> On 11 Feb 2015, at 8:12 am, Alexander Bluhm <alexander.bl...@gmx.net> wrote:
>
> On Tue, Feb 10, 2015 at 04:01:19PM +1000, David Gwynne wrote:
>> i want to remove the congestion stuff in ifqueue, but i dont want
>> to remove the pf functionality. my attempt at this below.
>
> I like that you replaced the malloc and timeout with a ticks
> comparison as it makes the code simpler. The semantic changes a
> bit. If the box was unter high network load without softtimer
> interrupts, the old code did not clear the congestion. I don't
> know wether that behavior was intentional.
i doubt it was intentional.
> We do not use the pf congestion feature, we have disabled it with
> an #ifdef. Prefering states over rules means that you cannot login
> into a congested box. There are cases where this policy makes
> sense, in our use case it does not.
maybe we could create explicit pf rule checks for it:
pass in on port ssh
block in quick congested
pass in on port { http https }
instead of having what is effectively an implicit block in quick congested at
the top of the ruleset.
> I can't see cases where different congestion states for each input
> queue are useful.
me either.
dlg
