Travis H. wrote:
My scp and sftp clients (openssh) certainly don't set it. When I scp, it's ToS 0x8. When I do interactive ssh, it's 0x10.
Hmmm, after rechecking I can't get 0x10 on bulk ssh transfers, but I could swear I've seen one. Oh well.
Other parties welcome to debate this. Ostensibly, one would want pf to be able to remark traffic as well; the general premise is that DSCP is network-specific, and that ISPs and whatnot would remark at the boundaries. This seems like a natural fit for pf, once some syntax and mechanisms are added.
Some time ago I've been thinking about adding one more section to the pf.conf, like state rules - small chains, that could be assigned to normal filter rules. So when the state is created, you'd still have some control over certain things (like queuing). I realise though, it would be hell of a work, probably much more than it's worth it. Not mentioning potential performance hit under more complicated configs.
I'm still curious, why pf_test6 function doesn't check for tcp acks, when deciding on which queue to assign (unless I blatantly missed or don't understand something).
