CBQ + Layer7 x Emule

["Saulo Silva" <sauloaugustosilva@xxxxxxxxx>]

Hi All , 

My first message and I have a little problem with my FC6 box trying to block emule traffic using layer7 . 

Here my network : 

Internet ---------   ADSL  Router ------------------- FC6  Box  --------------------   Emule Box

external ADSL : Dynamic 
Internal ADSL  : 192.168.254.1

external FC6  : 192.168.254.3
internal FC6 : 
192.168.253.1

Emule Box : 192.168.253.3 

I guess that everything is ok with layer7 . Here my mangle rules . 

# iptables -t mangle -A PREROUTING -mlayer7 --l7proto edonkey -j MARK --set-mark 2
# iptables -t mangle -A PREROUTING -m mark --mark 2 -j LOG --log-prefix "PREROUTING MARK : "


iptables -t mangle -A FORWARD -mlayer7 --l7proto edonkey -j MARK --set-mark 2
iptables -t mangle -A FORWARD -m mark --mark 2 -j LOG --log-prefix "FORWARD MARK : "

The output from log is : 

Jun  8 14:18:46 fs-linux kernel: FORWARD MARK : IN=eth0 OUT=eth1 SRC="" href="http://203.91.83.127">203.91.83.127 DST=192.168.253.3 LEN=180 TOS=0x00 PREC=0x00 TTL=105 ID=18725 PROTO=TCP SPT=51674 DPT=4662 WINDOW=16944 RES=0x00 ACK PSH URGP=0 

Jun  8 14:18:48 fs-linux kernel: PREROUTING MARK : IN=eth0 OUT= MAC=00:06:4f:47:ad:e0:00:0f:3d:cc:29:e0:08:00 SRC="" href="http://200.209.170.138">200.209.170.138 DST=192.168.254.3
 LEN=139 TOS=0x00 PREC=0x00 TTL=115 ID=18002 DF PROTO=TCP SPT=1476 DPT=4662 WINDOW=65535 RES=0x00 ACK PSH URGP=0 
Jun  8 14:18:48 fs-linux kernel: FORWARD MARK : IN=eth0 OUT=eth1 SRC="" href="http://200.209.170.138">
200.209.170.138 DST=192.168.253.3 LEN=139 TOS=0x00 PREC=0x00 TTL=114 ID=18002 DF PROTO=TCP SPT=1476 DPT=4662 WINDOW=65535 RES=0x00 ACK PSH URGP=0
 
Jun  8 14:18:51 fs-linux kernel: PREROUTING MARK : IN=eth0 OUT= MAC=00:06:4f:47:ad:e0:00:0f:3d:cc:29:e0:08:00 SRC=
"" href="http://200.244.104.10">200.244.104.10 DST=192.168.254.3 LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=7042 PROTO=TCP SPT=50675 DPT=4662 WINDOW=64952 RES=0x00 ACK FIN URGP=0 

Jun  8 14:18:51 fs-linux kernel: FORWARD MARK : IN=eth0 OUT=eth1 SRC=
"" href="http://200.244.104.10">200.244.104.10 DST=192.168.253.3 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=7042 PROTO=TCP SPT=50675 DPT=4662 WINDOW=64952 RES=0x00 ACK FIN URGP=0 

So it's look like mark is working . 

So now I use the cbq.init script with that configuration : 

cat /etc/sysconfig/cbq/cbq-0002.emule_in 

DEVICE=eth0,100Mbit,10Mbit
RATE=3Kbit
WEIGHT=1Kbit
PRIO=5
BOUNDED=yes
ISOLATED=yes
MARK=2

cat /etc/sysconfig/cbq/cbq-0002.emule_out 
DEVICE=eth1,100Mbit,10Mbit
RATE=3Kbit
WEIGHT=1Kbit
PRIO=5
BOUNDED=yes
ISOLATED=yes
MARK=2

that generate this tc codes . 

/sbin/tc qdisc add dev eth0 root handle 1 cbq bandwidth 100Mbit avpkt 3000 cell 8
/sbin/tc class change dev eth0 root cbq weight 10Mbit allot 1514

/sbin/tc qdisc del dev eth1 root
/sbin/tc qdisc add dev eth1 root handle 1 cbq bandwidth 100Mbit avpkt 3000 cell 8
/sbin/tc class change dev eth1 root cbq weight 10Mbit allot 1514

/sbin/tc class add dev eth0 parent 1: classid 1:2 cbq bandwidth 100Mbit rate 3Kbit weight 1Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 3000 bounded isolated
/sbin/tc qdisc add dev eth0 parent 1:2 handle 2 tbf rate 3Kbit buffer 10Kb/8 limit 15Kb mtu 1500
/sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 200 handle 2 fw classid 1:2

/sbin/tc class add dev eth1 parent 1: classid 1:2 cbq bandwidth 100Mbit rate 3Kbit weight 1Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 3000 bounded isolated
/sbin/tc qdisc add dev eth1 parent 1:2 handle 2 tbf rate 3Kbit buffer 10Kb/8 limit 15Kb mtu 1500
/sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 200 handle 2 fw classid 1:2

Can anyone explain me what is wrong . Why I cannot shape this traffic ???? 

Any help will be appreciated . 

Best Regards , 

Saulo Silva 
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc