For interest, this is the first time I’m using Flent much over the Internet, and now I can clearly see how icmp is being prioritized somewhere. I just looked at my ISPs backhaul qos scripts now and I was mistaken earlier- there appear to be five strict priority classes (lower numbers get higher priority), and they’re prioritizing icmp. A few classifications are done with straight iptables and the rest with Linux’s layer7 stuff. Classes:

1: icmp, ospf, bgp, dhcp, dns, irc, jabber, snmp, whois
2: udp, quake-halflife, worldofwarcraft
3: tcp port 80
4: ftp, cvs, biff, h323, imap, live365, pop3, rtsp, shoutcast, smtp, ssl, tftp
5: bittorrent, directconnect, edonkey, http-itunes, soulseek

Hmm, I think I may soon be suggesting some improvements. I bet “cake besteffort dual-srchost” on the way out and “cake besteffort dual-dsthost” on the way in will outperform this system with very little additional work. These rules were written years, if not now decades ago, as is clear by some of the mostly defunct protocols listed. I may do a few more tests to netperf-eu.bufferbloat.net along the way to get this sorted out… :)