PF & altq benzedrine.cz prioritizing ACK packets
David DeSimone
fox at verio.net
Mon Jul 2 07:26:36 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
andrei.manescu at clicknet.ro <andrei.manescu at clicknet.ro> wrote:
>
> So now I wonder how does Daniel Hartmeier's rule prioritize ACKs
> packets when these packets don't even match that rule ??
> That rule is only for packets that have SYN flag set, ACK flag unset
> and the rest of the flags set/unset.
The rule specifies "keep state" so that PF will build a state table
entry that follows the connection in both directions. The rule need
only specify the start of the state (which is the packet with S/SA
flags), and PF will notice and process all further packets in the
connection matching any rules.
The pf.conf(5) man page has this to say about the 'queue' modifier:
queue <queue> | (<queue>, <queue>)
Packets matching this rule will be assigned to the specified queue.
If two queues are given, packets which have a tos of lowdelay and
TCP ACKs with no data payload will be assigned to the second one.
The article you referenced is using the second form of the queue
modifier, giving a low-priority and high-priority queue. Thus as PF
tracks the state of all packets within the connection, it also performs
the queue assignment for each packet, as described.
- --
David DeSimone == Network Admin == fox at verio.net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFGiKijFSrKRjX5eCoRAk3qAJwKPkjS6ppovMElUy2eTeaq3XgAOQCgok7l
++8NqZ3FP+4rj3zHTUuZRDY=
=/ZYs
-----END PGP SIGNATURE-----
More information about the freebsd-pf
mailing list