I was watching my queus via pfctl -vvs queues Per the man page " when a second one is specified it will instead be used for packets which have a TOS of lowdelay and for TCP ACKs with no data payload"
so i believe bulk would go to low as its the first queue listed, and interactive would go to high as its the second queue listed. On 26/03/2008, Calomel <[EMAIL PROTECTED]> wrote: > I believe your "low" queue is for ssh interactive traffic only. The "high" > queue is for bulk traffic like scp or sftp transfers. > > If you watch your queues in pftop (page 8) you should see ssh traffic like > typed commands in the "low" queue and the rest goes to the "high" queue. > > Hope this helps > > PF Config "how to" (pf.conf) > http://calomel.org/pf_config.html > > > -- > Calomel @ http://calomel.org/ > Open Source Research and Reference > > > > On Wed, Mar 26, 2008 at 04:41:01PM -0700, Lord Sporkton wrote: > >I have this rule in my PF > >and its not working > > > >everything just gets thrown into the high queue and nothing touches > >the low queue > > > >(this is from the output of pfctl -s rules) > >pass in on em0 inet proto tcp from any to 208.70.72.13 port = ssh > >flags S/SA modulate state (source-track rule, max-src-conn-rate 3/30, > >overload <ssh-attack>, src.track 30) queue(low, high) > > > >my ssh is being set with lowdelay > > > >(from tcpdump) > >14:40:24.180347 13-72-70-208.uniplex.us.ssh > > >georgia.static.qwest.net.61282: P 5820:5984(164) ack 53 win 17520 (DF) > >[tos 0x10] > > > >and my ssh transfer is being tagged high throughput > > > >(from tcpdump) > >14:43:53.936143 13-72-70-208.uniplex.us.ssh > > >georgia.static.qwest.net.2904: . 269868:271328(1460) ack 961 win 17520 > >(DF) [tos 0x8] > > > >any suggestions on what im doing wrong? > >thanks > > > >-- > >-Lawrence > -- -Lawrence -Student ID 1028219