First, I don't object to doing it. I object it doing it in the wrong place (and hence mixing up two separate operations into one amorphous blob) and in the wrong way (based on address alone, instead of address *and* port).
And I object to ignoring majority consensus as well as ownership. Marking needs to be done as close to the source as possible. Ideally this should be done on the host, if not within the app itself. If the app isn't an option, then perhaps doing it on the host via iptables would work (assuming your OS is linux). If not there, then as a separate plugin on the firewall. And the packets shouldn't just *classified*, because classification is only meaningful on the host doing it. They should be classified and *remarked* so that they get handled properly throughout the network. I don't mind doing what you're doing: I mind going about it in the wrong way. "Anything worth doing is worth doing right," my grandmother used to say. And that's still true. On 12/12/10 11:48 AM, David Kerr wrote: > > Philip... > Not sure that I understand why you object so strongly... why is it not > okay to designate a specific host IP as being low priority when it is okay to > designate by port number? > > On Sun, Dec 12, 2010 at 2:07 PM, Philip Prindeville > <[email protected] > <mailto:[email protected]>> wrote: > > Classification and shaping are separate functions, and as such Arno and I > agree these should be separate plugins. > > If Lonnie wants to combine them in Astlinux then that's his prerogative, > but making this change upstream to my plugin without asking me is egregious > and not consistent with ownership etiquette in Open Source projects. > > David's best chance of a solution is to RE-MARK the packets, so they are > handled properly throughout the network, not just while transiting the > Astlinux firewall. > > > Don't disagree... would indeed be useful if the source application would let > me indicate the priority I want to attribute to the traffic. Of course, that > would be an advanced option. > > Also, the best place to MARK them is on the source host (based on the > port #'s). It's trivial to do it there if that host is running linux and has > iptables installed. > > Looks like iptables is installed. How would I go about doing this? > > > Please back this out upstream. > > David: please contact the vendor and file an RFE (request for > enhancement) that the application generating this traffic mark it properly > (as per RFC-4594). If this problem is affecting you, it's probably affecting > others that don't have the technical means to work around it. > > > Will look into this. > > > I've slowly been getting patches upstream to Apache, APR, Proftpd, > Firefox, Thunderbird, Cyrus, Openssh, Sendmail, Wget, libcurl, etc. to get > applications to use the correct settings. This is the end-game. > > In fact, if you send me the details off-list about the system and app, I > might know of a proper fix for you. > > > Application in question is the CrashPlan linux client... > http://b4.crashplan.com/consumer/download.html?os=Linux It is connecting to > the online (CrashPlan Central) backup servers through HTTPS/443 port. > > David > ------------------------------------------------------------------------------ Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL, new data types, scalar functions, improved concurrency, built-in packages, OCI, SQL*Plus, data movement tools, best practices and more. http://p.sf.net/sfu/oracle-sfdev2dev _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
