From owner-freebsd-pf@FreeBSD.ORG Mon May 1 02:32:39 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 810AB16A404; Mon, 1 May 2006 02:32:39 +0000 (UTC) (envelope-from freebsd@bitparts.org) Received: from mail.bitparts.org (63-253-101-190.ip.mcleodusa.net [63.253.101.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA9B743D45; Mon, 1 May 2006 02:32:36 +0000 (GMT) (envelope-from freebsd@bitparts.org) Received: from [127.0.0.1] (71-11-157-24.dhcp.stls.mo.charter.com [71.11.157.24]) (authenticated bits=0) by mail.bitparts.org (8.13.6/8.13.5) with ESMTP id k412WYrQ092706; Sun, 30 Apr 2006 21:32:35 -0500 (CDT) (envelope-from freebsd@bitparts.org) DomainKey-Signature: a=rsa-sha1; s=default; d=bitparts.org; c=nofws; q=dns; h=message-id:date:from:user-agent:mime-version:to:subject: content-type:content-transfer-encoding; b=UJuwpdreJ2CenwcvRUobWiKyewjyHR8ln4wwjFZx1oQ1DogDy/Vrg60X8mL51GCPA yXWoU3hNDiOZkYJGOMAdC5stclyXfEdjnyYBYLMYjMA5LcrlGVvUHS6WD4kPuzornA3 ZpSpAxxVPdQ1cobpHvCi+M0Jy5RmwMbDJ/VQ6rE= Message-ID: <44557343.3070805@bitparts.org> Date: Sun, 30 Apr 2006 21:32:35 -0500 From: "J. Buck Caldwell" User-Agent: Thunderbird 1.5.0.2 (Windows/20060308) MIME-Version: 1.0 To: freebsd-pf@freebsd.org, freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass (mail.bitparts.org: authenticated connection) receiver=mail.bitparts.org; client-ip=71.11.157.24; helo=[127.0.0.1]; envelope-from=freebsd@bitparts.org; x-software=spfmilter 0.93 http://www.acme.com/software/spfmilter/; Cc: Subject: ALTQ on GIF Interface - how much trouble to impliment? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 May 2006 02:32:39 -0000 I'm in desperate need to do some traffic prioritization using pf and ALTQ over a GIF tunnel. I asked this question some time ago on freebsd-stable, and was told to use tags - but either I'm doing it wrong, or it just doesn't work (probably, I'm doing it wrong). Either way, supporting ALTQ over GIF would be a far preferable solution. Here's the problem. I have a corporate office with a 4.5mb/sec connection, and several branches with 3m-down/768k-up cable connections. Each endpoint has a FreeBSD 5.4 or 6.x (migrating all to 6.x) box providing NAT, DNS, DHCP etc - and connecting to the other endpoints via GIF tunnels, encrypted point-to-point with IPSec. While prioritizing the actual tunnel traffic (via "pass out quick on $ext_if queue(gif_out, pri_out) proto { ipencap, esp } all keep state") does actually send the GIF/IPSEC traffic out at a higher priority, what I need to do is to actually prioritize the traffic inside the tunnel. For example - the tunnel carries between the branches and the corporate office, such as Lotus Notes, telnet/ssh sessions, and database queries. What I need to do is prioritize the traffic so that, say, Notes traffic goes out before Web traffic, but the database traffic is highest priority (just under empty ACKs and such). Currently, ALTQ support is not available in the GIF interface driver. How difficult would it be to implement? I've done a little reading of the man pages and source code, and while I am a decent Windows programmer (C, not visual basic, get that look off your face), I've never done any coding for FreeBSD, and wouldn't know quite where to start. If this is something that can be done relatively easily, I would be willing to test, and possibly to help code, but I'll need pointers. Otherwise, I'd love to get some help on figuring out how tagging works so I can get it operating correctly.