PF inadequacy: queue download - comp.unix.bsd.openbsd.misc

Message from discussion PF inadequacy: queue download

kestas....@gmail.com

View profile

More options Apr 29 2006, 11:04 pm

Newsgroups: comp.unix.bsd.openbsd.misc

From: kestas....@gmail.com

Date: 29 Apr 2006 06:04:51 -0700

Local: Sat, Apr 29 2006 11:04 pm

Subject: PF inadequacy: queue download

  Reply to author
  |
  Forward
  | Print
  | View thread
  | Show original
  | Report this message
  | Find messages by this author
  

Why can't you queue download traffic on an interface? The reason
openbsd.org's FAQ gives is:

"Note that queueing is only useful for packets in the outbound
direction. Once a packet arrives on an interface in the inbound
direction it's already too late to queue it -- it's already consumed
network bandwidth to get to the interface that just received it. The
only solution is to enable queueing on the adjacent router or, if the
host that received the packet is acting as a router, to enable queueing
on the internal interface where packets exit the router."

But this is wrong. It's not too late to queue it; by queueing it and
dropping some packets of inbound traffic the sending host slows down
the speed at which it sends.

I'm using pf to do NAT on my box, and I can shape download traffic
using the 'queueing on the internal interface' hack; so why can't I do
it elegantly on one interface?
Shaping NAT traffic downloads works fine with this hack, but I also run
some services on the external interface. With downloads queued on the
internal interface there's no way to queue the services' download
traffic, which means an external service can hog up all the bandwidth
and I can't do anything.

I know this is possible because IPFW with dummynet doesn't have any
problems. If everyone loves PF because of its elegance why can't it do
something as simple as queue download traffic?

Regards,
Kestas

Reply to author Forward