Terje Elde <[EMAIL PROTECTED]> wrote: > There's also another issue. I (and I'm assuming others) would like > ssh to have a high priority, to ensure low latency when working > against remote servers, but if you have a delicate QoS setup, using > ssh for file transfer will use the same ports, and to a large extent > be hard to distinguish from interactive ssh sessions.
actually, scp and sftp transfer don't have their lowdelay TOS mark set. it's that way in all clients i know, of course, there's always a possibility of a 'rogue' scp client trying to circumvent classification as bulk data, but as a rule, i set lowdelay transfers to upper limit lower than 100kbit/s. when using 'queue' statement, you can use 'queue (bulk, lowdelay)'. lowdelay will match all TOS lowdelay data and ACK window renewals. i think the idea that you proposed wouldn't work well with stateful firewalling - when data is classified to one queue based on the first packet, it's not matching any other rules. implementing it to work with stateful firewalling would cause the firewall to perform additional, unneeded lookups. and implementing it anyway would complicate the whole scheme of stateful firewalls. -- Stanisław Halik, http://tehran.lain.pl
