From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jody Shumaker Date: Thu, 07 Jul 2005 04:30:40 +0000 Subject: Re: [LARTC] HTB and bittorrent, won't work Message-Id: <42CCAFF0.3030305@gmail.com> List-Id: References: <200507061623.38806.donvodka@gmail.com> In-Reply-To: <200507061623.38806.donvodka@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org You need to use connection marking as well. --l7proto bittorrent will only recognize the first packet in a bittorrent stream, you need to save a mark on the whole tcp connection, and restore the mark for all future packets if you want the entire connection to be classified. iptables -t mangle -A lay7 -p tcp -j CONNMARK --restore-mark iptables -t mangle -A lay7 -m layer7 --l7proto bittorrent -j MARK --set-mark 1 iptables -t mangle -A lay7 -o eth1 -m mark --mark 1 -j CLASSIFY --set-class 2:2 iptables -t mangle -A lay7 -m layer7 --l7proto smtp -j MARK --set-mark 2 iptables -t mangle -A lay7 -o eth1 -m mark --mark 2 -j CLASSIFY --set-class 2:3 iptables -t mangle -A lay7 -p tcp -m mark ! --mark 0 -j CONNMARK --save-mark If you're marking ever gets more complex, it might take a little more work ( -j accepts for matching already classified connections after the --restore-mark) but the above should help get the full bittorrent connection classified, not just the first packet. - Jody Edgar wrote: >Hello, > >I've been trying to shape the bittorrent traffic (on my external interface, >upload), but without luck, for this I'm using layer7 filter right now, but >I've also tried ipp2p, with the same results, I might say that this is not a >problem with this packet classifiers, the problem is with HTB, here's why. >When I open azureus (the bittorrent client I use) I see upload traffic >getting shapped, but also I see that my download traffic won't go up if I'm >shaping on the upload interface, if I stop shaping on that interface then >upload ( as expected) will increase, and so the download rate, this happens >to me using the default bittorrent client (classic), so its not a client >problem. Ok, the problem here is that when using bittorrent, although I see >the traffic is shaped I can't surf web pages, nor chat in msn messenger, nor >do anything at all, and merely that's all I want to do, shape p2p traffic to >be able to use my bandwidth fairly, maybe its a bittorrent problem, because >with the edonkey protocol I have no problem at all, traffic get shaped and I >can use the rest of my bandwidth, I'll post my iptables rules for marking the >bittorrent packets and the htb rules I use (using tcng): > >### IPTABLES RULES ### >iptables -t mangle -F >iptables -t mangle -X >iptables -t mangle -N lay7 >iptables -t mangle -A POSTROUTING -j lay7 >iptables -t mangle -A lay7 -m layer7 --l7proto bittorrent -j MARK --set-mark 1 >iptables -t mangle -A lay7 -o eth1 -m mark --mark 1 -j CLASSIFY --set-class >2:2 >iptables -t mangle -A lay7 -m layer7 --l7proto smtp -j MARK --set-mark 2 >iptables -t mangle -A lay7 -o eth1 -m mark --mark 2 -j CLASSIFY --set-class >2:3 > >### HTB RULES ### > >#define UPLOAD eth1 >#define UPRATE 25kBps >#define P2P 10kBps > >dev UPLOAD { > egress { > class ( <$emule> ) ; > class ( <$smtp> ) ; > class ( <$ssh> ) if tcp_dport = 8080 ; /*Changed port from 22 to 8080 */ > class ( <$otro> ) if 1 ; > > htb () { > class ( rate UPRATE, ceil UPRATE ) { > $emule = class ( prio 8, rate 6kBps, ceil P2P ) { sfq; } ; > $smtp = class ( prio 1, rate 6kBps, ceil 12kBps ) { sfq; } ; > $ssh = class ( prio 0, rate 3kBps, ceil 5kBps) { sfq; } ; > $otro = class ( prio 1, rate 8kBps, ceil UPRATE ) { sfq; } ; > } > } > } >} > >Also, given the priorities it's expected to let me surf the web or chat in msn >messenger rather than take my whole bandwidth. > >I hope someone can help me out with this, maybe it not ok to use tcng with >iptables? thank you in advance > >EDGAR MERINO >_______________________________________________ >LARTC mailing list >LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc