Problem classifying SSH traffic
I thought I'd add a queue with a high priority for SSH traffic. Seemed quite straightforward: just create traffic shaper rules that match TCP port 22 as destination:
If | Proto | Source | Destination | Target
LAN->WAN | TCP | * | * Port 22 (SSH) | qShellUp/qShellDown
WAN->LAN | TCP | * | * Port 22 (SSH) | qShellDown/qShellUp
However, I only see traffic going into these qShellUp/qShellDown queues during the login process of an SSH terminal session. When I repeatedly cat a large text file in this terminal to generate some traffic, I see qlanacks jumping up, not qShellDown.
Any idea what's going on here?
My guess is that the subsequent packets have ToS already set causing them to go into the ack queue, and that rule is firing first?
There is no rule above the SSH rules that should be firing first: those SSH rules are number 2 & 3 in my list of traffic shaping rules, rule #1 checks for DNS (port 53).
Is there something unusual about SSH traffic that I don't understand?
Is there some way I can check on a lower level, in the pfsense shelll, with pfctl for example?
Sorry if I was unclear. There are rules and such operating behind the scenes that do things like shaping for ACks and such.
Thanks for the clarification!
For me it's not really a problem that the SSH traffic ends up in qlanacks as this queue has the highest priority anyway, but it certainly is not what I'd expect to happen. I can't help but wonder if it's not a bug?
I don't think it will be considered that way - I ran into the same issue with VOIP packets, where because they had ToS of low delay they got put on the ACK queue.