pf queueing syntax question

Hi, I'm (re)trying out queuing possibilities in 6.2. I am trying out different possibilities, mixing queue with prio. I have accidentally put two different lines in my pf.conf: match proto tcp to any port domain set prio 6 set queue dns match proto udp to any port domain set queue dns

Re: PF queueing confusion

Il 11/05/2017 01:42, Erling Westenvik ha scritto: > Check out pfctl(8) and the -F option. The issue might be resolvable > simply by flushing one or more of the filter parameters you'll find > there. I had always assumed that loading a new ruleset with pfctl -f also implied "-F all". This

Re: PF queueing confusion

On Thu, May 11, 2017 at 12:09:26AM +0200, Gabriele Tozzi wrote: > > Looks like I've solved by only renaming the queues. > > Instead of naming them "high", "normal" and "low", I have now named them > "exthi", "extstd" and "extlo" and then everything seems to work as expended. > > Maybe "high" is a

Re: PF queueing confusion

Looks like I've solved by only renaming the queues. Instead of naming them "high", "normal" and "low", I have now named them "exthi", "extstd" and "extlo" and then everything seems to work as expended. Maybe "high" is a (maybe undocumented) reserved queue name?

Re: PF queueing confusion

Il 10/05/2017 20:56, Luis Coronado ha scritto: > but perhaps someone else would be able to see something that you didn't, > hence the requirement to share the file. I understand, but it contains sensitive information that I prefer not to share. If you could tell me what to look for, I will look

Re: PF queueing confusion

but perhaps someone else would be able to see something that you didn't, hence the requirement to share the file. -luis On Wed, May 10, 2017 at 12:50 PM, Gabriele Tozzi wrote: > > Il 10/05/2017 14:45, Daniel Melameth ha scritto: > >> queue ext on $Ext bandwidth 900K > >>

Re: PF queueing confusion

Il 10/05/2017 14:45, Daniel Melameth ha scritto: >> queue ext on $Ext bandwidth 900K >> queue normal parent ext bandwidth 386K, max 850K qlimit 10 default >> queue high parent ext bandwidth 193K qlimit 10 >> queue low parent ext bandwidth 193K, max 540Kb qlimit 10 > > You'll have to post your

Re: PF queueing confusion

On Wed, May 10, 2017 at 4:47 AM, Gabriele Tozzi wrote: > I have a quite simple pf setup: I have defined 3 queues for my external > interface in my pf.conf: > > queue ext on $Ext bandwidth 900K > queue normal parent ext bandwidth 386K, max 850K qlimit 10 default > queue high

PF queueing confusion

Hello there, I have noticed some weirdness when using "pfctl -s queue -v" so I have decided to investigate. I have a quite simple pf setup: I have defined 3 queues for my external interface in my pf.conf: queue ext on $Ext bandwidth 900K queue normal parent ext bandwidth 386K, max 850K qlimit

Re: help with pf queueing in ipsec over gre

On Fri, 2 Dec 2016 12:14:56 + (UTC) Stuart Henderson wrote: > On 2016-11-25, Marko Cupać wrote: > > Hi, > > > > I'd like to do limit bandwidth on gre tunnel protected with ipsec in > > transport mode. > I haven't tried this exact scenario. But I

Re: help with pf queueing in ipsec over gre

On 2016-11-25, Marko Cupać wrote: > Hi, > > I'd like to do limit bandwidth on gre tunnel protected with ipsec in > transport mode. > > I've set single default queue on gre interface, matched everything > that goes out to that queue, and finally passed everything out that >

help with pf queueing in ipsec over gre

Hi, I'd like to do limit bandwidth on gre tunnel protected with ipsec in transport mode. I've set single default queue on gre interface, matched everything that goes out to that queue, and finally passed everything out that interface: # SNIP queue mother on gre204 bandwidth 25M min 25M max 25M

Re: how to submit bug report regarding pf queueing?

