From owner-freebsd-ipfw@FreeBSD.ORG Sun Aug 10 09:10:53 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2E1A37B401 for ; Sun, 10 Aug 2003 09:10:53 -0700 (PDT) Received: from epita.fr (hermes.epita.fr [163.5.255.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E36643F3F for ; Sun, 10 Aug 2003 09:10:52 -0700 (PDT) (envelope-from le-hen_j@epita.fr) Received: from carpediem (carpediem.epita.fr [10.42.42.5]) by epita.fr id h7AGAo913699 for ipfw@freebsd.org EPITA Paris France Sun, 10 Aug 2003 18:10:50 +0200 (CEST) Date: Sun, 10 Aug 2003 18:10:49 +0200 From: jeremie le-hen To: ipfw@freebsd.org Message-ID: <20030810161049.GA26412@carpediem.epita.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: Packets going through multiple queues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Aug 2003 16:10:54 -0000 Hi folks, let's imagine I want to schedule traffic going out through tun0. First of all, in order to avoid filling modem buffers (and so having queue delays in the modem), let's define the main pipe, through which all traffic will go through: ipfw pipe 1 config bw 125Kbit/s Now I create a queue for interactive traffic, such as SSH, with a high weight: ipfw queue 10 config weight 100 pipe 1 mask all And another one for the rest of the traffic: ipfw queue 20 config weight 1 pipe 1 And finally the rules which will make packets going in our queues (in order to simplify, don't take care about the TOS field, though we should in real world): ipfw add 100 queue 10 tcp from any to any 22 out via tun0 ipfw add 101 queue 10 tcp from any 22 to any out via tun0 ipfw add 200 queue 20 all from any to any out via tun0 This configuration works perfectly with net.inet.ip.fw.one_pass set to 1; once an outgoing packet has matched one of this three rules, it will just stop any further rule checking. But now, imagine I want to limit my outgoing mail traffic, and be sure it will not exceed 4KBytes/s. But although outgoing SMTP packets will have to go though a particular pipe in order to achieve this, I still want to take them in account in my traffic prioritizing. This means that net.inet.ip.fw.one_pass must be set to 0. If I simply configure my pipe and add a rule like this: ipfw pipe 2 config bw 4KBytes/s ipfw add 500 pipe 2 tcp from any to any 25 out via tun0 This seems to work, but in fact SSH traffic now goes through both queues 10 and 20, and I'm not sure about the efficiency of this method, I'm afraid to loose all traffic prioritizing benefits. One tricky way to avoid the behavior would be to add "skipto" rules after each "queue" rules, with exactly the same rule body, but this clearly adds a great overhead. Furthermore, my real traffic prioritizing framework uses 6 queues and number of rules, and adding "skipto" rules as I described here is just a hard and time-wasting work. At this point, I wonder if I missed something in ipfw(8) syntax or if the latter is simply not enough powerful to achieve this easily. Thanks for your advices. Regards, -- Jeremie aka TtZ/TataZ jeremie.le-hen@epita.fr