On 11/2/2012 2:38 PM, Lutfi ODUNCUOGLU wrote:
Hello,
I compiled nDPI-nefilter patch and it works fine. What I want is to
shape the p2p traffic in my network. For this purpose i just implemented
the nDPI-netfilter patch as two different ways for testing
iptables -t mangle -A POSTROUTING -o XXX -m ndpi --bittorrent -j
CONNMARK --set-mark 1
iptables -t mangle -A POSTROUTING -m connmark --mark 1 -j CLASSIFY
--set-class 0001:0010
or
iptables -t mangle -A POSTROUTING -m ndpi --bittorrent -j CLASSIFY
--set-class 0001:0010
So which one is more suitable for use? I don't know if this patch
inspects connections (marks connection) or every single packet (marks
every single) for a match.
Regards,
Lutfi
Hey Lutfi,
it seems to me that the set-mark is used more then classify and from
ndpi point of view it's better then restoring marks etc since ndpi
stores the connection status.
Regards,
Eliezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
