Re: pf prio queue not setting vlan prio value?

[Sebastian Reitenbach]

On Monday, May 30, 2016 16:45 CEST, Alexey Suslikov
<alexey.susli...@gmail.com> wrote:

> Sebastian Reitenbach <sebastia <at> l00-bugdead-prods.de> writes:
>
> > With tcpdump, I see 'pri 0' on all the packets captured:
> >
> > tcpdump -n -i trunk0 -vvv vlan 8 and net 10.1.0.0/24
> > 11:18:13.132570 802.1Q vid 8 pri 0 10.1.0.2 > 10.1.0.1: icmp: echo reply
> > (id:6221 seq:0) [icmp cksum ok] (ttl 64, id 11179, len 84)
> > 11:18:14.138835 802.1Q vid 8 pri 0 10.1.0.2 > 10.1.0.1: icmp: echo reply
> > (id:6221 seq:1) [icmp cksum ok] (ttl 64, id 11180, len 84)
> > 11:18:15.129273 802.1Q vid 8 pri 0 10.1.0.2 > 10.1.0.1: icmp: echo reply
> > (id:6221 seq:2) [icmp cksum ok] (ttl 64, id 11181, len 84)
>
> You are not showing *all* packets captured, but only incoming ones
> (I assume you are pinging *from* the box, so echo replies are incoming).
>
> prio to vlan pri translation only applies to outgoing packets. Incoming
> packets will have vlan pri values set by a transmitter (or intermediate
> equipment, like switches).
>

crap, I got bitten by that tcpdump too often already, I pinged from the
firewal againl, saw
the rules fire:

May 31 06:58:46.445728 rule 22/(match) match out on vlan8: 10.1.0.1 >
10.1.0.166: icmp: echo request
May 31 06:58:46.445734 rule 23/(match) match out on vlan8: 10.1.0.1 >
10.1.0.166: icmp: echo request
May 31 06:58:46.445739 rule 24/(match) pass out on vlan8: 10.1.0.1 >
10.1.0.166: icmp: echo request

to another host, that has the VLAN, where I did the packet capture:

08:57:34.041856 802.1Q vid 8 pri 0 10.1.0.1 > 10.1.0.166: icmp: echo request
(id:0a65 seq:50) (ttl 255, id 10942, len 84)
08:57:34.041876 802.1Q vid 8 pri 0 10.1.0.166 > 10.1.0.1: icmp: echo reply
(id:0a65 seq:50) (ttl 255, id 14515, len 84)
08:57:35.041809 802.1Q vid 8 pri 0 10.1.0.1 > 10.1.0.166: icmp: echo request
(id:0a65 seq:51) (ttl 255, id 2179, len 84)
08:57:35.041829 802.1Q vid 8 pri 0 10.1.0.166 > 10.1.0.1: icmp: echo reply
(id:0a65 seq:51) (ttl 255, id 28359, len 84)

The 10.1.0.1 is a CARP IP, on a VLAN interface. The VLAN interface sits on top
of a trunk(0), which
sits on top of two ix(4)

Sebastian