OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: "keep state" and PF Queues

From: Henning Brauer (henningopenbsd.org)
Date: Fri Oct 21 2005 - 11:45:06 CDT

well, I did numerous times in the past.

th emisunderstanding most of you have is that queue assignment and th
actual queueing are sepearate things.
you assign a queue with the name X somewhere, be it by a rule in the
inbound path or the outbound, or a state in either direction, and when
we hit the enqueuing on the outbound interface we check wether the
packet in question is tagged to be put in a specific queue. if so, and
a queue by the desired name exists on the given interface, we do so,
otherwise it goes to the default queue.

* Brian A. Seklecki <lavalampspiritual-machines.org> [2005-10-21 17:59]:
> I was just curious if any of the developers (or experts) would care to
> articulate officially >:}
>
> ~BAS
>
>
> On Wed, 19 Oct 2005, William Bloom wrote:
>
> > The PF queueing FAQ page at http://www.openbsd.org has a wealth of info that
> > seems to nicely clarify the pf.conf man page. I recall that the FAQ contains an
> > example much as you describe (as I recall, specifying a queue for -incoming-
> > traffic will indeed cause that traffic to be processed through the named queue
> > as it is -outgoing-).
> >
> >
> > Bill
> >
> > Brian A. Seklecki wrote:
> >> Would anyone like to elaborate on the impacts of using "keep state" on
> >> conjunction with pass rules that assign traffic to queues?
> >>
> >> One might assume that inverted traffic flows would also be queued,
> >> however that would break the "traffic can only be queued egress an
> >> interface" rule...
> >>
> >> There should be some remarks on this in pf.conf(5)
> >>
> >> TIA,
> >>
> >> ~BAS
> >>
> >
> > --
> > William Bloom| Snr Systems Engineer|M P H A S I S Architecting Value | Eldorado
> > Computing
> > 5353 North 16th Street, Suite 400 Phoenix, Az 85016 | Direct: +11-602-604-3100 |
> > Fax: +11-602-604-3115| http://www.eldocomp.com
> >
> > -- CONFIDENTIALITY NOTICE --
> >
> > Information transmitted by this e-mail is proprietary to MphasiS and/or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailmastermphasis.com and delete this mail from your records.
> >
>
> l8*
> -lava
>
> x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
>

--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)