On 2018/04/01 08:59, Theo de Raadt wrote: > > I think this is the right thing to do, but needs handling in conjunction > > with changes to PF, which has dual queue-setting (IPTOS_LOWDELAY packets > > pf has to change first?? > > I don't understand the requirement that pf must be capable of handling > this naunce of packets, before any of our applications are changed. > > other applications outside openbsd have already been adapted to use > DSCP. > > there is traffic on the internet doing this, and yet noone has died.
Why not? PF has a feature which is *exactly* designed to work with this, specifically so ssh still works when the line is flooded, and the minimum fix is a couple of lines of diff..
