PF AltQ: "match ... queue" with multiple queues

ogogon

ogogon

Colleagues, please explain one aspect that I do not understand.

I study the description of queues, in particular the type of HFSC. For example, I describe a queue:

Code: 
altq on $ext_if bandwidth $ext_bw hfsc queue { main, spamd }
queue main bandwidth 99% priority 7 qlimit 100 hfsc (realtime 20%, linkshare 99%) \
{ q_pri, q_def, q_web, q_dns }
queue q_pri bandwidth 3% priority 7 hfsc (realtime 0, linkshare 3% red )
queue q_def bandwidth 47% priority 1 hfsc (default realtime 30% linkshare 47% red)
queue q_web bandwidth 47% priority 1 hfsc (realtime 30% linkshare 47% red)
queue q_dns bandwidth 3% priority 7 qlimit 100 hfsc (realtime (30Kb 3000 12Kb), \
linkshare 3%)
queue spamd bandwidth 0% priority 0 qlimit 300 hfsc (realtime 0, upperlimit 1%, \
linkshare 1%)

(This examples from "The Book of PF")
Next, I associate traffic filtering rules with these queues. For example:

Code: 
match out on $ext_if from $air_if:network nat-to ($ext_if) queue (q_def, q_pri)
match out on $ext_if from $int_if:network nat-to ($ext_if) queue (q_def, q_pri)
match out on $ext_if proto tcp to port { www https } queue (q_web, q_pri)
match out on $ext_if proto { tcp udp } to port domain queue (q_dns, q_pri)
match out on $ext_if proto icmp queue (q_dns, q_pri)

In all cases of this example, two queues are specified by name.
I understand why this is done - so that for the same connection, frames of different types (ACK or data) have different priorities.

But I don't understand how pf gets information about which queue belongs to which case!
(What if I specify three queues?) Unfortunately, all authors write about this aspect as a matter of course and do not explain it in any way.

Thanks in advance for an explanation,
Ogogon.
 
I'd think that the man page is pretty clear:

queue ⟨queue⟩ | (⟨queue⟩, ⟨queue⟩)
Packets matching this rule will be assigned to the specified queue.
If two queues are given, packets which have a TOS of lowdelay and TCP
ACKs with no data payload will be assigned to the second one. See
QUEUEING for setup details.

For example:

pass in proto tcp to port 25 queue mail
pass in proto tcp to port 22 queue(ssh_bulk, ssh_prio)
Click to expand...

In other words: TCP ACKs and any traffic that has a low delay TOS set in the IP(v6) header will go into the second queue. All other traffic goes into the first.
You cannot specify three queues. pfctl will refuse your rule.

Also note that 'match' is currently not yet supported in any released version (and where it is it can only be used to assign queues).
 
You must log in or register to reply here.
Back
Top