Identifying X forwarded traffic in a packet filter

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


I have a few OpenBSD-based routers which use PF and ALTQ for filtering
and queuing packets. They are linked by a T1 connection over which we
pass a whole lot of traffic. What I would like to do is be able to set
different queue priorities and assign different amounts of bandwidth
to X forwarded vs console interactive SSH traffic.

Is there any way to tell the difference between the two?

I already know that you can identify the packets marked "low delay"
versus "bulk", but both console and X forwarded traffic carry the low
delay tag. Is there some other characteristic I could look for?

Site Timeline