[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PF and IP Precedence

What exactly does PF think 'lowdelay' is though? I need to specificly make sure IP precedence 5 packets are given priority over other traffic (except maybe IP precedence 6 and 7).

I found buried in the pf.conf man page that I should be able to specify a TOS value using something like:

pass out on IF inet proto tcp from any to any tos 0xYY keep state queue QUEUE

where YY is, I assume, the hexadecimal TOS byte.

I really don't want to specify ports because all the VoIP traffic may not use the same ports all the time. I want to give priority to and/or allocate bandwidth to packets based on thier IP precedence/DSCP/TOS value.

If PF gives priority to packets based on thier IP precedence/DSCP value automaticly, I don't really have to worry about it unless I want to make sure a specific amount of bandwidth is always available for certain TOS value packets.

So, assuming I need to use the tos option in my rules to make things work the way I want, my next question is can multiple TOS values be specified in the same rule or do I need to make separate rules for each TOS value?


Henning Brauer wrote:
* John Merriam <[email protected]> [2005-03-23 17:50]:

Hello. I'm using PF on FreeBSD 5.3. I would like to know how PF handles precedence information in IP packets. I'm referring to the header data described in RFC 1812 sections 5.3.2 and 5.3.3 (part of TOS byte).

I guess the first question would be, does PF handle precedence automatically?

If not, can prioritization based on IP precedence be achieved with ALTQ or some other mechanism?

yes, you can specify two queues per rule, one we call "priority queue", and packets with precedence set to lowdelay go to said prio queue.

it's not like the manpage wouldn't document that of course

     Packets can be assigned to queues based on filter rules by using the
     queue keyword.  Normally only one queue is specified; when a second one
     is specified it will instead be used for packets which have a TOS of
     lowdelay and for TCP ACKs with no data payload.

     To continue the previous example, the examples below would specify the
     four referenced queues, plus a few child queues.  Interactive ssh(1) ses-
     sions get priority over bulk transfers like scp(1) and sftp(1).  The
     queues may then be referenced by filtering rules (see PACKET FILTERING

     queue std bandwidth 10% cbq(default)
     queue http bandwidth 60% priority 2 cbq(borrow red) \
           { employees, developers }
     queue  developers bandwidth 75% cbq(borrow)
     queue  employees bandwidth 15%
     queue mail bandwidth 10% priority 0 cbq(borrow ecn)
     queue ssh bandwidth 20% cbq(borrow) { ssh_interactive, ssh_bulk }
     queue  ssh_interactive priority 7
     queue  ssh_bulk priority 0

     block return out on dc0 inet all queue std
     pass out on dc0 inet proto tcp from $developerhosts to any port 80 \
           keep state queue developers
     pass out on dc0 inet proto tcp from $employeehosts to any port 80 \
           keep state queue employees
     pass out on dc0 inet proto tcp from any to any port 22 \
           keep state queue(ssh_bulk, ssh_interactive)
     pass out on dc0 inet proto tcp from any to any port 25 \
           keep state queue mail


John Merriam
NETPLEX  Technical Specialist
[email protected]  (860)233-1111 x303

Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this e-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this e-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately.