From owner-freebsd-net@FreeBSD.ORG Mon Nov 1 13:12:26 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6AABB16A4CE for ; Mon, 1 Nov 2004 13:12:26 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1003043D49 for ; Mon, 1 Nov 2004 13:12:26 +0000 (GMT) (envelope-from vincepoy@gmail.com) Received: by rproxy.gmail.com with SMTP id 79so130249rnk for ; Mon, 01 Nov 2004 05:12:18 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=NrICZV4DmaoczWVh7QCZhV7h+gU71srJ/CM0gue+CZBlqsb1vkOhYU2vI+OyhysplgEFUrdPUdFJr/zO812Z2mFnAUG9JprG87QvbUSPCGCCPCdnQ2M6TJMsRA9GqUTJ+dA3KeSMFVerO8FfUyrlnP/oy0vJievrSOdffcdEFFA= Received: by 10.38.66.4 with SMTP id o4mr711166rna; Mon, 01 Nov 2004 05:12:18 -0800 (PST) Received: by 10.38.14.49 with HTTP; Mon, 1 Nov 2004 05:12:18 -0800 (PST) Message-ID: <429af92e041101051237e534e3@mail.gmail.com> Date: Mon, 1 Nov 2004 05:12:18 -0800 From: Vincent Poy To: Joost Bekkers , Vincent Poy , freebsd-net@freebsd.org In-Reply-To: <20041101120900.GA36917@bps.jodocus.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <200410300927.51286.ari@suutari.iki.fi> <429af92e04103118435b35f235@mail.gmail.com> <016901c4bfe5$77c19d90$2508473e@sad.syncrontech.com> <429af92e041101021638e8598e@mail.gmail.com> <20041101120900.GA36917@bps.jodocus.org> Subject: Re: ipfw and ipsec processing order for outgoing packets wrong X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Vincent Poy List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Nov 2004 13:12:26 -0000 On Mon, 1 Nov 2004 13:09:00 +0100, Joost Bekkers wrote: > On Mon, Nov 01, 2004 at 02:16:42AM -0800, Vincent Poy wrote: > > > > 63004 667879 129410867 queue 1 tcp from any to any tcpflags ack out > > 63005 1 40 queue 2 tcp from any to any dst-port 22,23 out > > 63006 38782 3364689 queue 2 udp from any to any not > > dst-port 80,443 out > > 63007 43021 2194871 queue 3 ip from any to any dst-port 80,443 out > > 63008 5467 405319 queue 4 ip from any to any out > > > > The counters for queue 1 keeps increasing when I do a ftp out even for > > non-ACK packets but the other counters for queue 2-4 doesn't move at > > all so it seems like everything is going out one queue instead of what > > the rules actually say. I have one pipe configured as 480Kbit/sec > > which is what rules 63005-63008 does. > > > > How do you define 'non-ack' packets in yopur mind? Your ipfw rule > seems to define it as 'having the ack flag set' which is for all > intents and purpouses every tcp packet. Only the very first SYN > packet doesn't have the ack flag set. > > -- > greetz Joost > joost@jodocus.org Well, how else would one prioritze outgoing acks? That was the way everyone has it done. What I want to do is have ACKs have priority going out as with ADSL, the outgoing pipe is always smaller than the incoming pipe and when you upload and download at the same time, unless the ACKs go out first, the downloads will be really slow. Cheers, Vince