On Sun, Aug 27, 2006 at 04:04:35PM +0200, Federico Giannici wrote: > Let's change the question: is this the correct order of the steps an IP > packet follow? > > 1) filtering rules for the IN direction of the input interface > 2) routing > 3) filtering rules for the OUT direction of the output interface > 4) queuing in the output interface > > Is it right?
Yes. The queueing happens after pf passes the packets out. The pf counters are correctly described as 'packets/bytes passed', nothing else. If a packet is first passed out by pf, then later dropped from a queue, the pf counters don't reflect that. > So I cannot know the amount of traffic, with a given label, that > actually passed the queue (i.e. was not dropped). No, the pf label counters are not at all meant to include that information. pf doesn't know about what packets get later dropped by the queues, and altq doesn't know what label was associated with a packet it later drops from a queue. > If steps 3 and 4 where inverted, that counting would be possible... But they aren't, so it isn't. Try to invert them, if you like. There will be other consequences, besides bean-counting, not necessarily all of them desirable. What if a packet both passes pf and doesn't get dropped in a queue, but then its frame collides on the ethernet? Were those bytes sent or not? If you want accurate bean-counting after the queue drops, you'll have to do it on a separate upstream box. Daniel
