pf rules "Traffic shaping" hard capping throughput & causing disruptions

[SeimusS]

Important notices

Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
• I am convinced that my issue is new after having checked both open and closed issues at https://github.com/opnsense/core/issues?q=is%3Aissue

Describe the bug

When using pf rules "Traffic shaping" the throughput is capped around ~250Mbit/s (roughly half of the configured BW) while Pipe is set way higher (in my case 495Mbit/s). With occasionally loosing connection.

I can see the packets are moved onto the Queue > Scheduler when using pf rules "Traffic shaping" so rule is matching properly and moving it into the proper Queue > Scheduler > Pipe

10000: 495.000 Mbit/s    0 ms burst 0
q75536  50 sl. 0 flows (1 buckets) sched 10000 weight 0 lmax 0 pri 0 droptail
 sched 10000 type FQ_CODEL flags 0x0 0 buckets 1 active
 FQ_CODEL target 12ms interval 100ms quantum 1500 limit 10240 flows 65535 ECN
   Children flowsets: 10010 10008 10006 10004 10002 10000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
  0 ip           0.0.0.0/0             0.0.0.0/0      688  1030595  0    0   0
10001:  30.000 Mbit/s    0 ms burst 0
q75537  50 sl. 0 flows (1 buckets) sched 10001 weight 0 lmax 0 pri 0 droptail
 sched 10001 type FQ_CODEL flags 0x0 0 buckets 1 active
 FQ_CODEL target 12ms interval 100ms quantum 1500 limit 10240 flows 65535 ECN
   Children flowsets: 10011 10009 10007 10005 10003 10001
  0 ip           0.0.0.0/0             0.0.0.0/0      275    14531  0    0   0

I do not see any CPU hog or high load to explain this issue from perspective of the system performance.

To Reproduce

Steps to reproduce the behavior:

1. Go to 'FW'
2. Click on 'Rules'
3. Scroll down to 'WAN' (or any interface that involves NAT)
4. Configure an OUT any-any rule and set "Traffic shaping" direction Queue-UP, reverse Queue-DOWN

Expected behavior

When using pf "Traffic shaping", throughput should reach the configured value in the Pipe while not causing disruptions.

Describe alternatives you considered

This issue is related only to pf "Traffic shaping" when using ipfw rules all works fine

Screenshots

Rule configuration

pf "Traffic shaping" configuration

Rule stats

Speedtest while using pf "Traffic shaping"

Speedtest while using pf "Traffic shaping" occasionally getting error

Speedtest while using ipfw rules

Relevant log files

No logs seen that would point to an issue.

Additional context

This behaviour is not seen when using ipfw rules. Additionally ipfw rules were disabled when pf "Traffic shaping" rules were enabled. There was no rule overlap.

Tried to disable firewall: settings: advanced: Shared forwarding yielded no change.

Looks like this issue is related only to Interfaces where NAT is involved. When redoing the testing on a Interface without NAT, this behaviour is not seen.

Environment

OPNsense 25.7.7/8/9 CE
Intel N100 16G Ram