Any reason the LENGTH field from tcrules couldn''t be added to tcfilters? I''d like to shape incoming large ssh packets differently that small ones. - Orion ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Orion Poplawski wrote:> Any reason the LENGTH field from tcrules couldn''t be added to tcfilters? I''d > like to shape incoming large ssh packets differently that small ones.Only that the u32 classifier supports only a ''mask-and-compare-equal'' operator. So length checks other than length < power-of-2 would be truly ugly. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Tom Eastep wrote:> Orion Poplawski wrote: >> Any reason the LENGTH field from tcrules couldn''t be added to tcfilters? I''d >> like to shape incoming large ssh packets differently that small ones. > > Only that the u32 classifier supports only a ''mask-and-compare-equal'' > operator. So length checks other than length < power-of-2 would be truly > ugly.I''ve added a LENGTH column to the tcfilters file for 4.3.12. But, as the above implies, it only accepts powers of 2 and only packets that are strictly shorter than the specified value will pass the rule. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Tom Eastep <teastep <at> shorewall.net> writes:> Orion Poplawski wrote: > > Any reason the LENGTH field from tcrules couldn''t be added to tcfilters? I''d > > like to shape incoming large ssh packets differently that small ones. > > Only that the u32 classifier supports only a ''mask-and-compare-equal'' > operator. So length checks other than length < power-of-2 would be truly > ugly.Well, I could live with that restriction myself. I''d probably match on < 1024 to distinguish interactive traffic vs. scp/sftp. ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Tom Eastep <teastep <at> shorewall.net> writes:> I''ve added a LENGTH column to the tcfilters file for 4.3.12. But, as the > above implies, it only accepts powers of 2 and only packets that are > strictly shorter than the specified value will pass the rule.Excellent. Thank you! I''ll give it a whirl soon... ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Orion Poplawski wrote:> Tom Eastep <teastep <at> shorewall.net> writes: >> Orion Poplawski wrote: >>> Any reason the LENGTH field from tcrules couldn''t be added to tcfilters? I''d >>> like to shape incoming large ssh packets differently that small ones. >> Only that the u32 classifier supports only a ''mask-and-compare-equal'' >> operator. So length checks other than length < power-of-2 would be truly >> ugly. > > Well, I could live with that restriction myself. I''d probably match on < 1024 > to distinguish interactive traffic vs. scp/sftp.TOS might be a better way to split those. Well-behaved clients should set TOS correctly. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com
Orion Poplawski wrote:> Tom Eastep <teastep <at> shorewall.net> writes: > >> I''ve added a LENGTH column to the tcfilters file for 4.3.12. But, as the >> above implies, it only accepts powers of 2 and only packets that are >> strictly shorter than the specified value will pass the rule. > > Excellent. Thank you! I''ll give it a whirl soon...I also added a TOS column. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com