assume the following ruleset:
01. altq on $ext cbq bandwidth 128Kb queue {q0,q1}
02. queue q0 bandwidth 10% cbq (default, borrow)
03. queue q1 bandwidth 90% cbq (borrow)
04. block log all
05. pass on enc0
06. pass in on $int from $int_lan to $vpn_lan tag t1
07. pass out on $int from $vpn_lan to $int_lan
08. pass out quick on $ext keep state tagged t1 queue q1
but $vpn_lan is behind gif interface and we will see esp-
encapsulated packet from the $int_lan on the $ext.
there are two questions:
1) will rule 08 able to pass esp traffic by just referring
to tag of plain packet laying within and previously applied
by rule 06?
2) if we tagging plain packet (06) and scheduling it later
but with encapsulation envelope (08), what packet size will
see scheduler on the $ext: "plain packet size" or "plain
packet size + esp payload size"?
thanks.
