Re: pf firewall packet size
> > > There is just small ACK packets left. I wonder what is solution for > small packets in OpenBSD Checkout set prio in pf.conf...TCP ACKs with no data payload
pf firewall packet size
Hi guys, I am trying to find out way how to port my Linux netfilter into OpenBSD pf. I want to prioritize small new SYN connection SYN/ACK, ACK. In Linux I simply set a packet size 0-128 bytes that covers usual 3-way handshake. This simple rule makes all faster. There seems to be no "packet size" capability in OpenBSD. Something similiar used for small packets under OpenBSD match out on egress set prio (5, 6) next thing what may work is playing with packet flags SYN is start of new connection so "pass out flags S/" and SYN-ACK with flags SA/ should do the trick no? There is just small ACK packets left. I wonder what is solution for small packets in OpenBSD thanks Hajes
Re: pf firewall packet size
On Thu, Mar 11, 2021 at 12:33 PM da...@hajes.org wrote: > I am trying to find out way how to port my Linux netfilter into OpenBSD pf. > > I want to prioritize small new SYN connection SYN/ACK, ACK. > > In Linux I simply set a packet size 0-128 bytes that covers usual 3-way > handshake. This simple rule makes all faster. > > There seems to be no "packet size" capability in OpenBSD. > > Something similiar used for small packets under OpenBSD > > match out on egress set prio (5, 6) > > > next thing what may work is playing with packet flags > > SYN is start of new connection so "pass out flags S/" and SYN-ACK with > flags SA/ should do the trick no? > > There is just small ACK packets left. I wonder what is solution for > small packets in OpenBSD I believe quantum is what you are looking for--see the QUEUEING section in pf.conf(5).
pf firewall packet size
Hi guys, I am trying to find out way how to port my Linux netfilter into OpenBSD pf. I want to prioritize small new SYN connection SYN/ACK, ACK. In Linux I simply set a packet size 0-128 bytes that covers usual 3-way handshake. This simple rule makes all faster. There seems to be no "packet size" capability in OpenBSD. Something similiar used for small packets under OpenBSD match out on egress set prio (5, 6) next thing what may work is playing with packet flags SYN is start of new connection so "pass out flags S/" and SYN-ACK with flags SA/ should do the trick no? There is just small ACK packets left. I wonder what is solution for small packets in OpenBSD thanks Hajes
