Trevor Talbot wrote:
On Sunday, Feb 5, 2006, at 11:37 US/Pacific, Brad Waite wrote:
pass out on $ext_if proto tcp from $ext_if to any flags S/SA \
keep state queue (q_def, q_pri)
Both this page and the FAQ examples indicate that the above rule will
assign ACKs to the higher priority queue, but I can't see how.
The rule is only matched once, and then a state entry is created (due to
"keep state"). That state entry is responsible for all future packets
(regardless of TCP flags) that belong to the same connection, including
ACKs. It also remembers the queue assignments and uses them appropriately.
The TCP flags are chosen so that state is created only for a connection
request, instead of having the rule match arbitrary packets that may or
may not be part of a legitimate connection.
Okay, that makes sense, although when you say it uses the queue
assignments appropriately, does it re-evaluate the conditions (TOS
lowdelay or empty ACK) with each packet?
Also, what happens when a packet matches several queue assignments and
I'm not using the QUICK modifier in the rule? Is it last match wins?
I'm migrating from ipfw which is based on first match wins.
Thanks again guys.
Brad Waite
