El Tuesday 12 September 2006 11:49, K Venkat escribió: > Hi all, > > I'm tring to isolate P2P traffic, specifically BitTorrent, for my QoS > scripts. I can't seem to completely isolate ALL BitTorrent traffic. > > I identify & mark packets and then use tc filters to put them into > appropriate classes. My firewall rules (below) do the markings. My VoIP > boxes' and ICMP traffic get highest priority (mark 1). Then comes DNS, > SSH, and Telnet (mark 2), After this, I try to isolate BitTorrent traffic > (mark 4). If the packet is none of the above, then mark with a default > mark (mark 3). > > I ran my BitTorrent client (uTorrent) for a while, with no other big > uploading application running on my network. My firewall rules and > statistics are below. You can find that a large chunk got marked with 3 > (default mark), apart from marked BitTorrent traffic. I put the LOG target > just to see what traffic it is and SURPRISE ! It was BitTorrent traffic. > > A snippet from my kernel log (from iptables) is below. My PC's IP is > 192.168.1.105 and port 10305 is uTorrent's port. And, other packets not > going out of that port - I confirmed they are from uTorrent by doing this > on a bunch of entries: > > D:\Junk>netstat -nb | grep -A1 1553 > TCP 192.168.1.105:1771 195.23.20.78:21488 ESTABLISHED 4080 > [utorrent.exe] > > D:\Junk> > > I've tried using -m layer7 --l7proto bittorrent and IPP2P's -m > ipp2p --ipp2p. Same effect. > > Kernel version - 2.4.30 > iptables version - v1.3.3 > ipp2p version : v0.8.1_rc1 > vlan1 is my WAN interface. > > FWIW, I'm doing this on my WRT54G V3 router running OpenWRT WhiteRussian > RC5. > > I don't want to put all traffic on high-ports (>1024) into Bulk since I > have a bunch of stuff running on high-ports outside that I access. I just > want to be able to completely isolate P2P/BitTorrent and mark it bulk. In my experience, the most efective way to shape p2p is to spend some time learning what is NOT p2p, then all other trafic is p2p. If there is a new prio app with a new port, you can add it to the list of known ports, if there is a new p2p protocol that is killing out all isps you just enjoy and relax, cause it is already shaped. -- Luciano _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
