I would recommend looking at the connrate (http://www.netfilter.org/projects/patch-o-matic/pom-extra.html#pom-extra-connrate) Patch-O-Matic patch. Your interactive sessions could be long lived and thus pass the connlimit and / or connbytes matches and thus be falsely classified. Where as if you test for your interactive sessions by looking for an over all average low rate, burst delay burst delay etc, you should have a low average and thus be able to match based on rate to classify them higher.
Grant. . . .
Paul J. Smith wrote:
Hi,
I’ve been wondering if anyone has thought of a way to differentiate
between an established http download and interactive http traffic? I
would like to give interactive http traffic priority over someone
downloading large files.
Has anyone any ideas how to detect packets that are part of a download
like this?
Thanks.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc