DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
Old 21st September 2008
zomo zomo is offline
Port Guard
 
Join Date: Sep 2008
Posts: 25
Default

Thanks for help robbak!

So traffic from pppoe client goes to pipe on altq on tun0 but next goes to standard queue on physical lan altq on $LAN interface. I try to tag traffic but with any results Is there any way to put packets from tun 0 to specific lan queue ?

Thanks once again for help!
Reply With Quote
Old 22nd September 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Default

Hmm, difficult. See, pppoe takes the packets that arrive on tun0 (having been through any queues that you applied with "out on tun0" rules), wraps them in ppp headers, and sends them out on ... Well, I'll have to admit, I'm a little shady on what ppp does here. I think it injects them as ppp packets onto the ethernet, or does it wrap the ppp packets in new IP headers? In any case, they will then go back out, as completely new packets, via the correct interfaces, and through your "out on $LAN" rules.

What this means is that, as far as a firewall is concerned, the ppp packets are not the same as the original ip packets. You would need some form of deep packet inspection to recognize them.

What I would do is to run tcpdump (a very useful tool you need to learn) on the physical interface to see what these ppp packets look like. Then you may see how to handle them in your ip config.

Edit: this also works in reverse: The ppp client will receive inbound packets from $LAN (after being through "in on $LAN" rules and queues), strip the ppp headers, and dump them onto tun0, where they will be touched by "in on tun0" rules
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.

Last edited by robbak; 22nd September 2008 at 11:32 PM. Reason: Additional info, correcting "in" and "out". You'd thing Sesame Street would have taught me the difference before now!
Reply With Quote
Old 23rd September 2008
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Originally Posted by robbak View Post
...(having been through any queues that you applied with "out on tun0" rules)...
Only response packets can be queued. To little effect, I would imagine.
Reply With Quote
Old 23rd September 2008
zomo zomo is offline
Port Guard
 
Join Date: Sep 2008
Posts: 25
Default

Thanks for help!

tcpdump not helps much.
I cant recognize packets on physical interface which leave tun0 to put them to specific queues, so i increase standard queue on physical interface to maximum amount, and works very well. Download transfer rate on tun0 was limited by size of standar queue on physical interface. So the problem is in half solved...
I still dont know how to tag packets to put them not in standard queue....

Anyway thanks everyone
Reply With Quote
Old 23rd September 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Default

You will not be able to see any tags on the ppp packets leaving $LAN, because wrapping them in new headers means that, as far as the firewall is concerned, that they are completely new packets.
The best you may be able to do is recognize the ppp packets by their type and destination. Perhaps looking at the ppp packets leaving on $LAN (using tcpdump) may tell you how to recognize them, or, conversely, someone with more knowledge about this may come in later.
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote
Reply

Tags
altq, tun

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HOW do I ENABLE the wireless device?? bforest FreeBSD General 2 30th January 2009 05:54 PM
device name qmemo OpenBSD General 2 4th September 2008 11:51 PM
dd: end of device ebzzry FreeBSD General 17 26th August 2008 12:18 AM
identifying device associated with USB device? spiderpig OpenBSD General 2 7th July 2008 05:18 AM
fstab and CD/DVD device corneliu FreeBSD General 7 24th May 2008 02:11 AM


All times are GMT. The time now is 06:29 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick