Yes, you can definitely do this. Here are some commands that you could use to help determine the type of client. We have been working on improving some of them in 9.0.5, so you may want to hold off on getting too elaborate with them until then.
IP::hops
This gives you the estimated number of hops the peer takes to get to you.
TCP::rtt
This gives you the smoothed round-trip time estimate between you and the peer. Note that as an implementation detail, the unit is in 1/32 of a millisecond. (Sorry, that's a kernel implementation detail we had to use to avoid floating point.)
Note that the rtt takes some time to converge, so we have the following in order to cull outliers:
ROUTE::rttvar
This is the statistical variance of rtt in 1/16 ms intervals.
TCP::bandwidth
This is an estimate of the upload bandwidth (i.e. how much data we can optimally push to the peer without causing recoveries or drops) in bytes per second. Note: due to a bug in our implementation, this value is incorrect in current releases. It has been fixed for 9.0.5.
And, as you mentioned, we of course have:
TCP::mss
With these metrics, you can imagine just how good the possibilities are for traffic analysis. Of course, you can also use things like
IP::tos
To both get and set the diffserv parameters for traffic, if you have upstream devices doing traffic classification for you.
Here is a simple rule example using TCP::mss that disables compression to larger MSS clients (you must have it enabled on the profile, so the rule can only disable it.)
when HTTP_REQUEST {
if { [TCP::mss] >= 1280 } {
COMPRESS::disable
}
}
Let us know how it goes, and please feel free to post your suggestions and enhancements!