[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    pf prio queue not setting vlan prio =?utf-8?q?value=3F?=
From:       "Sebastian Reitenbach" <sebastia () l00-bugdead-prods ! de>
Date:       2016-05-30 11:22:11
Message-ID: 15b38-574c2280-9-76fe5c00 () 39094386
[Download RAW message or body]

Hi,


I tried to get priority queueing set up to prioritize some
VoIP traffic. I'm on 5.9, a carp clustered firewall.

Just some testing so far, but I got a bit confused, about
whether it is really doing what it is supposed to do.

pf.conf(5) tells me about 'set prio':
 If the packet is transmitted on a vlan(4) interface, the queueing
 priority will also be written as the priority code point in the 802.1Q VLAN
header.


The network 10.1.0.0/24 is where the asterisk is around, VLAN 8,
VLAN 90 is going upstream to the Internet.

I've these very basic testing rules added to the
front of my pf.conf:
match log from 10.1.0.0/24 to any set prio 5
match log to 10.1.0.0/24 set prio 5
pass log quick from 10.1.0.0/24 to any set prio 5
pass log quick to 10.1.0.0/24 set prio 5

otherwise, no scrub rules,

pfctl -sr shows these as:

match log inet from <__automatic_611bb878_0> to any set ( prio 5 )
match log inet from any to <__automatic_611bb878_1> set ( prio 5 )
pass log quick inet from <__automatic_611bb878_2> to any flags S/SA set ( prio
5 )
pass log quick inet from any to <__automatic_611bb878_3> flags S/SA set ( prio
5 )

I know the rules are a bit overly redundant, but only first tried
match rules, since the example in pf.conf(5) is only using pass
rules.

Ping from the firewall host 10.1.0.1 to one of the nodes in the
10.1.0.2 network I see with tcpdump on pflog0:

May 30 11:18:13.132330 rule 22/(match) [uid 0, pid 22065] match out on vlan8:
10.1.0.1 > 10.1.0.2: icmp: echo request (id:6221 seq:0) (ttl 255, id 34775,
len 84, bad ip cksum 56c! -> 1fcd)
May 30 11:18:13.132337 rule 23/(match) [uid 0, pid 22065] match out on vlan8:
10.1.0.1 > 10.1.0.2: icmp: echo request (id:6221 seq:0) (ttl 255, id 34775,
len 84, bad ip cksum 56c! -> 1fcd)
May 30 11:18:13.132342 rule 24/(match) [uid 0, pid 22065] pass out on vlan8:
10.1.0.1 > 10.1.0.2: icmp: echo request (id:6221 seq:0) (ttl 255, id 34775,
len 84, bad ip cksum 56c! -> 1fcd)

since they match/pass, prio should be applied, right?
Is there a way to see how/if the prio got applied?

With tcpdump, I see 'pri 0' on all the packets captured:

tcpdump -n -i trunk0 -vvv vlan 8 and net 10.1.0.0/24
11:18:13.132570 802.1Q vid 8 pri 0 10.1.0.2 > 10.1.0.1: icmp: echo reply
(id:6221 seq:0) [icmp cksum ok] (ttl 64, id 11179, len 84)
11:18:14.138835 802.1Q vid 8 pri 0 10.1.0.2 > 10.1.0.1: icmp: echo reply
(id:6221 seq:1) [icmp cksum ok] (ttl 64, id 11180, len 84)
11:18:15.129273 802.1Q vid 8 pri 0 10.1.0.2 > 10.1.0.1: icmp: echo reply
(id:6221 seq:2) [icmp cksum ok] (ttl 64, id 11181, len 84)


Just wondering whether I shouldn't see the pri set to 5, or is that to be
expected what I see?

Maybe I'm just missing something stupid?

thanks,
Sebastian

[prev in list] [next in list] [prev in thread] [next in thread]