[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: difficulty queueing fragments



On Sat, Nov 13, 2004 at 11:24:44AM -0700, jared r r spiegel wrote:
> ------------------------------------------------------------------------------  
> doublewide.hklocal.net $ sudo cat /etc/pffrag.conf
> e="fxp0"
> 
> nfs="2049"
> 
> trustedhosts="{" "<VPN>" "<HKLOCAL>" "}"
> 
> table <VPN>     persist const {192.168.0.0/16}
> table <HKLOCAL> persist const {$e:network}
> table <DOUBLEWIDE> persist const {$e $e:broadcast}
> 
> altq on $e priq bandwidth 100Mb queue {q-nfs q-bulk q-ack}
> queue q-nfs     priority 7 priq
> queue q-bulk    priority 4 priq(default)
> queue q-ack     priority 8 priq
> 
> block return log on $e all
> pass on $e proto {icmp icmp6} all keep state queue q-bulk
> pass on $e all keep state queue (q-bulk q-ack)
> pass in on $e inet proto udp from $trustedhosts to <DOUBLEWIDE> port $nfs \
> 	keep state queue q-nfs label "nfs"
> pass out on $e inet proto udp from <DOUBLEWIDE> port 2049 to $trustedhosts \
> 	keep state queue q-nfs label "nfs"
> pass on $e all fragment queue q-nfs label "fragment"
> ------------------------------------------------------------------------------  
>  
>   here is pfctl -vsq and -vsl output:
> 
> doublewide.hklocal.net $ sudo pfctl -vsl
> icmp 24438 0 0
> icmp 24438 0 0
> bulk 24438 43 2968
> nfs 24438 0 0
> nfs 24414 0 0
> nfs 24430 0 0
> nfs 0 0 0
> fragment 24441 24417 33951340
  
  i added those labels retroactively - upon close inspection you will see
  that they're not in the pf.conf above; but this is the pf.conf i am using
  justhat the one above didn't have the 'label' in it yet 
( i'm not trying to be sneaky - just had morning-itits ).
  so here is the current real full pf.conf with the labels added:
-------
e="fxp0"
nfs="2049"
trustedhosts="{" "<VPN>" "<HKLOCAL>" "}"
table <VPN>     persist const {192.168.0.0/16}
table <HKLOCAL> persist const {$e:network}
table <DOUBLEWIDE> persist const {$e $e:broadcast}
altq on $e priq bandwidth 100Mb queue {q-nfs q-bulk q-ack}
queue q-nfs     priority 7 priq
queue q-bulk    priority 4 priq(default)
queue q-ack     priority 8 priq
block return log on $e all
pass on $e proto {icmp icmp6} all keep state queue q-bulk label "icmp"
pass on $e all keep state queue (q-bulk q-ack) label "bulk"
pass in on $e inet proto udp from $trustedhosts to <DOUBLEWIDE> port $nfs \
	keep state queue q-nfs label "nfs"
pass out on $e inet proto udp from <DOUBLEWIDE> port 2049 to $trustedhosts \
	keep state queue q-nfs label "nfs"
pass on $e all fragment queue q-nfs label "fragment"
-------
  so please don't throw me off the boat for that.
>   jared
-- 
[ openbsd 3.6 GENERIC ( nov 4 ) // i386 ]