From owner-freebsd-pf@FreeBSD.ORG Mon Jul 2 07:26:36 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C585316A41F for ; Mon, 2 Jul 2007 07:26:36 +0000 (UTC) (envelope-from fox@verio.net) Received: from dfw-smtpout1.email.verio.net (dfw-smtpout1.email.verio.net [129.250.36.41]) by mx1.freebsd.org (Postfix) with ESMTP id 9E1F513C44C for ; Mon, 2 Jul 2007 07:26:36 +0000 (UTC) (envelope-from fox@verio.net) Received: from [129.250.36.63] (helo=dfw-mmp3.email.verio.net) by dfw-smtpout1.email.verio.net with esmtp id 1I5GIt-0005LA-Fz for freebsd-pf@freebsd.org; Mon, 02 Jul 2007 07:26:35 +0000 Received: from [129.250.40.241] (helo=limbo.int.dllstx01.us.it.verio.net) by dfw-mmp3.email.verio.net with esmtp id 1I5GIt-00051T-C3 for freebsd-pf@freebsd.org; Mon, 02 Jul 2007 07:26:35 +0000 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id 867178E296; Mon, 2 Jul 2007 02:26:28 -0500 (CDT) Date: Mon, 2 Jul 2007 02:26:28 -0500 From: David DeSimone To: freebsd-pf@freebsd.org Message-ID: <20070702072627.GA31664@verio.net> References: <20070702060227.12770.qmail@mailstore4.romtelecom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <20070702060227.12770.qmail@mailstore4.romtelecom.net> User-Agent: Mutt/1.5.9i Subject: Re: PF & altq benzedrine.cz prioritizing ACK packets X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Jul 2007 07:26:36 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 andrei.manescu@clicknet.ro wrote: > > So now I wonder how does Daniel Hartmeier's rule prioritize ACKs > packets when these packets don't even match that rule ?? > That rule is only for packets that have SYN flag set, ACK flag unset > and the rest of the flags set/unset. The rule specifies "keep state" so that PF will build a state table entry that follows the connection in both directions. The rule need only specify the start of the state (which is the packet with S/SA flags), and PF will notice and process all further packets in the connection matching any rules. The pf.conf(5) man page has this to say about the 'queue' modifier: queue | (, ) Packets matching this rule will be assigned to the specified queue. If two queues are given, packets which have a tos of lowdelay and TCP ACKs with no data payload will be assigned to the second one. The article you referenced is using the second form of the queue modifier, giving a low-priority and high-priority queue. Thus as PF tracks the state of all packets within the connection, it also performs the queue assignment for each packet, as described. - -- David DeSimone == Network Admin == fox@verio.net "It took me fifteen years to discover that I had no talent for writing, but I couldn't give it up because by that time I was too famous. -- Robert Benchley -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFGiKijFSrKRjX5eCoRAk3qAJwKPkjS6ppovMElUy2eTeaq3XgAOQCgok7l ++8NqZ3FP+4rj3zHTUuZRDY= =/ZYs -----END PGP SIGNATURE-----