Hi all,
I'm tring to isolate P2P traffic, specifically BitTorrent, for my QoS
scripts. I can't seem to completely isolate ALL BitTorrent traffic.
I identify & mark packets and then use tc filters to put them into
appropriate classes. My firewall rules (below) do the markings. My VoIP
boxes' and ICMP traffic get highest priority (mark 1). Then comes DNS, SSH,
and Telnet (mark 2), After this, I try to isolate BitTorrent traffic (mark
4). If the packet is none of the above, then mark with a default mark (mark
3).
I ran my BitTorrent client (uTorrent) for a while, with no other big
uploading application running on my network. My firewall rules and
statistics are below. You can find that a large chunk got marked with 3
(default mark), apart from marked BitTorrent traffic. I put the LOG target
just to see what traffic it is and SURPRISE ! It was BitTorrent traffic.
A snippet from my kernel log (from iptables) is below. My PC's IP is
192.168.1.105 and port 10305 is uTorrent's port. And, other packets not
going out of that port - I confirmed they are from uTorrent by doing this on
a bunch of entries:
D:\Junk>netstat -nb | grep -A1 1553
TCP 192.168.1.105:1771 195.23.20.78:21488 ESTABLISHED 4080
[utorrent.exe]
D:\Junk>
I've tried using -m layer7 --l7proto bittorrent and IPP2P's -m
ipp2p --ipp2p. Same effect.
Kernel version - 2.4.30
iptables version - v1.3.3
ipp2p version : v0.8.1_rc1
vlan1 is my WAN interface.
FWIW, I'm doing this on my WRT54G V3 router running OpenWRT WhiteRussian
RC5.
I don't want to put all traffic on high-ports (>1024) into Bulk since I have
a bunch of stuff running on high-ports outside that I access. I just want
to be able to completely isolate P2P/BitTorrent and mark it bulk.
Any help appreciated.
Thanks.
PS. I sent this on Sep 11, 2006 at 3:56 PM. It never showed up in the list archive. So, reposting. Apologize if this is a repeat.
Firewall:
---------
Chain POSTROUTING (policy ACCEPT 1404K packets, 600M bytes)
pkts bytes target prot opt in out source destination
1024K 394M QOS_Chain all -- * * 0.0.0.0/0 0.0.0.0/0
Chain QOS_Chain (1 references)
pkts bytes target prot opt in out source destination
6971 1418K MARK all -- * vlan1 192.168.1.107 0.0.0.0/0 MARK set 0x1
40271 8118K MARK all -- * vlan1 192.168.1.111 0.0.0.0/0 MARK set 0x1
0 0 MARK icmp -- * vlan1 0.0.0.0/0 0.0.0.0/0 icmp type 8 MARK set 0x1
281 20041 MARK udp -- * vlan1 0.0.0.0/0 0.0.0.0/0 udp dpt:53 MARK set 0x2
0 0 MARK tcp -- * vlan1 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 MARK set 0x2
0 0 MARK tcp -- * vlan1 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 MARK set 0x2
47517 9555K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
152K 72M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
3849 2043K MARK all -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p v0.8.1_rc1 --bit MARK set 0x4
49411 28M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x4 CONNMARK save
24859 32M LOG all -- * vlan1 0.0.0.0/0 0.0.0.0/0 length 100:65535 MARK match 0x0 LOG flags 0 level 4 prefix `UNMARKED Packet: '
29544 32M MARK all -- * vlan1 0.0.0.0/0 0.0.0.0/0 MARK match 0x0 MARK set 0x3
Kernel log (snippet):
---------------------
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64569 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64570 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK PSH URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64571 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64572 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65320 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=81.178.115.37 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64573 DF PROTO=TCP SPT=1553 DPT=60546 WINDOW=65269 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64576 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64577 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64578 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64282 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64579 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64282 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64580 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK PSH URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64581 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=81.178.115.37 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64583 DF PROTO=TCP SPT=1553 DPT=60546 WINDOW=65269 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64584 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64586 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64587 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64588 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=201.66.191.158 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64611 DF PROTO=TCP SPT=1748 DPT=23845 WINDOW=65426 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=201.66.191.158 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64612 DF PROTO=TCP SPT=1748 DPT=23845 WINDOW=65426 RES=0x00 ACK URGP=0
Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
ID=64613 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64265 RES=0x00 ACK URGP=0
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