On 2016-03-09, Mihai Popescu wrote: >> - >> queue download on $if_int bandwidth 10M max 10M >> queue ssh parent download bandwidth 1M >> queue web parent download bandwidth 8M >> queue bulk parent download bandwidth 1M default >> >> match to port sshset queue ssh

Re: how to submit bug report regarding pf queueing?

On Wed, 9 Mar 2016 12:58:39 -0500 Christopher Sean Hilton wrote: > I've also been trying to get help with queuing. Perhaps we can help > each other out. > > I'm using queuing to alleviate bufferbloat and make my son's gaming > performance better. I'm on an asymetric

Re: how to submit bug report regarding pf queueing?

On Wed, 9 Mar 2016 21:28:10 +0200 Mihai Popescu wrote: > > - > > queue download on $if_int bandwidth 10M max 10M > > queue ssh parent download bandwidth 1M > > queue web parent download bandwidth 8M > > queue bulk parent download bandwidth 1M default > > > > match to

Re: how to submit bug report regarding pf queueing?

On Thu, 10 Mar 2016 13:28:11 +1100 Darren Tucker wrote: > On Thu, Mar 10, 2016 at 1:38 AM, Marko Cupać > wrote: [...] > > queue download on $if_int bandwidth 10M max 10M > > What's $if_int set to? > > I played with queueing recently and initially used

Re: how to submit bug report regarding pf queueing?

On Thu, Mar 10, 2016 at 1:38 AM, Marko Cupać wrote: [...] > queue download on $if_int bandwidth 10M max 10M What's $if_int set to? I played with queueing recently and initially used interface group names instead of interface names ("queue foo on egress ...") since that's

Re: how to submit bug report regarding pf queueing?

On Wed, Mar 09, 2016 at 02:45:36PM -0700, Daniel Melameth wrote: > On Wed, Mar 9, 2016 at 10:58 AM, Christopher Sean Hilton > wrote: > > I'm using queuing to alleviate bufferbloat and make my son's gaming > > performance better. I'm on an asymetric cablemodem connection here

Re: how to submit bug report regarding pf queueing?

> - > queue download on $if_int bandwidth 10M max 10M > queue ssh parent download bandwidth 1M > queue web parent download bandwidth 8M > queue bulk parent download bandwidth 1M default > > match to port sshset queue ssh > match from port sshset queue ssh > match to port

Re: how to submit bug report regarding pf queueing?

On Wed, Mar 09, 2016 at 03:38:30PM +0100, Marko Cupać wrote: > Hi, > [... snip ...] I've also been trying to get help with queuing. Perhaps we can help each other out. I'm using queuing to alleviate bufferbloat and make my son's gaming performance better. I'm on an asymetric cablemodem

Re: how to submit bug report regarding pf queueing?

On Wed, Mar 09, 2016 at 03:38:30PM +0100, Marko Cupać wrote: > Hi, > [ ...snip... ] > So, what exactly do I need to do to submit bug report? Any outputs of > any commands? Logs? I understand developers won't take my word for it, > but I simply don't know how to prove it, except watching output

how to submit bug report regarding pf queueing?

Hi, Over last few months, in a few separate threads here on misc@, I have been trying to call attention to the fact that pf queueing mechanism does not shape traffic as it should, at least on my APU box. It took me some time to test hundreds of possible configurations on 5.8, both amd64 and i386

Re: Gif tunnel / pf / queueing

On Wed, Mar 02, 2016 at 10:46:08PM +1000, David Gwynne wrote: > > On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton > > wrote: > > > > I would like to apply queueing to packets traversing a gif tunnel. I'd > > like to know what works better, Tagging outbound packets on the

Re: Gif tunnel / pf / queueing

> On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton wrote: > > I would like to apply queueing to packets traversing a gif tunnel. I'd > like to know what works better, Tagging outbound packets on the gif > interface and applying them to queues by tag when they leave on the >

Gif tunnel / pf / queueing

I would like to apply queueing to packets traversing a gif tunnel. I'd like to know what works better, Tagging outbound packets on the gif interface and applying them to queues by tag when they leave on the external interface? Or assigning packets to the queues directly when they are on the gif

