Damien Miller wrote:
On Sat, 7 Jul 2007, Lawrence Horvath wrote:
Is there a way using pf to distinguish between ssh shell logins, and
scp file transfers?
Not easily: ssh sets IPTOS_THROUGHPUT for non-interactive sessions,
but does it after the TCP handshake. If you are assigning connections
to queues statefully, this is too late, as the state would have already
been created with the default TOS.
You can use nc(1) as an ssh proxycommand and set the TOS to whatever you
want, but it doesn't help for the normal case.
Host somehost
ProxyCommand nc -T lowdelay %h %p
Host somehost-xfer
Hostname somehost
ProxyCommand nc -T throughput %h %p
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
