[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: Classifying based on packet size (possible feature request)
From:       Stanislaw Halik <weirdo () tehran ! lain ! pl>
Date:       2005-11-25 4:22:33
Message-ID: 20051125042233.GA33495 () tehran ! lain ! pl
[Download RAW message or body]

Terje Elde <terje@elde.net> wrote:
> There's also another issue.  I (and I'm assuming others) would like
> ssh to have a high priority, to ensure low latency when working
> against remote servers, but if you have a delicate QoS setup, using
> ssh for file transfer will use the same ports, and to a large extent
> be hard to distinguish from interactive ssh sessions.

actually, scp and sftp transfer don't have their lowdelay TOS mark set.

it's that way in all clients i know, of course, there's always a
possibility of a 'rogue' scp client trying to circumvent classification
as bulk data, but as a rule, i set lowdelay transfers to upper limit
lower than 100kbit/s.

when using 'queue' statement, you can use 'queue (bulk, lowdelay)'.
lowdelay will match all TOS lowdelay data and ACK window renewals.

i think the idea that you proposed wouldn't work well with stateful
firewalling - when data is classified to one queue based on the first
packet, it's not matching any other rules. implementing it to work with
stateful firewalling would cause the firewall to perform additional,
unneeded lookups. and implementing it anyway would complicate the whole
scheme of stateful firewalls.

-- 
Stanisław Halik, http://tehran.lain.pl
[prev in list] [next in list] [prev in thread] [next in thread]