Queue for ping packets for packet loss indicator

denizv

Hi,

Pfsense uses ping, pings next hop to DSLAM to measure packet loss.

I see this in pfTop
PR      D  SRC                          DEST                STATE  AGE        EXP  PKTS    BYTES
icmp  O  x.x.41.249:46544    x.x.0.1:0          0:0      3040m    9      348K  27M

This is my wan adress pinging next hop constantly to calculate packet loss.
Pfsense uses default wan queue for this traffic but i want to assign this to my highest priority queue.
I know how traffic shaper works, i know what to do but things i tried didn't work. It always use default wan queue no matter what i did.
So is it a bug or is it designed that way?

georgeman

You should be able to catch these pings with a floating rule on WAN, action MATCH, direction OUT, protocol ICMP, source IP: your interface address. Then assign it to whatever queue you want

denizv

Thanks again for reply

But i already tried that. It only affects the pings i can use in Diagnostics/Ping menu.
I tried restarting and similar things. Packet loss measurements in Gateways page doesn't get affected by rules i suppose. It only use default wan queue. I think that is a bug.

georgeman

It's working for me. I created a separate queue and assigned the traffic as described. It shows up on the queue

EDIT: did you flush the firewall states before testing?

denizv

Like you said , resetting firewall states did the trick and it works now.
I've always thought reloading firewall rules ( when you change rules and apply them) or rebooting pfsense had similar effect, but they don't.
I've learned something new today :D

denizv

I think i have found a bug.
After restarting pfsense that traffic goes to default queue again but resetting tables again puts that traffic in desired queue again.

georgeman

You are right. Perhaps this has to do with the order in which the services are started at bootup?

markn62

Ensure you don't have a rule assigned to the default queue that any traffic can match or more specifically ICMP traffic can match.  I use a floating rule as the 1st rule in the list, selecting all interfaces, in any direction, with protocol ICMP, and any ICMP type, with no ACK, and to qHigh.  This may be more than you need in that I monitor Wan and Lan devices with ICMP regularly.  If this works you might then back off the interfaces to just Wan and change any to out to see if the ICMP rule breaks.

Gambler

@markn62:

Ensure you don't have a rule assigned to the default queue that any traffic can match or more specifically ICMP traffic can match.  I use a floating rule as the 1st rule in the list, selecting all interfaces, in any direction, with protocol ICMP, and any ICMP type, with no ACK, and to qHigh.  This may be more than you need in that I monitor Wan and Lan devices with ICMP regularly.  If this works you might then back off the interfaces to just Wan and change any to out to see if the ICMP rule breaks.

If ICMP rule does not breaks - it ok?

markn62

Not necessarily.  It still should be checked that ICMP's are hitting the appropriate shape bucket.