Re: ssh queue rules
I was watching my queus via pfctl -vvs queues Per the man page " when a second one is specified it will instead be used for packets which have a TOS of lowdelay and for TCP ACKs with no data payload" so i believe bulk would go to low as its the first queue listed, and interactive would go to high as its the second queue listed. On 26/03/2008, Calomel <[EMAIL PROTECTED]> wrote: > I believe your "low" queue is for ssh interactive traffic only. The "high" > queue is for bulk traffic like scp or sftp transfers. > > If you watch your queues in pftop (page 8) you should see ssh traffic like > typed commands in the "low" queue and the rest goes to the "high" queue. > > Hope this helps > > PF Config "how to" (pf.conf) > http://calomel.org/pf_config.html > > > -- > Calomel @ http://calomel.org/ > Open Source Research and Reference > > > > On Wed, Mar 26, 2008 at 04:41:01PM -0700, Lord Sporkton wrote: > >I have this rule in my PF > >and its not working > > > >everything just gets thrown into the high queue and nothing touches > >the low queue > > > >(this is from the output of pfctl -s rules) > >pass in on em0 inet proto tcp from any to 208.70.72.13 port = ssh > >flags S/SA modulate state (source-track rule, max-src-conn-rate 3/30, > >overload , src.track 30) queue(low, high) > > > >my ssh is being set with lowdelay > > > >(from tcpdump) > >14:40:24.180347 13-72-70-208.uniplex.us.ssh > > >georgia.static.qwest.net.61282: P 5820:5984(164) ack 53 win 17520 (DF) > >[tos 0x10] > > > >and my ssh transfer is being tagged high throughput > > > >(from tcpdump) > >14:43:53.936143 13-72-70-208.uniplex.us.ssh > > >georgia.static.qwest.net.2904: . 269868:271328(1460) ack 961 win 17520 > >(DF) [tos 0x8] > > > >any suggestions on what im doing wrong? > >thanks > > > >-- > >-Lawrence > -- -Lawrence -Student ID 1028219
Re: ssh queue rules
I believe your "low" queue is for ssh interactive traffic only. The "high" queue is for bulk traffic like scp or sftp transfers. If you watch your queues in pftop (page 8) you should see ssh traffic like typed commands in the "low" queue and the rest goes to the "high" queue. Hope this helps PF Config "how to" (pf.conf) http://calomel.org/pf_config.html -- Calomel @ http://calomel.org/ Open Source Research and Reference On Wed, Mar 26, 2008 at 04:41:01PM -0700, Lord Sporkton wrote: >I have this rule in my PF >and its not working > >everything just gets thrown into the high queue and nothing touches >the low queue > >(this is from the output of pfctl -s rules) >pass in on em0 inet proto tcp from any to 208.70.72.13 port = ssh >flags S/SA modulate state (source-track rule, max-src-conn-rate 3/30, >overload , src.track 30) queue(low, high) > >my ssh is being set with lowdelay > >(from tcpdump) >14:40:24.180347 13-72-70-208.uniplex.us.ssh > >georgia.static.qwest.net.61282: P 5820:5984(164) ack 53 win 17520 (DF) >[tos 0x10] > >and my ssh transfer is being tagged high throughput > >(from tcpdump) >14:43:53.936143 13-72-70-208.uniplex.us.ssh > >georgia.static.qwest.net.2904: . 269868:271328(1460) ack 961 win 17520 >(DF) [tos 0x8] > >any suggestions on what im doing wrong? >thanks > >-- >-Lawrence
ssh queue rules
I have this rule in my PF and its not working everything just gets thrown into the high queue and nothing touches the low queue (this is from the output of pfctl -s rules) pass in on em0 inet proto tcp from any to 208.70.72.13 port = ssh flags S/SA modulate state (source-track rule, max-src-conn-rate 3/30, overload , src.track 30) queue(low, high) my ssh is being set with lowdelay (from tcpdump) 14:40:24.180347 13-72-70-208.uniplex.us.ssh > georgia.static.qwest.net.61282: P 5820:5984(164) ack 53 win 17520 (DF) [tos 0x10] and my ssh transfer is being tagged high throughput (from tcpdump) 14:43:53.936143 13-72-70-208.uniplex.us.ssh > georgia.static.qwest.net.2904: . 269868:271328(1460) ack 961 win 17520 (DF) [tos 0x8] any suggestions on what im doing wrong? thanks -- -Lawrence
