On Fri, Dec 20, 2013 at 4:11 PM, Maxim Khitrov <[email protected]> wrote: > I was under the impression that the packet priority was always set to > 3 prior to the pf ruleset evaluation (ignoring VLAN and CARP for a > moment), and that 'set prio' on an inbound rule only affected > returning traffic that matched the state entry. Here's an artificial > example: > > pass out on $wan > pass in on $lan set prio 7 > > What will be the priority of outbound packets on the $wan interface, 3 > or 7? Looking at the code in pf.c, the priority is copied to > m->m_pkthdr.pf.prio, but I'm not sure where this value is initialized > or reset.
I think I figured this out, but I would appreciate a confirmation. The m_pkthdr.pf.prio value is set to IFQ_DEFPRIO (3) in sys/kern/uipc_mbuf.c when a new mbuf is allocated. It is not modified after that except by pf rules. Therefore, packets going out on $wan in my example will have their priority set to 7. Essentially, priorities behave the same as tags. The difference is that priorities are saved in the state entries, so all subsequent packets coming in on $lan and matching an existing state will have a priority of 7 when going out on $wan. Returning packets will keep a default priority of 3 after crossing $wan, but this will be changed to 7 when they match the state outbound on $lan. Correct?
