pf and ALTQ - I Don't Understand
Drew Tomlinson
drew at mykitchentable.net
Sun Apr 8 17:12:21 UTC 2007
I am struggling to get pf set up correctly. Specifically I don't
understand why I don't see any packets in the "pfctl -vs queue" output
for a queue I named "voip_out". I see the packets matching rule 61 &
rule 62 when viewing the log with "tcpdump -netttti pflog0":
2007-04-08 09:54:25.392552 rule 61/0(match): pass in on dc0:
192.168.1.7.5060 > 72.165.163.9.5060: SIP, length: 394
2007-04-08 09:54:54.580693 rule 62/0(match): pass in on dc0: 192.168.1.7
> 192.168.1.2: ICMP echo request, id 16724, seq 43514, length 40
2007-04-08 09:55:13.532744 rule 61/0(match): pass in on dc0:
192.168.1.7.5060 > 72.165.163.9.5060: SIP, length: 394
Rules 61 & 62 are:
@61 pass log quick inet proto udp from 192.168.1.7 to any keep state
queue voip_out
[ Evaluations: 7237 Packets: 44 Bytes: 18502 States:
1 ]
@62 pass log quick inet proto icmp from 192.168.1.7 to any keep state
queue voip_out
[ Evaluations: 331 Packets: 142 Bytes: 8520 States:
1 ]
Yet here is the "pfctl -vs queue" output:
queue voip_out bandwidth 175Kb priority 6 hfsc( realtime 140Kb )
[ pkts: 0 bytes: 0 dropped pkts: 0
bytes: 0 ]
[ qlength: 0/ 50 ]
[ measured: 0.0 packets/s, 0 b/s ]
I have rules to prioritize http traffic and queuing works as expected
there. Can anyone please explain to me why I am seeing this behavior?
And is there some way to actually watch traffic passing through the queues?
Thanks,
Drew
--
Be a Great Magician!
Visit The Alchemist's Warehouse
http://www.alchemistswarehouse.com
More information about the freebsd-pf
mailing list