Hi! Living on a DSL link is hard when it comes to ALTQ configuration on the upstream side. If you are able to configure both sides of a link policy based routing is no problem (i.e. prioritizing ACKs or icmp/udp/Diablo 2 :)). In my (and prob. this is the most common setup) I cannot (legally) take control of the upstream router and its queueing policies. As a result when my downstream is busy ACKs, icmp errors, nameserver queries et al. are treated like normal bulk data packets and not prioritized.
When setting TOS fields on outgoing packets the same bits are set in the answer thus allowing basic priorization for incoming packets on the upstream router: $ nemesis icmp -qE -S 10.10.1.2 -D 195.244.235.251 15:48:25.783347 10.10.1.2 > 195.244.235.251: icmp: echo request (ttl 255, id 42131, len 28) 15:48:25.852952 195.244.235.251 > 10.10.1.2: icmp: echo reply (ttl 245, id 2534, len 28) $ nemesis icmp -qE -S 10.10.1.2 -D 195.244.235.251 -t 0x10 15:48:27.033848 10.10.1.2 > 195.244.235.251: icmp: echo request [tos 0x10] (ttl 255, id 16345, len 28) 15:48:27.168675 195.244.235.251 > 10.10.1.2: icmp: echo reply [tos 0x10] (ttl 245, id 33430, len 28) Since the line is not completly busy as of now there are no noticible round trip time differences in this example beside the set tos fields. I'd like to implement a 'scrub' option which basicly works like this: scrub out on $ext_if proto udp from $internal to $nameservers port 53 keep state tos 0x10 There are many other ways of using this option but the example should give you a brief overview of my intention. I talked to Henning since I didn't know if there were any issues since this has not been implemented as of now but could not remember any reasons. Even now when ECN et al. are coming up this feature looks interesting to me. Looking at the source (I'm somewhat familiar with the pf FreeBSD port) inserting the appropriate option right after the random IP ID setting in pf_norm.c seems to be easy. Before starting setting up an OpenBSD box I'd like to know if there are any caveats/reasons since this has not been done already. Thanks, Hendrik -- Hendrik Scholz - <[EMAIL PROTECTED]> - http://raisdorf.net/ drag me, drop me - treat me like an object
