Shorewall devel - Jul 2004 - TOS settings conflict with wshaper

Hi!

Wondershaper classifies traffic to different queues using information
found in TOS field. I noticed that scp traffic goes to highest priority
class even though comments in whaper explicitely say:

"TOS Minimum Delay (ssh, NOT scp)".

As it turned out Shorewall creates mangle rules that will force minimum
delay bit to all ssh connections (in "tos" file).

SSH implementations themselves set socket option IPTOS_LOWDELAY
for interactive sessions (recommended in the spec) so I think forcing it
with packet mangling is not necessary, or have I missed the intention
that you''ve had with the rule?

Best regards,
Tero

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail

Tero Saarni wrote:
> Hi!
> 
> Wondershaper classifies traffic to different queues using information
> found in TOS field. I noticed that scp traffic goes to highest priority
> class even though comments in whaper explicitely say:
> 
> "TOS Minimum Delay (ssh, NOT scp)".
> 
> As it turned out Shorewall creates mangle rules that will force minimum
> delay bit to all ssh connections (in "tos" file).
> 
> SSH implementations themselves set socket option IPTOS_LOWDELAY
> for interactive sessions (recommended in the spec) so I think forcing it
> with packet mangling is not necessary, or have I missed the intention
> that you''ve had with the rule?
All of the settings in Shorewall files are defaults and each user is 
welcome to change them as they see fit. If you feel that all of the 
software you run is setting TOS correctly, you are free to purge the 
contents of your /etc/shorewall/tos file.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net