Problem classifying SSH traffic
-
I thought I'd add a queue with a high priority for SSH traffic. Seemed quite straightforward: just create traffic shaper rules that match TCP port 22 as destination:
If | Proto | Source | Destination | Target
LAN->WAN | TCP | * | * Port 22 (SSH) | qShellUp/qShellDown
WAN->LAN | TCP | * | * Port 22 (SSH) | qShellDown/qShellUp
However, I only see traffic going into these qShellUp/qShellDown queues during the login process of an SSH terminal session. When I repeatedly cat a large text file in this terminal to generate some traffic, I see qlanacks jumping up, not qShellDown.
Any idea what's going on here?
-
My guess is that the subsequent packets have ToS already set causing them to go into the ack queue, and that rule is firing first?
-
There is no rule above the SSH rules that should be firing first: those SSH rules are number 2 & 3 in my list of traffic shaping rules, rule #1 checks for DNS (port 53).
Is there something unusual about SSH traffic that I don't understand?
Is there some way I can check on a lower level, in the pfsense shelll, with pfctl for example?
-
Sorry if I was unclear. There are rules and such operating behind the scenes that do things like shaping for ACks and such.
-
Thanks for the clarification!
For me it's not really a problem that the SSH traffic ends up in qlanacks as this queue has the highest priority anyway, but it certainly is not what I'd expect to happen. I can't help but wonder if it's not a bug?
-
I don't think it will be considered that way - I ran into the same issue with VOIP packets, where because they had ToS of low delay they got put on the ACK queue.