diff options
| author | Scott Ullrich <sullrich@pfsense.org> | 2005-12-28 23:26:17 +0000 |
|---|---|---|
| committer | Scott Ullrich <sullrich@pfsense.org> | 2005-12-28 23:26:17 +0000 |
| commit | e9aacac6b162e9c7455d94e781afe2a0dd57d09c (patch) | |
| tree | 345db78128c6dfa73604a570267d2fb7f8a24195 | |
| parent | c0bdca0c465525abec51b758a40d00146021220e (diff) | |
| download | pfsense-e9aacac6b162e9c7455d94e781afe2a0dd57d09c.zip pfsense-e9aacac6b162e9c7455d94e781afe2a0dd57d09c.tar.gz | |
MFC 8750
Fix ack queues for non-LAN interfaces. This fixes non-usage of qWANack (EZShaper generated queue).
| -rw-r--r-- | etc/inc/filter.inc | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc index 8c4633d..41a0b12 100644 --- a/etc/inc/filter.inc +++ b/etc/inc/filter.inc @@ -1928,12 +1928,30 @@ function create_firewall_outgoing_rules_to_itself() { if ($config['interfaces'][$ifname]['ipaddr'] == "pppoe") $int = " { " . filter_translate_type_to_real_interface($ifname) . " ng0 } "; if (isset($config['shaper']['enable']) && is_array($config['shaper']['queue'])) { - foreach ($config['shaper']['queue'] as $queue) - $rule .="pass out quick on {$int} all keep state tagged {$queue['name']} queue {$queue['name']} label \"let out anything from firewall host itself\"\n"; + $ackq = get_ack_queue($ifname); + $defq = find_default_queue($ifname); + /* Handle all tagged packets */ + foreach ($config['shaper']['queue'] as $queue) { + if ($ackq == "" || $defq == "") { + /* Shaper must not be enabled on this interface */ + $q = ""; + } else { + $q = "queue ({$queue['name']}, {$ackq})"; + } + $rule .="pass out quick on {$int} all keep state tagged {$queue['name']} {$q} label \"let out anything from firewall host itself\"\n"; + } + /* Handle untagged packets */ + if ($ackq == "" || $defq == "") { + /* Shaper must not be enabled on this interface */ + $q = ""; + } else { + $q = "queue ({$defq}, {$ackq})"; + } + $rule .="pass out quick on {$int} all keep state {$q} label \"let out anything from firewall host itself\"\n"; + } else { + /* first add a rule for the real interface, then for ng0 */ + $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; } - - /* first add a rule for the real interface, then for ng0 */ - $rule .="pass out quick on {$int} all keep state label \"let out anything from firewall host itself\"\n"; } @@ -2152,4 +2170,4 @@ function return_vpn_subnet($adr) { return " # error - {$adr['network']} "; } -?>
\ No newline at end of file +?> |
