From owner-freebsd-pf@FreeBSD.ORG Mon May 12 12:58:11 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F9351065670 for ; Mon, 12 May 2008 12:58:11 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.177]) by mx1.freebsd.org (Postfix) with ESMTP id D110A8FC19 for ; Mon, 12 May 2008 12:58:10 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-005-247.pools.arcor-ip.net [88.66.5.247]) by mrelayeu.kundenserver.de (node=mrelayeu5) with ESMTP (Nemesis) id 0ML25U-1JvXbV2cTU-0007Ke; Mon, 12 May 2008 14:58:09 +0200 Received: (qmail 90423 invoked from network); 12 May 2008 12:56:34 -0000 Received: from myhost.laiers.local (192.168.4.151) by ns1.laiers.local with SMTP; 12 May 2008 12:56:34 -0000 From: Max Laier Organization: FreeBSD To: freebsd-pf@freebsd.org Date: Mon, 12 May 2008 14:53:31 +0200 User-Agent: KMail/1.9.9 References: <326998.93432.qm@web76107.mail.sg1.yahoo.com> In-Reply-To: <326998.93432.qm@web76107.mail.sg1.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200805121453.32022.max@love2party.net> X-Provags-ID: V01U2FsdGVkX189wYVgjg/Y19YUpMcRevsOMRVeAzDiAIq3ksM dQFrYrbrNwPiMB5PY/iajjfZpPfaYfpoROVXR0NRcFCTWC33m1 iS2i/ahEjo+pjLoXnRX+Q== Cc: Subject: Re: Using ALTQ without PF in FreeBSD X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2008 12:58:11 -0000 Hello Diego, On Monday 12 May 2008 07:41:30 Diego Salvador wrote: > Hi! Is it possible to use ALTQ in FreeBSD without PF? Because what I > want to achieve is to build a QoS system/machine in a Diffserv or > Intserv network without firewall. It seems like ALTQ is tightly coupled > with PF. I have read this http://pf4freebsd.love2party.net/altq.html > that ALTQ integration in FreeBSD is in PF-Mode not in COMPAT Mode? Can > someone elaborate the difference between these types of modes? The info > describes FreeBSD-5, Is it still affecting FreeBSD-6.2/6.3 and > FreeBSD-7.0 releases? In NetBSD, ALTQ can be used without PF or other > means of firewall. basically there are two parts to traffic shaping: 1) Classification of traffic 2) The actual queuing ALTQ used to do both, i.e. you could specify classifications based on src/dst/dscp/... in altqd and it would dig into the packets itself. This classification, however, turned out to be absolutely incompatible with the SMPng goals and when I imported ALTQ it was decided to disable it (because nobody had interest in locking it down for SMPng compliance). The classification in "PF-mode" is rather simple: any firewall (or other policy tool plugged into the pfil(9) API) can classify packets for ALTQ by adding a mbuf_tag to the packet. ALTQ only takes care of the actual queuing. Today, IPFW and PF are able to classify packets this way. IIRC, there are patches floating around to teach IPFW about DSCP (they might even be in the tree already). If neither tool meets your requirements, it should be easy enough to plug an application specific filter into pfil(9) that would do the classification. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News