On Sat, Oct 07, 2006 at 06:29:46PM +0200, Federico Giannici wrote:
> Having received no useful replies, let me try a simpler question: How
> can I identify (i.e. filter) TCP ACKs with no data payload?
>
> I know how to identify ACKs, but is there any way to identify packets
> with no payload, something like a "payload-size 0" condition?
No, that's hardcoded and you'll have to patch the source if you want to
change that. See src/sys/net/pf.c pf_test()
if ((th.th_flags & TH_ACK) && pd.p_len == 0)
pqid = 1;
This sets the pqid flag ("use the second queue specified") for TCP packets
with TH_ACK set and no payload.
if (action == PF_PASS && r->qid) {
if (pqid || (pd.tos & IPTOS_LOWDELAY))
pd.pf_mtag->qid = r->pqid;
else
pd.pf_mtag->qid = r->qid;
This assigns the rule's second specified queue if the pqid flag is set
before, or if IPTOS_LOWDELAY is set.
Change as you see fit. Adding a keyword about payload size to the parser
is much more work, compared to the kernel part ;)
BTW, queue assigment happens for all packets matching a state, no matter
what direction they flow in. If you have two four queues (two for each
interface involved), you want to make sure that the right queue is
assigned last (the mbuf tag gets overwritten, and only the last write is
relevant, should it happen multiple times to the same packet).
Daniel