Re: pf queueing and nat

I can't find any description of the match rules here: http://openbsd.org/faq/pf/filter.html Are they the same syntax as block and pass rules? On Wed, Apr 17, 2013 at 4:56 AM, Peter N. M. Hansteen pe...@bsdly.netwrote: John Tate j...@johntate.org writes: I think I understand, can someone

Re: pf queueing and nat

Found it in the manpage pretty quick;y, silly me, apparently is the same. On Wed, Apr 17, 2013 at 5:16 PM, John Tate j...@johntate.org wrote: I can't find any description of the match rules here: http://openbsd.org/faq/pf/filter.html Are they the same syntax as block and pass rules? On

Re: pf queueing and nat

Well the ruleset loads, can anyone do a quick check of this in case I've done something stupid. I've never used match rules before. I'm not really sure how to test queueing to see if it works. # $OpenBSD: pf.conf,v 1.50 2011/04/28 00:19:42 mikeb Exp $ # # See pf.conf(5) for syntax and

Re: pf queueing and nat

On 2013-04-17, John Tate j...@johntate.org wrote: Well the ruleset loads, can anyone do a quick check of this in case I've done something stupid. I've never used match rules before. I'm not really sure how to test queueing to see if it works. see systat queue; run it as root. #queues altq

Re: pf queueing and nat

Stuart Henderson s...@spacehopper.org writes: On 2013-04-17, John Tate j...@johntate.org wrote: Well the ruleset loads, can anyone do a quick check of this in case I've done something stupid. I've never used match rules before. I'm not really sure how to test queueing to see if it works.

Re: pf queueing and nat

Well I had the bandwidth the wrong way around for my internet connection. I've been trying the other changes and now I have problems, I'm pretty sure I need to put _out and _in on the end... # pfctl -nf /etc/pf.conf /etc/pf.conf:39: exactly one scheduler type per interface allowed

Re: pf queueing and nat

Oh wait I've forgot to specify the interface. On Thu, Apr 18, 2013 at 5:45 AM, John Tate j...@johntate.org wrote: Well I had the bandwidth the wrong way around for my internet connection. I've been trying the other changes and now I have problems, I'm pretty sure I need to put _out and _in

pf queueing and nat

I am adding queueing to my pf based nat for my home network. Since there isn't a complete example involving nat and queuing I am not entirely sure where to put things. I've read the manual and I think I put things before the rdr-to rules. I also have a transparent ftp and http proxy. I am not

Re: pf queueing and nat

On Wed, 17 Apr 2013 03:32:52 +1000 John Tate j...@johntate.org wrote: I am adding queueing to my pf based nat for my home network. Since there isn't a complete example involving nat and queuing I am not entirely sure where to put things. I've read the manual and I think I put things before

Re: pf queueing and nat

as far as i remember in the man page of pf there are places where u can usually put the queueing rules so nat rules :) Date: Wed, 17 Apr 2013 03:32:52 +1000 Subject: pf queueing and nat From: j...@johntate.org To: misc@openbsd.org I am adding queueing to my pf based nat for my home network

Re: pf queueing and nat

I think I understand, can someone give me a look at a pf.conf with queueing and nat rules. It's hard to experiment because I'm logged in via ssh and would lose my connection every time I make a change. Unfortunately the machine connected to the firewall via null modem for a serial console has

Re: pf queueing and nat

John Tate j...@johntate.org writes: I think I understand, can someone give me a look at a pf.conf with queueing and nat rules. With an existing rule set in place, it's probably easier to do the queue assignment with a block of match rules. That way at least you don't affect the pass or block

Help with 4.0 pf queueing

I have the following setup: | | (67.95.100.16 - fxp4) | (67.95.100.17 - fxp4) |EXTERNAL| |

Re: Help with 4.0 pf queueing

On 2007/02/27 12:31, Albert Chin wrote: I created a queue to limit traffic on the internal interface connecting 'EXTERNAL FIREWALL' to 'WWW/FTP SERVER': altq on fxp1 cbq bandwidth 1.5Mb queue \ { queue_std, queue_ftp, queue_http } queue queue_std bandwidth 1.48Mb cbq(default)

