From owner-freebsd-pf@FreeBSD.ORG Mon Jan 14 19:05:07 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A1CE716A418 for ; Mon, 14 Jan 2008 19:05:07 +0000 (UTC) (envelope-from gofdp-freebsd-pf@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.freebsd.org (Postfix) with ESMTP id 5055313C447 for ; Mon, 14 Jan 2008 19:05:07 +0000 (UTC) (envelope-from gofdp-freebsd-pf@m.gmane.org) Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JETWY-00031I-Av for freebsd-pf@freebsd.org; Mon, 14 Jan 2008 17:55:02 +0000 Received: from d463cd57.datahighways.de ([212.99.205.87]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 14 Jan 2008 17:55:02 +0000 Received: from ino-news by d463cd57.datahighways.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 14 Jan 2008 17:55:02 +0000 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-pf@freebsd.org From: ino-news@spotteswoode.dnsalias.org (clemens fischer) Date: Mon, 14 Jan 2008 18:51:04 +0100 Lines: 66 Message-ID: <81ks55x2dm1.ln2@nntp.spotteswoode.dnsalias.org> References: <200801141521.m0EFLDVH033733@freefall.freebsd.org> X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: d463cd57.datahighways.de X-Archive: encrypt=none User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/7.0-PRERELEASE (i386)) Sender: news Cc: freebsd-bugs@freebsd.org Subject: Re: kern/119661: [pf] "queue (someq, empy_acks)" doesn't work X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Jan 2008 19:05:07 -0000 On Mon, 14 Jan 2008 15:21:13 GMT linimon@ wrote: > Over to maintainer(s). > http://www.freebsd.org/cgi/query-pr.cgi?pr=119661 and mlaier@ wrote: > Works for me with the exact same rule. Can you provide more details > to freebsd-pf@ for discussion and analysis? first of, thanks for testing and verifying the rule. i was afraid to even start experimenting after a few tries. 'uname -rims' -> FreeBSD 7.0-PRERELEASE i386 spott_fbsd7_i386 soo, the solution to my problem needs rewriting the rules a little bit. if i do this: logging="log (all)" q_interactive="queue (interactive, tcp_ack)" set skip on lo0 set debug urgent scrub in all # Queueing: rule-based bandwidth control. altq on $ext_if $ext_if_bw cbq queue { dflt, background, interactive, tcp_ack } queue dflt bandwidth 15% cbq(default) queue interactive bandwidth 50% priority 5 cbq(borrow) queue background bandwidth 30% priority 3 cbq(red) queue tcp_ack bandwidth 5% priority 7 cbq(borrow) ... pass out $logging \ proto tcp \ from any to ! \ modulate state \ label "$nr: outbound $proto keep state" $q_interactive the rules are not parsed correctly. the last rule simply disappears without any error message. but if i write that particular rule as: ... pass out $logging \ proto tcp \ from any to ! \ modulate state \ $q_interactive label "$nr: outbound $proto keep state" (note the reversal of the label and the queue option) the rule is parsed and seems to work correctly. if you study the output of "pfctl -sa", you'll see: pass out log (all) proto tcp from any to ! flags S/SA \ modulate state label "27: outbound tcp keep state" \ queue(interactive, tcp_ack) which is the way i wrote it in the first place. pf.conf(5) specifies no particular order in the BNF. it seems to be a problem of the rule parser. as there's an easy workaround, i'll post a followup to the PR to that effect and would like you to close it. regards, clemens