From owner-freebsd-pf@FreeBSD.ORG Sun Jan 28 12:25:11 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A10FE16A401 for ; Sun, 28 Jan 2007 12:25:11 +0000 (UTC) (envelope-from jarthel@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.236]) by mx1.freebsd.org (Postfix) with ESMTP id 22E8813C461 for ; Sun, 28 Jan 2007 12:25:11 +0000 (UTC) (envelope-from jarthel@gmail.com) Received: by wx-out-0506.google.com with SMTP id s18so1312740wxc for ; Sun, 28 Jan 2007 04:25:10 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=OYGddcn1DZIn12EfkyC1vgs8xRX7hI6ldXWuJo7yo0N+JsMHGy9kckCOMlIeb3TXU7tGZxHbpGGjDaFnXntnxQWXYFtZaKBLpBHxVguKsBIFn4QIjAS/88b/ultKe4iShfr4pEWrXYer/Q3D0WkP3CpXlt0Ih5b+Vbs8H6XY4fc= Received: by 10.70.87.5 with SMTP id k5mr10528241wxb.1169987110470; Sun, 28 Jan 2007 04:25:10 -0800 (PST) Received: by 10.70.37.20 with HTTP; Sun, 28 Jan 2007 04:25:10 -0800 (PST) Message-ID: Date: Sun, 28 Jan 2007 22:55:10 +1030 From: "Jayel Villamin" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: packet shaping - borrow option not working? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jan 2007 12:25:11 -0000 I am currently downloading something via FTP (using socks). The socks queue has been alloted 148Kbps. Without the queue, I can download up to my max download speed (whatever is the max for a 512/128 Kbps DSL connection). With the queue, download speed is averaging 157Kbps. here's the screenshot of pfctl -s queue -vv => http://img260.imageshack.us/my.php?image=untitled1mr6.gif I have looked at the PF FAQ in openbsd.org and I do not see any reason why BORROW shouldn't be working. your help is much appreciated. thank you very much in advance here's the conf file I used to disable the queues ============ -> cat /root/config/pass_all.conf scrub all fragment reassemble ext_if = "tun0" sakaki_nic2 = "fxp1" nat on $ext_if from $sakaki_nic2:network to any -> ($ext_if) pass quick all ==================== here's my /etc/pf.conf ===================== #copy to /etc ######################################################################### #macros ############################################## #interfaces ext_if = "tun0" sakaki_nic2_if = "fxp1" loopback_if = "lo0" ############################################## #ports sakaki_nic2_if_in_tcp_to_others = "{ gmail_pop3 gmail_smtp chikka 5050 }" tomo_only_voip = "{ 5060, 16384:16482 }" ######################################################################### #Tables table persist { 192.168.0.2/32 } table persist { 192.168.0.3/32 } ######################################################################### #PF options set limit { frags 20000, states 20000 } set loginterface $ext_if set optimization normal set block-policy drop ######################################################################### #Scrub packets scrub all reassemble tcp fragment reassemble ######################################################################### #ALTQ altq on $ext_if priq bandwidth 82Kb queue { q_default, q_ssh, q_apache, q_udp, q_tcp_ack } queue q_default priq (default) queue q_ssh priority 3 priq(red) queue q_apache priority 5 queue q_udp priority 12 queue q_tcp_ack priority 14 altq on $sakaki_nic2_if cbq bandwidth 100% queue { q2_out, q2_local } queue q2_out bandwidth 452Kb { q2_out_socks, q2_out_default } queue q2_out_socks bandwidth 148Kb cbq(borrow) queue q2_out_default bandwidth 304Kb cbq(default borrow) queue q2_local bandwidth 97% cbq (red borrow) ######################################################################### #NAT #pass in quick on $ext_if inet proto udp from any port voip_proxy to keep state queue q_udp nat on $ext_if from $sakaki_nic2_if:network to any -> ($ext_if) ######################################################################### #Redirection #rdr on $ext_if proto udp from any port voip_proxy -> rdr on $ext_if proto { tcp udp } from any to ($ext_if) port bittorrent -> ######################################################################### #Packet filtering ############################################## #Default block block log all ############################################## #Outbound rules for ext_if pass out quick on $ext_if inet proto udp all keep state queue q_udp pass out quick on $ext_if inet proto tcp all keep state queue (q_default_out, q_tcp_ack) pass out quick on $ext_if inet proto icmp all keep state #Inbound rules for ext_if pass in quick on $ext_if inet proto tcp from any to ($ext_if) port apache_squid flags S/SA keep state queue q_apache pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ssh flags S/SA keep state queue q_ssh pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ident flags S/SA keep state queue q_default #for the redirect rules above pass in quick on $ext_if inet proto { tcp udp} from any to port bittorrent flags S/SA keep state queue q_default ############################################## #Inbound rules for sakaki_nic2_if pass in quick on $sakaki_nic2_if proto udp from $sakaki_nic2_if:network to ($sakaki_nic2_if) keep state queue q2_local pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) port socks flags S/SA keep state queue q2_out_socks pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) port squid flags S/SA keep state queue q2_out_default pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to any port $sakaki_nic2_if_in_tcp_to_others flags S/SA keep state queue q2_out_default pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) flags S/SA keep state queue q2_local #Outbound rules for sakaki_nic2_if pass out quick on $sakaki_nic2_if all keep state queue q2_local ############################################## #Allow loopback connections pass quick on $loopback_if all ############################################## #Antispoof all interfaces antispoof log quick for { $ext_if, $sakaki_nic2_if } ===========================