Re: Help with 4.0 pf queueing

On Tuesday 27 February 2007 11:31 am, Albert Chin wrote: I have the following setup: | (67.95.100.16 - fxp4) | (67.95.100.17 - fxp4) |EXTERNAL|

Re: Help with 4.0 pf queueing

On Tue, Feb 27, 2007 at 12:40:41PM -0700, Tim Kuhlman wrote: On Tuesday 27 February 2007 11:31 am, Albert Chin wrote: [ snip snip ] You are queueing on fxp1 on the external firewall. This should affect traffic going from the external firewall to the www/ftp server, however it sounds like

Re: Help with 4.0 pf queueing

On Tue, Feb 27, 2007 at 07:57:58PM +, Stuart Henderson wrote: On 2007/02/27 12:31, Albert Chin wrote: I created a queue to limit traffic on the internal interface connecting 'EXTERNAL FIREWALL' to 'WWW/FTP SERVER': altq on fxp1 cbq bandwidth 1.5Mb queue \ { queue_std, queue_ftp,

Re: PF queueing

On 7/14/06, Bernd Schoeller [EMAIL PROTECTED] wrote: On Thu, Jul 13, 2006 at 08:53:31PM -0400, Jeff Quast wrote: You cannot control the speed at which packets arrive on an interface. Are you sure? I am sure. If it sounds unreasonable, get a live firehose, and see if you can control the amount

Re: PF queueing

On Friday 14 July 2006 20:43, Jeff Quast wrote: I am sure. If it sounds unreasonable, get a live firehose, and see if you can control the amount of water received in your mouth. Sure, but you can close your mouth a little and hope that he guy holding the hose will notice and throttle the flow.

Re: PF queueing

On 14/07/06, Jeff Quast [EMAIL PROTECTED] wrote: On 7/14/06, Bernd Schoeller [EMAIL PROTECTED] wrote: On Thu, Jul 13, 2006 at 08:53:31PM -0400, Jeff Quast wrote: You cannot control the speed at which packets arrive on an interface. Are you sure? I am sure. If it sounds unreasonable, get

Re: PF queueing

Tried that, didn't work. On 7/13/06, Pablo Halamaj [EMAIL PROTECTED] wrote: On 13/07/06, Der Engel [EMAIL PROTECTED] wrote: But isn't there some config or trick to do between the two interfaces to achieve this? On 7/13/06, Jeff Quast [EMAIL PROTECTED] wrote: On 7/13/06, Der Engel

Re: PF queueing

That rules-set design is where i'm stuck, If the upload of the pc in the lan is obeying to the std queue if should be able to queue to whatever speed i want, right?... Note: Trying to set upload speeds for a pc on the lan. # macros ext_if=dc0 int_if=vr1 tcp_services={ 22, 113 }

PF queueing

Hi! I have try for several days to achieve the following goal with PF but failed repeatedly, have read all the docs also, especially this http://www.openbsd.org/faq/pf/queueing.html The goal is: To be able to set dowload/upload speeds to PC's on the lan, so far i have succed in setting dowload

Re: PF queueing

On 7/13/06, Der Engel [EMAIL PROTECTED] wrote: Hi! I have try for several days to achieve the following goal with PF but failed repeatedly, have read all the docs also, especially this http://www.openbsd.org/faq/pf/queueing.html The goal is: To be able to set dowload/upload speeds to PC's on the

Re: PF queueing

On 7/13/06, Jeff Quast [EMAIL PROTECTED] wrote: You cannot control the speed at which packets arrive on an interface. Think about it. It may not be documented because its pretty much a duh. Yesterday I desperately tried to teach someone that burning the 1kb shortcut to a program that is on

Re: PF queueing

But isn't there some config or trick to do between the two interfaces to achieve this? On 7/13/06, Jeff Quast [EMAIL PROTECTED] wrote: On 7/13/06, Der Engel [EMAIL PROTECTED] wrote: Hi! I have try for several days to achieve the following goal with PF but failed repeatedly, have read all