Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ssh type of service (tos)

216 views
Skip to first unread message

Keld Jørn Simonsen

unread,
Sep 22, 2005, 3:21:05 PM9/22/05
to
Hi

I am using openssh for a number of things, including file transfer and
mirroring, and I would like to be able to do traffic policing, such as
downgrading the priority of packet of a scp transfer. How can I do that?
I looked in the man pages and googled 'openssh typeofservice' but I did
not seem to get anything I could use.

I thought maybe adding a keyword 'TypeOfService' for .ssh/config, that
also could be used by the ssh and scp -o flag could do what I wanted.

Richard E. Silverman

unread,
Sep 22, 2005, 8:46:57 PM9/22/05
to
>>>>> "KS" == Keld Jørn Simonsen <ke...@dkuug.dk> writes:

KS> Hi I am using openssh for a number of things, including file
KS> transfer and mirroring, and I would like to be able to do traffic
KS> policing, such as downgrading the priority of packet of a scp
KS> transfer. How can I do that? I looked in the man pages and
KS> googled 'openssh typeofservice' but I did not seem to get anything
KS> I could use.

KS> I thought maybe adding a keyword 'TypeOfService' for .ssh/config,
KS> that also could be used by the ssh and scp -o flag could do what I
KS> wanted.

There's nothing in OpenSSH that can do this -- nor can you do it in the
network, because the difference between an SSH connection carrying
terminal traffic and one doing scp is invisible to the outside world (at
least explicitly), the protocol being encrypted.

However, you could get the effect simply by using something besides scp
over ssh to do your file transfers, which has data rate limiting. E.g.:

$ rsync -e ssh --bwlimit ...

--
Richard Silverman
r...@qoxp.net

Keld Jørn Simonsen

unread,
Sep 23, 2005, 4:10:12 AM9/23/05
to
Den Thu, 22 Sep 2005 20:46:57 -0400. skrev Richard E. Silverman:

>>>>>> "KS" == Keld Jørn Simonsen <ke...@dkuug.dk> writes:
>
> KS> Hi I am using openssh for a number of things, including file
> KS> transfer and mirroring, and I would like to be able to do traffic
> KS> policing, such as downgrading the priority of packet of a scp
> KS> transfer. How can I do that? I looked in the man pages and
> KS> googled 'openssh typeofservice' but I did not seem to get anything
> KS> I could use.
>
> KS> I thought maybe adding a keyword 'TypeOfService' for .ssh/config,
> KS> that also could be used by the ssh and scp -o flag could do what I
> KS> wanted.
>
> There's nothing in OpenSSH that can do this -- nor can you do it in the
> network, because the difference between an SSH connection carrying
> terminal traffic and one doing scp is invisible to the outside world (at
> least explicitly), the protocol being encrypted.

Packets are packets an tos are a fundamental part of the packet structure.
So could the tos be set *after* doing the encryption?

> However, you could get the effect simply by using something besides scp
> over ssh to do your file transfers, which has data rate limiting. E.g.:
>
> $ rsync -e ssh --bwlimit ...

Yes, but then I would not use full bandwidth for eg scp when I am not
doing anything.

Darren Tucker

unread,
Sep 23, 2005, 5:46:29 AM9/23/05
to
On 2005-09-22, Keld Jørn Simonsen <ke...@dkuug.dk> wrote:
> I am using openssh for a number of things, including file transfer and
> mirroring, and I would like to be able to do traffic policing, such as
> downgrading the priority of packet of a scp transfer. How can I do that?
> I looked in the man pages and googled 'openssh typeofservice' but I did
> not seem to get anything I could use.

OpenSSH already does this (on platforms where IP TOS works, anyway).

packet.c:packet_set_tos() sets IPTOS_LOWDELAY for interactive sessions
and IPTOS_THROUGHPUT for noninteractive ones. tcpdump -vvv is your friend.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Richard E. Silverman

unread,
Sep 23, 2005, 9:35:37 AM9/23/05
to
>>>>> "KJS" == Keld Jørn Simonsen <ke...@dkuug.dk> writes:

KJS> Den Thu, 22 Sep 2005 20:46:57 -0400. skrev Richard E. Silverman:
>>>>>>> "KS" == Keld Jørn Simonsen <ke...@dkuug.dk> writes:
>>
KS> Hi I am using openssh for a number of things, including file
KS> transfer and mirroring, and I would like to be able to do traffic
KS> policing, such as downgrading the priority of packet of a scp
KS> transfer. How can I do that? I looked in the man pages and
KS> googled 'openssh typeofservice' but I did not seem to get anything
KS> I could use.
>>
KS> I thought maybe adding a keyword 'TypeOfService' for .ssh/config,
KS> that also could be used by the ssh and scp -o flag could do what I
KS> wanted.
>> There's nothing in OpenSSH that can do this -- nor can you do it
>> in the network, because the difference between an SSH connection
>> carrying terminal traffic and one doing scp is invisible to the
>> outside world (at least explicitly), the protocol being encrypted.

KJS> Packets are packets an tos are a fundamental part of the packet
KJS> structure. So could the tos be set *after* doing the encryption?

Of course, if OpenSSH were doing it. I wrote that you can't do it "in the
network" -- that is, apply TOS to the IP packets which make up an SSH
connection externally depending on whether it's doing scp, because you
can't tell from the outside.

Darren mentioned that OpenSSH already sets TOS appropriately, which I
should have said; my point was that it doesn't allow you to set it
yourself, which is what I thought you were asking.

--
Richard Silverman
r...@qoxp.net

Keld Jørn Simonsen

unread,
Sep 23, 2005, 1:47:35 PM9/23/05
to

Yes, I asked for it to be done eg by an -o option.

I see that on my newer system scp sets tos to 0x0 - which was not done on
my older system.

I wonder how openssh finds out how a session is interactive or not. I do
use openssh for a number of purposes, including rsync and https. https
should be interactive, normally. Anybody care to enlighten me how it is
determined that a session is interactive? (I know, the documentation is in
the source...)

Best regards
keld

Darren Tucker

unread,
Sep 23, 2005, 11:12:50 PM9/23/05
to
On 2005-09-23, Keld Jørn Simonsen <ke...@dkuug.dk> wrote:
> Yes, I asked for it to be done eg by an -o option.

If you can get netcat/connect or equivalent to set an arbitrary ToS
(and I don't know if any do, but it would be trivial to add) then you
could use something like:

$ ssh -o "ProxyCommand=connect --tos=0x8 %h %p" server.example.com

> I see that on my newer system scp sets tos to 0x0 - which was not done on
> my older system.
>
> I wonder how openssh finds out how a session is interactive or not. I do
> use openssh for a number of purposes, including rsync and https. https
> should be interactive, normally. Anybody care to enlighten me how it is
> determined that a session is interactive? (I know, the documentation is in
> the source...)

A session is considered interactive if the client requests a pty or
X11 forwarding.

0 new messages