From owner-freebsd-pf@FreeBSD.ORG  Sun Nov 14 16:33:27 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1337B16A4CE
	for <freebsd-pf@freebsd.org>; Sun, 14 Nov 2004 16:33:27 +0000 (GMT)
Received: from ctb-mesg1.saix.net (ctb-mesg1.saix.net [196.25.240.73])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 28EDF43D31
	for <freebsd-pf@freebsd.org>; Sun, 14 Nov 2004 16:33:26 +0000 (GMT)
	(envelope-from shane@virtek.co.za)
Received: from uranus (tbnb-46-49.telkomadsl.co.za [165.165.46.49])
	by ctb-mesg1.saix.net (Postfix) with SMTP
	id DCEB36030; Sun, 14 Nov 2004 18:33:21 +0200 (SAST)
Message-ID: <008b01c4ca67$98851fc0$320a0a0a@uranus>
From: "Shane James" <shane@virtek.co.za>
To: "Max Laier" <max@love2party.net>, <freebsd-pf@freebsd.org>
Date: Sun, 14 Nov 2004 18:32:54 +0200
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: Re: FreeBSD ALTQ + PF Problem
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Nov 2004 16:33:27 -0000

Sorry about that one, here is my current rule set.. it's small as I'm =
just=20
trying to get it to work, for now. It seems the traffic is being =
assigned to the que, it's just not limiting it correctly

Here's what it looks like after I do a 'pfctl -vvsq'

queue  argon_u bandwidth 10Mb hfsc( realtime 64Kb upperlimit 64Kb )=20
  [ pkts:          4  bytes:        676  dropped pkts:      0 bytes:     =
 0 ]
  [ qlength:   0/ 50 ]

queue  argon_d bandwidth 10Mb hfsc( realtime 64Kb upperlimit 64Kb )=20
  [ pkts:          5  bytes:        613  dropped pkts:      0 bytes:     =
 0 ]
  [ qlength:   0/ 50 ]


 Macros
uplink_if=3D"sis0" # External Interface
hosting_if=3D"rl0" # Internal Interface
access_if=3D"rl1" # Access Network

# Options: tune the behavior of pf, default values are given.
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 10000, frags 5000 }
set loginterface none
set optimization normal
set block-policy drop
set require-order yes
#set fingerprints "/etc/pf.os"

# Normalization
scrub in all

# ALTQ
altq on $uplink_if bandwidth 10Mb hfsc queue { dflt_u, argon_u }
queue argon_u hfsc(realtime 64Kb upperlimit 64Kb)
queue dflt_u hfsc(default upperlimit 128Kb)

altq on $hosting_if bandwidth 10Mb hfsc queue { dflt_d, argon_d }
queue argon_d hfsc(realtime 64Kb upperlimit 64Kb)
queue dflt_d hfsc(default upperlimit 128Kb)

# argon.virtek.co.za
pass out on $uplink_if from 196.23.168.137 to any keep state queue =
argon_u
pass out on $hosting_if from any to 196.23.168.137 keep state queue =
argon_d
block in on $uplink_if proto tcp from any to 196.23.168.137 port 22


On Saturday 13 November 2004 21:58, Shane James wrote:
> Hey guys,
>
> I'm having a problem with pf + altq on FreeBSD 5.2.1 (FreeBSD
> uplink-rtr-jhb.virtek.co.za 5.2.1-RELEASE-p11 FreeBSD =
5.2.1-RELEASE-p11=20
> #1:
> Sat Nov 13 15:59:38 SAST 2004
> root@uplink-rtr-jhb.virtek.co.za:/usr/src/sys.altq/i386/compile/UPLINK
> i386)
>
> The Traffic I assign to queue's does not get limited according to the
> specific limit, it only get's limited by the global bandwidth limited
> assign to the specific NIC.
> e.g. I assign traffic to a queue(argon_d) which is limited to 128Kb... =
but
> it performs at 256Kb which is what the NIC is set to. therefore not =
being
> assigned to it's designated queue. is it at all possible that this is =
a
> problem perhaps with my Network cards... if not... any suggestions?
>
> pf.conf
>
> altq on $uplink_if bandwidth 256Kb hfsc queue { dflt_u, argon_u }
> queue argon_u hfsc(realtime 64Kb upperlimit 64Kb)
> queue dflt_u hfsc(default upperlimit 128Kb)
>
> altq on $hosting_if bandwidth 256Kb hfsc queue { dflt_d, argon_d }
> queue argon_d hfsc(realtime 64Kb upperlimit 64Kb)
> queue dflt_d hfsc(default upperlimit 128Kb)
>
> #assign argon traffic
> pass out on $uplink_if from 196.23.168.137 to any keep state queue =
argon_u
> pass out on $hosting_if from any to 196.23.168.137 keep state queue=20
> argon_d

I assume that is not your *complete* ruleset?!? Can everybody please =
post
complete rulesets when asking for help? It is okay to emphasize the =
parts
that you think are important as it will help to understand the problem, =
but
giving advice or debugging it impossible without the complete ruleset.

Other than that, what does "$pfctl -vvsq" tell you? Does it show that=20
traffic
is being assigned to the small queue at all?

--=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News