Thread: tun device
View Single Post
Old 20th September 2008
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

1. You can only control OUTBOUND traffic queues. Inbound packets cannot be queued or limited -- they must be processed as they arrive. That is the nature of IP traffic. If you want to queue incoming traffic, you can only do that if PF is used in a router -- e.g.: traffic destined for your internal LAN may be shaped as it leaves your OpenBSD system for another.

2. I do not clearly understand your use of pppoe, but, if it is only used for authentication, and not for data transfer, as you mentioned above -- then you will only have a short handshake for authentication and authorization and no traffic worth attempting to queue.

3. pftop has a history of not keeping up with pf changes; at least in the last year or two. I do not recall it's exact state with 4.3, but it produces misleading state table values at 4.4 and -current. You might be better off using pfctl -vs state and pfctl -vs queue to ensure accurate assessment of state tables and queues.

Last edited by jggimi; 20th September 2008 at 12:26 PM. Reason: clarification of inbound shaping
Reply With Quote