Orion Poplawski wrote: > Tom Eastep <teastep <at> shorewall.net> writes: >> Orion Poplawski wrote: >>> Any reason the LENGTH field from tcrules couldn't be added to tcfilters? >>> I'd >>> like to shape incoming large ssh packets differently that small ones. >> Only that the u32 classifier supports only a 'mask-and-compare-equal' >> operator. So length checks other than length < power-of-2 would be truly >> ugly. > > Well, I could live with that restriction myself. I'd probably match on < 1024 > to distinguish interactive traffic vs. scp/sftp.
TOS might be a better way to split those. Well-behaved clients should set TOS correctly. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
