[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

interface groups and altq



Do interface groups support altq? It would appear that they do not,
but I might have a borked kernel/pfctl utility, so wanted to ask the
list to make sure. When I try to put altq on an interface group, i get
the following when parsing my pf.conf:

$ sudo pfctl -f /etc/pf.conf -n
pfctl: SIOCGIFDATA: Device not configured
$ 

However if I change the altq line to use the actual interface, it works:

$ sudo pfctl -f /etc/pf.conf -n 
$ 

here is my pf.conf and dmesg, although the simple answer will probably
be either, yes or no.

### MACROS ###
ext_if="egress"
int_if="intnet"

ext_ip="(" $ext_if ")"
int_ip="(" $int_if ")"
kyle="172.17.101.7/32"
terrance="172.17.101.1/32"
kenny="192.168.17.5/32"
tweak="192.168.17.62/32"
craig="192.168.17.61/32"
wendy="192.168.17.60/32"
table <high_hosts> { $kyle, $kenny }
table <low_hosts> { $tweak, $craig, $wendy }

ext_net=$ext_if:network
int_net=$int_if:network

unpriv=">= 1024"

### OPTIONS ###
set limit states 20000
set optimization aggressive
set block-policy drop
set skip on lo0

### TRAFFIC NORMALIZATION ###
scrub in all no-df random-id fragment reassemble

### QUEUEING ###
# external interface queue list
#altq on $ext_if priq queue { std_ext, high_ext, low_ext }
#queue std_ext on $ext_if priq( default, red )
#queue high_ext on $ext_if priority 10 priq( red )
#queue low_ext on $ext_if priority 0 priq( red )

# internal interface queue list
altq on le2 priq queue { std_int, high_int, low_int }
queue std_int on le2 priq( default, red )
queue high_int on le2 priority 10 priq( red )
queue low_int on le2 priority 0 priq( red )

### TRANSLATION ###

### PACKET FILTERING ###
block in log all
block out log all

pass in quick on $ext_if inet proto tcp from <high_hosts> port $unpriv
to $ext_ip port ssh flags S/FSRPA modulate state queue high_ext
pass in quick on $ext_if inet proto tcp from <low_hosts> port $unpriv
to $ext_ip port ssh flags S/FSRPA modulate state queue low_ext
pass in quick on $ext_if inet proto tcp from any port $unpriv to
$ext_ip port ssh flags S/FSRPA modulate state queue std_ext
pass in quick on $int_if inet proto tcp from <high_hosts> port $unpriv
to $int_ip port ssh flags S/FSRPA modulate state queue high_int
pass in quick on $int_if inet proto tcp from <low_hosts> port $unpriv
to $int_ip port ssh flags S/FSRPA modulate state queue low_int
pass out quick on $ext_if inet proto udp from $ext_ip to $kyle port
ntp modulate state queue high_ext
pass out quick on $ext_if inet proto udp from $ext_ip to $terrance
port domain modulate state queue high_ext
pass out quick on $ext_if inet proto tcp from $ext_ip port $unpriv to
<anoncvs_hosts> port 5999 flags S/FSRPA modulate state queue high_ext
pass out quick on $ext_if inet proto tcp from $ext_ip port $unpriv to
any port www flags S/FSRPA modulate state queue std_ext

OpenBSD 3.8-beta (GENERIC) #85: Sun Aug 14 13:55:19 MDT 2005
    deraadt_(_at_)_i386_(_dot_)_openbsd_(_dot_)_org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz ("GenuineIntel" 686-class) 3.20 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,PNI
real mem  = 133734400 (130600K)
avail mem = 115433472 (112728K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(77) BIOS, date 04/21/04, BIOS32 rev. 0 @ 0xfd880
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x1a00! 0xca000/0x1000
0xcb000/0x1000 0xdc000/0x4000! 0xe4000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
pciide0: channel 0 ignored (disabled)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <NECVMWar, VMware IDE CDR10, 1.00> SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
"Intel 82371AB Power" rev 0x08 at pci0 dev 7 function 3 not configured
vga1 at pci0 dev 15 function 0 "VMware Virtual SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
bha3 at pci0 dev 16 function 0 "BusLogic MultiMaster" rev 0x01: irq
11, BusLogic 9xxC SCSI
bha3: model BT-958, firmware 5.07B
bha3: sync, parity
scsibus1 at bha3: 8 targets
sd0 at scsibus1 targ 0 lun 0: <VMware,, VMware Virtual S, 1.0> SCSI2
0/direct fixed
sd0: 2048MB, 261 cyl, 255 head, 63 sec, 512 bytes/sec, 4194304 sec total
sd1 at scsibus1 targ 1 lun 0: <VMware,, VMware Virtual S, 1.0> SCSI2
0/direct fixed
sd1: 4096MB, 522 cyl, 255 head, 63 sec, 512 bytes/sec, 8388608 sec total
le1 at pci0 dev 17 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 10
le1: address 00:0c:29:a5:c8:b1
le1: 8 receive buffers, 2 transmit buffers
le2 at pci0 dev 18 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 9
le2: address 00:0c:29:a5:c8:bb
le2: 8 receive buffers, 2 transmit buffers
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask f965 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
dkcsum: sd0 matches BIOS drive 0x80
dkcsum: sd1 matches BIOS drive 0x81
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02

And I realize pcn* should be the network interface now for VMware, but
I was having other network troubles and was trying to figure out if it
was caused by the new pcn* driver or something else, and disabled it
(using config) so I would use the old le* driver (which I knew
worked).

Thanks,
Jason



Visit your host, monkey.org