On Sat, Nov 11, 2006 at 12:44:46AM +0100, [EMAIL PROTECTED] wrote: > If OpenBSD is acting as an Ethernet bridge and pf/alt is assigning > packets to queues (cbq), the correct rule to send empty ACK packets to a > high priority queue would be something like this?: > > pass out on $wan_if proto tcp from any to any A/SAP queue minimal_delay > > SAP because we only want to send bare ACK packets to minimal_delay. > Sending SYN+ACK and ACK+PSH to the default queue is fine. And no need to > track state in this situation. > > Makes sense?
Ah, the question is whether ACK without PSH is the same as "empty ACK"? An "empty ACK" as defined by pf for the purpose of assignment to the second queue specified in a rule is "any TCP packet, with ACK set, that has no data payload (carries no user data)". You can't express the "empty" criterion in a rule, really. There's no parameter filtering payload length. An ACK without PSH doesn't necessarily have no payload. See the TCP RFC (http://www.faqs.org/rfcs/rfc793.html) for details, but as I remember, the purpose of the PSH (push function) bit is to indicate to the recipient that the sender's send buffer has been drained and that the recipient should push the receive buffer contents to userland, while the lack of PSH indicates that the recipient may buffer the input before the next userland read() gets it. PSH vs. no PSH doesn't correlate with payload vs. no payload. I haven't really considered it, but I don't think prioritizing PSH (or lack of PSH, as you seem to suggest) has much benefit. You can tcpdump a typical TCP connection and note which packets have PSH set or unset, and which packets have payload or no payload. Which of those packets should be prioritized (not so much that they win over other packets of the same connection, but over packets of other concurrent connections clogging the uplink)? So, for ackpri (the concept of prioritizing empty ACKs, for the purpose described on the page you mentioned), you need a rule specifying two queues, like pass out on $wan_if ... queue (default_queue, minimal_delay) That works on a bridge and with stateless filtering, too. The point is that the rule specifies TWO queues, the second one will be used by pf for packets that fit (hardcoded) criteria (empty ACKs and ToS lowdelay). Daniel
