PF can't match on TOS?

[ivanatora]

Hello,
I'm trying to build some QoS based on the TOS field in the IP header of the packets going trough my machine in any direction. For now I'm unable to build a rule to match these. There are such packets - I can see them on tcpdump:

Code:

13:38:35.466787 IP (tos 0x30, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) 192.168.0.34.47624 > 67.225.240.104.80: R, cksum 0xf6f5 (correct), 1916966715:1916966715(0) win 0

Here is the rule I think should match that packet (but it doesn't):

Code:

int_if = "re0"
ext_if = "rl0"
ext_ip = "192.168.1.2"
table <network>  { 192.168.0.34, 192.168.0.9 }
set state-policy if-bound
scrub in all

altq on $int_if hfsc bandwidth 15Mb queue {download, gen_down, dl_int}
queue gen_down bandwidth 1Mb hfsc (realtime 1Mb upperlimit 1Mb default)
queue download bandwidth 12Mb hfsc (realtime 10Mb upperlimit 15Mb)
queue dl_int bandwidth 2Mb hfsc (realtime 1Mb upperlimit 2Mb)

altq on $ext_if hfsc bandwidth 15Mb queue {upload, gen_up, up_int}
queue gen_up bandwidth 1Mb hfsc (realtime 1Mb upperlimit 1Mb)
queue upload bandwidth 12Mb hfsc (realtime 10Mb upperlimit 15Mb default)
queue up_int bandwidth 2Mb hfsc (realtime 1Mb upperlimit 2Mb)

nat on $ext_if from <network> to any -> $ext_ip
pass quick on $ext_if from <network> tos 0x30 label "int_dl" 
pass log (all to pflog0) quick on $int_if from <network> keep state tag to_data label "?download:" queue download
pass log (all to pflog1) quick on $ext_if tagged to_data label "?upload:" queue upload

I've tried both replacing $int_if and $ext_if in the pass rule, also changing "from <network>" to "to <network>" and it never matches anything.
Any ideas?

[ivanatora]

I've added log all to pflog1 to the rule and now tcpdump on pflog1 shows strange things. (I've removed the logging option for the ex-pflog1 rule). It should be showing nothing, but in fact it shows every packet going trough the $ext_if:

Code:

# tcpdump -nevi pflog1
12:21:58.555064 rule 4294967295/0(match): pass in on rl0: (tos 0x50, ttl 119, id 63193, offset 0, flags [DF], proto TCP (6), length 64) 79.100.183.215.17771 > 192.168.0.34.40556: [|tcp]
12:21:58.555458 rule 4294967295/0(match): pass out on rl0: (tos 0x0, ttl 63, id 8391, offset 0, flags [DF], proto TCP (6), length 1492) 192.168.1.2.52251 > 79.100.183.215.17771: [|tcp]
...

First - why all the packets are logged in pflog?
Second - what is that "rule 4294967295/0(match)" ? I obviosly doesn't have so much rules. Which rule is matched?
Third - do "scrub in all" logs to pflog?
Fourth - what are these sessions doing in pflog? I mean when I fire netstat (on both - the router machine and the 0.34 nat client machine) it doesn't show any of the IPs and ports shown at tcpdump.