mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-04 12:52:15 +00:00
Better explain, then actually implement the IPFW ALTQ-rule first-match
policy. It may be used to provide more detailed classification of traffic without actually having to decide its fate at the time of classification. MFC after: 1 week
This commit is contained in:
parent
e8b2943fab
commit
5278d40bcc
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=146962
@ -565,7 +565,18 @@ processed, it will not be tagged, so it is wise to make your ALTQ
|
||||
"default" queue policy account for this.
|
||||
If multiple
|
||||
.Cm altq
|
||||
rules match a single packet, subsequent tags are ignored by ALTQ.
|
||||
rules match a single packet, only the first one adds the ALTQ classification
|
||||
tag.
|
||||
In doing so, traffic may be shaped by using
|
||||
.Cm count Cm altq Ar queue
|
||||
rules for classification early in the ruleset, then later applying
|
||||
the filtering decision.
|
||||
For example,
|
||||
.Cm check-state
|
||||
and
|
||||
.Cm keep-state
|
||||
rules may come later and provide the actual filtering decisions in
|
||||
addition to the fallback ALTQ tag.
|
||||
.Pp
|
||||
You must run
|
||||
.Xr pfctl 8
|
||||
@ -573,7 +584,7 @@ to set up the queues before IPFW will be able to look them up by name,
|
||||
and if the ALTQ disciplines are rearranged, the rules in containing the
|
||||
queue identifiers in the kernel will likely have gone stale and need
|
||||
to be reloaded.
|
||||
Stale queue identifiers will probably misclassify
|
||||
Stale queue identifiers will probably result in misclassification.
|
||||
.Pp
|
||||
All system ALTQ processing can be turned on or off via
|
||||
.Nm
|
||||
|
@ -2551,6 +2551,9 @@ do { \
|
||||
ipfw_insn_altq *altq = (ipfw_insn_altq *)cmd;
|
||||
|
||||
match = 1;
|
||||
mtag = m_tag_find(m, PACKET_TAG_PF_QID, NULL);
|
||||
if (mtag != NULL)
|
||||
break;
|
||||
mtag = m_tag_get(PACKET_TAG_PF_QID,
|
||||
sizeof(struct altq_tag),
|
||||
M_NOWAIT);
|
||||
|
Loading…
Reference in New Issue
Block a user