groups: enc
       status: active
axe0: flags=8843 mtu 1500
       lladdr 00:50:b6:0b:e2:7d
       priority: 0
       groups: lan
       media: Ethernet autoselect (100baseTX full-duplex)
       status: active
       inet 192.168.1.4 netmask 0xfffffff8 broadcast 192.168.1.7
       inet6 fe80::250:b6ff:fe0b:e27d%axe0 prefixlen 64 scopeid 0x5
pflog0: flags=141 mtu 33192
       priority: 0
       groups: pflog

Thank you very much for your precious help!

Regards,

Wesley