Hi,
My apologies in advance if I've missed something, but as I understand
pf, it's not currently possible to filter and classify packets based on
their size. Just thought I should bring the idea up, as a possible
feature request.
The reason I'd be interested in seeing such a thing is that it offers
some interesting potabilities when it comes to making ALTQ
classification rules, and have them work automagically.
Imagine sorting the packets into the following queues, from first to
last priority:
1. Any small packet
2. UDP, except if size > 1400
3. TCP, except if size > 1400
4. Any packet whos size > 1400
(just an example)
Now the thing is that this would catch a lot of traffic automatically,
and often prioritize right, at least according to my wishes. Small
interactive stuff like ssh (except for transfers), dns, ntp (big point),
icmp, session setup etc, would automatically get prioritized. More or
less any type of P2P transfer would get a lot priority, no matter which
port numbers, networks and protocols are involved.
Protocols that might not be in use at a site (ntp, sip etc) that are
later added, will automatically get a decent priority, without having to
even know they're being used.
Sure, most of this could be done with long lists over which protocols
are in use etc, but not nearly as neat, and new things wouldn't have
such a high chance of hitting the right priority.
There's also another issue. I (and I'm assuming others) would like ssh
to have a high priority, to ensure low latency when working against
remote servers, but if you have a delicate QoS setup, using ssh for file
transfer will use the same ports, and to a large extent be hard to
distinguish from interactive ssh sessions. The result is that if
nothing else, the file transfers would have an impact on other ssh
sessions, and depending on the ruleset, it could quickly have an effect
on other things as well. If you can take size into account, you would
be able to automatically prioritize interactive SSH sessions over those
used for file transfers.
note: Yes, all examples are simplified, and yes, this does have the
potential to create problems as well as solve them. Out of order packet
deliveries and whatnot, but I think it's a useful tool to add, and I
think it can do a lot of good.
Any thoughts?
(sorry if this has been up for endless discussion before, and I just
wasted 28 lines of your life, I haven't been subscribed for long, and
google didn't serve any relevant dish on my (admittedly quick) research)
Terje
