I've tried very hard to make it concise and avoided any references to
underlying algorithms.
OK?
---
share/man/man5/pf.conf.5 | 47 ++++++++++++++++++++++++++++++++++++++++++++---
1 file changed, 44 insertions(+), 3 deletions(-)
diff --git share/man/man5/pf.conf.5 share/man/man5/pf.conf.5
index e0e8e897768..5c886c0cb3a 100644
--- share/man/man5/pf.conf.5
+++ share/man/man5/pf.conf.5
@@ -46,11 +46,11 @@ This is an overview of the sections in this manual page:
.It Sx PACKET FILTERING
including network address translation (NAT).
.It Sx OPTIONS
globally tune the behaviour of the packet filtering engine.
.It Sx QUEUEING
-provides rule-based bandwidth control.
+provides rule-based bandwidth and traffic control.
.It Sx TABLES
provide a method for dealing with large numbers of addresses.
.It Sx ANCHORS
are containers for rules and tables.
.It Sx STATEFUL FILTERING
@@ -1562,10 +1562,48 @@ pass out on em0 inet proto tcp from $employeehosts to
any port 80 \e
pass out on em0 inet proto tcp from any to any port 22 \e
set queue(ssh_bulk, ssh_interactive)
pass out on em0 inet proto tcp from any to any port 25 \e
set queue mail
.Ed
+.Pp
+Additionally to the bandwidth management a fair traffic sharing option
+is provided via a flow queue.
+When packets are classified by the stateful inspection engine, a flow
+identifier is assigned to all packets belonging to this state.
+A flow queue splits the outgoing traffic according to these identifiers
+into individual queues and services them in a way that provides equal
+opportunities for all connections to progress.
+.Pp
+Configuration of a flow queue is similar to a regular one, however flow
+queues don't build a hierarchy and thus only one flow queue may be
+specified per interface.
+.Pp
+The core parameter of a flow queue is a number of expected simultaneous
+connections, or
+.Cm flows ,
+bounded by the resolution of the flow identifier (the current
+implementation is able classify traffic into 32767 distinct flows).
+Thus minimal flow queue configuration is:
+.Bd -literal -offset indent
+queue fq on em0 flows 1024
+.Ed
+.Pp
+Another value affecting the flow queue is a quantum of service.
+The lower the
+.Cm quantum
+the more advantage is given to streams of small packets at the expense
+of bulk transfers.
+The default value for
+.Cm quantum
+is selected based on the configured Maximum Transmission Unit (MTU)
+of the specified interface.
+.Pp
+An additional configuration option
+.Cm qlimit
+sets the queue depth shared among all flows.
+The default is 1024.
+.El
.Sh TABLES
Tables are named structures which can hold a collection of addresses and
networks.
Lookups against tables in
.Xr pf 4
@@ -2693,13 +2731,16 @@ anchor-rule = "anchor" [ string ] [ ( "in" | "out" )
] [ "on" ifspec ]
anchor-close = "}"
load-anchor = "load anchor" string "from" filename
queueopts-list = queueopts-list queueopts | queueopts
-queueopts = [ "bandwidth" bandwidth ] | [ "min" bandwidth ] |
+queueopts = ([ "bandwidth" bandwidth ] | [ "min" bandwidth ] |
[ "max" bandwidth ] | [ "parent" string ] |
- [ "default" ] | [ "qlimit" number ]
+ [ "default" ]) |
+ ([ "flows" number ] | [ "quantum" number ]) |
+ [ "qlimit" number ]
+
bandwidth = bandwidth-spec [ "burst" bandwidth-spec "for" number "ms" ]
bandwidth-spec = number ( "" | "K" | "M" | "G" )
action = "pass" | "match" | "block" [ return ]
return = "drop" | "return" |
--
2.12.2
