Henning Brauer said:* Per-Olov Sjöholm <[email protected]> [2004-04-23 23:21]:This is fact:
* Queue on the outgoing interface
* On a bridge it is according to the FAQ at OpenBSD "STRONGLY" recommended to filter on just ONE interface and pass everything on the other. (Have not read that much to take a debate on this...)
but there's nor much relation between those two. you can filter on just one interface and queue on all.
Yes I know... I think I could have choosen my words better. The reason for the question in the first place was that I have seen many bridge examples where people have followed the FAQ blindly, and done everything on the same interface (filter and queueing), and just "pass on xxx all" (with NO queueing) on the other. And this even though they queue in both directions.
So... The queueing must be done on the outgoing interface, no matter if it's set up as a bridge or not. Right ? This means that over 90% of all bridge examples I have seen on the net where queueing takes place in two directions are wrong. Or did I mess something up here ?
you just classify unsing pf, adding mbuf tags telling the queueing code (which lives much further down the chain) where to enqueue. wether you write the tag on the same interface as the queues lives on or not doesn't matter (except for the packets leave kernel land in between, aka ftp-proxy etc, obviously).