[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and IP Precedence



* John Merriam <[email protected]> [2005-03-23 17:50]:
> Hello.  I'm using PF on FreeBSD 5.3.  I would like to know how PF 
> handles precedence information in IP packets.  I'm referring to the 
> header data described in RFC 1812 sections 5.3.2 and 5.3.3 (part of TOS 
> byte).
> 
> I guess the first question would be, does PF handle precedence 
> automatically?
> 
> If not, can prioritization based on IP precedence be achieved with ALTQ 
> or some other mechanism?
yes, you can specify two queues per rule, one we call "priority queue", 
and packets with precedence set to lowdelay go to said prio queue.
it's not like the manpage wouldn't document that of course
     Packets can be assigned to queues based on filter rules by using the
     queue keyword.  Normally only one queue is specified; when a second one
     is specified it will instead be used for packets which have a TOS of
     lowdelay and for TCP ACKs with no data payload.
     To continue the previous example, the examples below would specify the
     four referenced queues, plus a few child queues.  Interactive ssh(1) ses-
     sions get priority over bulk transfers like scp(1) and sftp(1).  The
     queues may then be referenced by filtering rules (see PACKET FILTERING
     below).
     queue std bandwidth 10% cbq(default)
     queue http bandwidth 60% priority 2 cbq(borrow red) \
           { employees, developers }
     queue  developers bandwidth 75% cbq(borrow)
     queue  employees bandwidth 15%
     queue mail bandwidth 10% priority 0 cbq(borrow ecn)
     queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk }
     queue  ssh_interactive priority 7
     queue  ssh_bulk priority 0
     block return out on dc0 inet all queue std
     pass out on dc0 inet proto tcp from $developerhosts to any port 80 \
           keep state queue developers
     pass out on dc0 inet proto tcp from $employeehosts to any port 80 \
           keep state queue employees
     pass out on dc0 inet proto tcp from any to any port 22 \
           keep state queue(ssh_bulk, ssh_interactive)
     pass out on dc0 inet proto tcp from any to any port 25 \
           keep state queue mail
-- 
Henning Brauer, [email protected], [email protected]
BS Web Services, http://bsws.de
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...