From owner-freebsd-stable@freebsd.org Thu Dec 17 20:07:27 2015 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5673AA49D4D for ; Thu, 17 Dec 2015 20:07:27 +0000 (UTC) (envelope-from ken@kdm.org) Received: from mithlond.kdm.org (mithlond.kdm.org [96.89.93.250]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "A1-33714", Issuer "A1-33714" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 20DE51B34 for ; Thu, 17 Dec 2015 20:07:26 +0000 (UTC) (envelope-from ken@kdm.org) Received: from mithlond.kdm.org (localhost [127.0.0.1]) by mithlond.kdm.org (8.15.2/8.14.9) with ESMTPS id tBHK7PT8013353 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 17 Dec 2015 15:07:25 -0500 (EST) (envelope-from ken@mithlond.kdm.org) Received: (from ken@localhost) by mithlond.kdm.org (8.15.2/8.14.9/Submit) id tBHK7P9S013352; Thu, 17 Dec 2015 15:07:25 -0500 (EST) (envelope-from ken) Date: Thu, 17 Dec 2015 15:07:25 -0500 From: "Kenneth D. Merry" To: Mike Tancsa Cc: FreeBSD-STABLE Mailing List Subject: Re: traffic shaping on RELENG_10 ? Message-ID: <20151217200724.GA13201@mithlond.kdm.org> References: <5671C78A.4030807@sentex.net> <20151217192433.GA12383@mithlond.kdm.org> <56730EB6.9020507@sentex.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <56730EB6.9020507@sentex.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mithlond.kdm.org [127.0.0.1]); Thu, 17 Dec 2015 15:07:25 -0500 (EST) X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mithlond.kdm.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Dec 2015 20:07:27 -0000 On Thu, Dec 17, 2015 at 14:36:22 -0500, Mike Tancsa wrote: > On 12/17/2015 2:24 PM, Kenneth D. Merry wrote: > > It took me a while to get ALTQ working. More below.. > > Thank you very much for the detail! Are you running any patches ? I > seem to recall over the years the pfsense folks with patches to pf to > get it to play well. However, I dont know if thats relevant to > RELENG_10 or not. No patches, just stable/10. > I wonder if there is a similar issue with the re driver and altq. I > tried to get it to work on the old zoo and never once was able to shape > a packet :( I'm not sure. It uses if_start, not if_transmit, so in theory it would work. > In my case, I just want to prevent a process from eating up bandwidth by > accident so dummynet does the trick just fine. I am going to try this > new box with em nics and see if I can get altq to work. It would be > nice if its in one config file and I dont have to have multiple firewall > systems. The em(4) driver does work for ALTQ. And I'm sure ALTQ will work fine with pf. We (and by that I mean someone other than me) should fix things so that it is easy to use ALTQ with a multi-queue NIC. i.e. an easy to follow netgraph recipe that will setup ng_iface on top of your NIC and use ALTQ on that. Or another solution would be to modify ALTQ so that it'll work with NICs that use if_transmit one way or another. > Just curious, since you had altq working, why did you not want to just > use pf for your firewall rules and natting ? Inertia. I've had the same basic firewall setup for a long time, and didn't want to figure out the right way to re-write it in pf. Ken -- Kenneth Merry ken@FreeBSD.ORG