The pfSense Store

Author Topic: [SOLVED] VLAN priority modification  (Read 377 times)

0 Members and 1 Guest are viewing this topic.

Offline nivek1612

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
[SOLVED] VLAN priority modification
« on: October 27, 2017, 04:00:59 pm »
This
https://redmine.pfsense.org/issues/7973#change-34766

I believe should allow me to change the 802.1q packets priority on a dhcp6c request. Yes I know that a weird thing to do but my FTTH vendor requires that all traffic is sent on VLAN 832 with 802.1p of 0 except the dhcp6c request which should be 802.1p of 6.
So I have set up a floating firewall rule in the GUI on WAN out using "VLAN Prio Set" which gives me the following in /tmp/rules.debug of

pass out quick on { igb0.832 } inet6 proto udp from any port 546 to any port 547 tracker 1509112004 set prio 6 keep state

But its not changing the priority

What am I missing ?
« Last Edit: October 28, 2017, 03:54:51 pm by nivek1612 »
pfSense 2.4 on APU2 C4 with Billion 8800NL (bridge) - ISP Zen UK

Offline nivek1612

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: VLAN priority modification
« Reply #1 on: October 28, 2017, 03:51:52 pm »
Ok so I solved this

As I'm using dhcp6 to get my IPv6 prefix, pfSense auto creates a rule to allow the solicit request out on the WAN in
/etc/inc/filter.inc

like this

pass out {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 tracker {$increment_tracker($tracker)} label "{$fix_rule_label("allow dhcpv6 client out {$oc['descr']}")}"

this rule appears before my GUI created rule in /tmp/rules.debug

As this pfSense created rule has the "quick" option my rule is never matched.

I have therefore resorted to the following patch in system patches which solves the problem for me.
Whilst this is not ideal I see no other way to achieve this   

Code: [Select]
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -3275,8 +3275,8 @@
  // The DHCPv6 client rules ***MUST BE ABOVE BOGONSV6!***  https://redmine.pfsense.org/issues/3395
  $ipfrules .= <<<EOD
 # allow our DHCPv6 client out to the {$oc['descr']}
 pass in {$log['pass']} quick on \${$oc['descr']} proto udp from fe80::/10 port = 546 to fe80::/10 port = 546 tracker {$increment_tracker($tracker)} label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
 pass in {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 547 to any port = 546 tracker {$increment_tracker($tracker)} label "{$fix_rule_label("allow dhcpv6 client in {$oc['descr']}")}"
-pass out {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 tracker {$increment_tracker($tracker)} label "{$fix_rule_label("allow dhcpv6 client out {$oc['descr']}")}"
+pass out {$log['pass']} quick on \${$oc['descr']} proto udp from any port = 546 to any port = 547 tracker {$increment_tracker($tracker)} label "{$fix_rule_label("allow dhcpv6 client out {$oc['descr']}")}" set prio 6
 EOD;

« Last Edit: October 28, 2017, 04:11:23 pm by nivek1612 »
pfSense 2.4 on APU2 C4 with Billion 8800NL (bridge) - ISP Zen UK

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 402
  • Karma: +42/-2
    • View Profile
Re: [SOLVED] VLAN priority modification
« Reply #2 on: October 28, 2017, 05:38:52 pm »
Nice one!

Is this a total fix or does it need some logic?
pfSense 2.4.3 on Qotom Q335G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.

Offline nivek1612

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] VLAN priority modification
« Reply #3 on: October 28, 2017, 11:29:30 pm »

You know I like logic marjohn :-)

It would be cool if perhaps this could be set by having an option in the advanced configuration parameters for the WAN interface when dhcpv6 was selected as connection method

Maybe 802.1p as the option field name ?

pfSense 2.4 on APU2 C4 with Billion 8800NL (bridge) - ISP Zen UK

Offline avink

  • Jr. Member
  • **
  • Posts: 78
  • Karma: +4/-0
    • View Profile
Re: [SOLVED] VLAN priority modification
« Reply #4 on: October 29, 2017, 06:00:59 am »
I agree it would be a nice addition to the DHCP options.
Would suggest to follow the carrier ethernet naming for this field, vpt (vlan priority tag)

Offline nivek1612

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] VLAN priority modification
« Reply #5 on: October 29, 2017, 07:04:23 am »
I agree it would be a nice addition to the DHCP options.
Would suggest to follow the carrier ethernet naming for this field, vpt (vlan priority tag)

Good idea and I know someone  who would be able to make that happen very quickly dont I @marjohn :-)
pfSense 2.4 on APU2 C4 with Billion 8800NL (bridge) - ISP Zen UK

Offline marjohn56

  • Sr. Member
  • ****
  • Posts: 402
  • Karma: +42/-2
    • View Profile
Re: [SOLVED] VLAN priority modification
« Reply #6 on: October 29, 2017, 11:21:31 am »
Not whilst I am wandering around Norfolk.... next week though if someone else has not added it.

Still need that dhcp6c client to be upstreamed.
pfSense 2.4.3 on Qotom Q335G4 or APU2C4 - Billion 8800NL (bridge) - ISP Zen U.K.

Offline nivek1612

  • Jr. Member
  • **
  • Posts: 58
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] VLAN priority modification
« Reply #7 on: October 29, 2017, 12:50:16 pm »
Yes dhcp6c and the dhclient both seem to be getting pushed back for some reason

Guess there is a lot going on right now
pfSense 2.4 on APU2 C4 with Billion 8800NL (bridge) - ISP Zen UK