queueing TOS'ed packet

Mon, 01 Feb 2010 08:04:40 -0800 

dear all,

resent from pf@

i have this setup :

internet <--> squid <--> openbsd limiter <--> client

on squid using zph i'm marking packets with tos 0x30,

on limiter:
pass out quick log on $client_if proto tcp from any to <client> flags
any tos 0x30 queue q_tos

then when i'm monitor on pflog0 there are no match for rule above, but
when i tcpdump $client_if there are packets with tos 0x30.

# tcpdump -vni vlan100 | grep 'tos 0x30'
tcpdump: listening on vlan100, link-type EN10MB
21:02:22.299867 112.78.131.2.80 > 192.168.101.100.1720: P
759:1137(378) ack 2269 win 10153 (DF) [tos 0x30] (ttl 63, id 41942,
len 418)
21:02:22.370105 112.78.131.2.80 > 192.168.101.100.1708: P 380:758(378)
ack 1544 win 8657 (DF) [tos 0x30] (ttl 63, id 35548, len 418)
21:02:22.377301 112.78.131.2.80 > 192.168.101.100.1707: P 380:758(378)
ack 1537 win 8613 (DF) [tos 0x30] (ttl 63, id 60730, len 418)
21:02:22.383958 112.78.131.2.80 > 192.168.101.100.1718: P
1138:1516(378) ack 3003 win 11760 (DF) [tos 0x30] (ttl 63, id 51651,
len 418)

i try to remove queue, only
pass out quick log on $client_if proto tcp from any to <client> flags
any tos 0x30

still no packets matched. then i notice from tcpdump that ssh also using tos,
0x10, so i try to catch it with
pass out quick log on $client_if proto tcp from any to <client> flags
any tos 0x10

but also no packets matched. trying with no state, but same results

my question is what may cause this behaviour?
is it because pf was too late to see the marked packet or what ?
is it possible to queueing marked packets?

not very much resource i found after digging from archive, only some
answer from henning around year 2002 said that pf was too late to
see the packet, is it still relevant with pf now ?

i'm using 4.6-stable

my pf:

client_if = vlan100

set ruleset-optimization none
set optimization normal
set block-policy drop
set skip on { lo0 }
set reassemble yes no-df

match out all scrub (random-id no-df)
match in  all scrub (no-df)

altq on $client_if hfsc bandwidth 100Mb $ql queue { q_def q_tos }
       queue q_def on $client_if bandwidth 50% hfsc(red upperlimit 75% default)
       queue q_tos on $client_if bandwidth 70% hfsc(red upperlimit 85%)

pass out quick log on $client_if proto tcp from any to <client> flags
any tos 0x30 queue q_tos
pass out quick log on $client_if from any to <client> queue q_def


thanks & regards,
-Agung

Reply via email to