last matching rule wins
On 2/6/06, Brad Waite <[EMAIL PROTECTED]> wrote: > Trevor Talbot wrote: > > On Sunday, Feb 5, 2006, at 11:37 US/Pacific, Brad Waite wrote: > > > >> pass out on $ext_if proto tcp from $ext_if to any flags S/SA \ > >> keep state queue (q_def, q_pri) > > > > > >> Both this page and the FAQ examples indicate that the above rule will > >> assign ACKs to the higher priority queue, but I can't see how. > > > > > > The rule is only matched once, and then a state entry is created (due to > > "keep state"). That state entry is responsible for all future packets > > (regardless of TCP flags) that belong to the same connection, including > > ACKs. It also remembers the queue assignments and uses them appropriately. > > > > The TCP flags are chosen so that state is created only for a connection > > request, instead of having the rule match arbitrary packets that may or > > may not be part of a legitimate connection. > > > > Okay, that makes sense, although when you say it uses the queue > assignments appropriately, does it re-evaluate the conditions (TOS > lowdelay or empty ACK) with each packet? > > Also, what happens when a packet matches several queue assignments and > I'm not using the QUICK modifier in the rule? Is it last match wins? > I'm migrating from ipfw which is based on first match wins. > > Thanks again guys. > > Brad Waite > > > >
