kern/119661: [pf] "queue (someq, empy_acks)" doesn't work

clemens fischer ino-news at spotteswoode.dnsalias.org
Mon Jan 14 11:05:07 PST 2008 

On Mon, 14 Jan 2008 15:21:13 GMT linimon@ wrote:

> Over to maintainer(s).
> http://www.freebsd.org/cgi/query-pr.cgi?pr=119661

and mlaier@ wrote:

> Works for me with the exact same rule.  Can you provide more details
> to freebsd-pf@ for discussion and analysis?

first of, thanks for testing and verifying the rule. i was afraid to
even start experimenting after a few tries.

'uname -rims' -> FreeBSD 7.0-PRERELEASE i386 spott_fbsd7_i386

soo, the solution to my problem needs rewriting the rules a little bit.
if i do this:

  logging="log (all)"
  q_interactive="queue (interactive, tcp_ack)"

  set skip on lo0
  set debug urgent
  scrub in all

  # Queueing: rule-based bandwidth control.
  altq on $ext_if $ext_if_bw cbq queue { dflt, background, interactive, tcp_ack }
  queue dflt bandwidth 15% cbq(default)
  queue interactive bandwidth 50% priority 5 cbq(borrow)
  queue background  bandwidth 30% priority 3 cbq(red)
  queue tcp_ack bandwidth 5% priority 7 cbq(borrow)

  ...
  pass out $logging \
    proto tcp \
    from any to ! <badhosts> \
    modulate state \
    label "$nr: outbound $proto keep state" $q_interactive

the rules are not parsed correctly.  the last rule simply disappears
without any error message.  but if i write that particular rule as:

  ...
  pass out $logging \
    proto tcp \
    from any to ! <badhosts> \
    modulate state \
    $q_interactive label "$nr: outbound $proto keep state"

(note the reversal of the label and the queue option) the rule is parsed
and seems to work correctly.

if you study the output of "pfctl -sa", you'll see:

  pass out log (all) proto tcp from any to ! <badhosts> flags S/SA \
  modulate state label "27: outbound tcp keep state" \
  queue(interactive, tcp_ack)

which is the way i wrote it in the first place.  pf.conf(5) specifies no
particular order in the BNF.

it seems to be a problem of the rule parser. as there's an easy
workaround, i'll post a followup to the PR to that effect and would like
you to close it.

regards, clemens

More information about the freebsd-pf mailing list