-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 9/7/07 8:59 AM, Stuart Henderson wrote:
> On 2007/09/07 08:41, David Newman wrote:
>> 1. I believe "keep state" is still needed when using queuing. The
>> pf.conf manpage says it must be specified explicitly to apply options to
>> a rule.
>
> Only for state-related options (max-src-conn-rate and so);
> queue is separate (and may also be used where you don't keep state).
Ah, ok -- thanks.
>
>> 2. The "queue (class1, class2)" syntax assumes class1 TOS == 0 and
>> class2 TOS != 0.
>
> look for pqid in sys/net/pf.c or just look at QUEUEING in pf.conf(5):
>
> Packets can be assigned to queues based on filter rules by using the
> queue keyword. Normally only one queue is specified; when a second one
> is specified it will instead be used for packets which have a TOS of
> lowdelay and for TCP ACKs with no data payload.
Again, thanks. The OP's pass out rule puts at least some VoIP traffic
into the first queue:
pass out log quick on $ext_if proto {tcp,udp} from $VOIP_SERVERS to any
port $VOIP_PORTS queue (voip_out, tos_lowdelay_out)
We don't know how voip_out differs from tos_lowdelay_out, but my
understanding is that voip_out will only go into that queue if its TOS
value is 0. True?
thanks
dn
iD8DBQFG4XoryPxGVjntI4IRAg6ZAKDQCcKNtrMmpNGlV+kgJwrwMKGZ3QCeNwWa
8lEwNscg7SGSOwijTUJXH0I=
=TbH0
-----END PGP SIGNATURE-----
