Blocking outgoing 802.11 ACKs

Blocking outgoing 802.11 ACKs

[Kostas Pelechrinis]

Hi all,

I have two nodes communicating via their wireless interfaces.  Let us assume that node A sends packets to node B.  Once node B is receiving the packets, he transmits the 802.11 ACK frame.  What I want to do is to prevent node B from sending this ACK frames once every two packets for example. 

One indirect way I have thought about is setting the following rule to node B:

iptables -A INPUT -i ath0 -m limit --limit _SPECIFIED-LIMIT_ -s _NODE'S A IP_ -j DROP

However,  I am not sure if this prevents the 802.11 ACKs from being transmitted.  This has to do with the place where the above rule is being enforced.

Do you have any comments or suggestions on how I can achieve what I am trying to?

Thanks,
Kostas


      

Re: Blocking outgoing 802.11 ACKs

[Ivan Petrushev]

iptables has "nth" match extension that matches every n-th packet. It
is described in the man page.
But why would you want to drop ACK packets? That would have negative
impact on your link.

Ivan.

On Wed, Jan 28, 2009 at 12:41 PM, Kostas Pelechrinis
<kpele_ntua@yahoo.com> wrote:
> Hi all,
>
> I have two nodes communicating via their wireless interfaces.  Let us assume that node A sends packets to node B.  Once node B is receiving the packets, he transmits the 802.11 ACK frame.  What I want to do is to prevent node B from sending this ACK frames once every two packets for example.
>
> One indirect way I have thought about is setting the following rule to node B:
>
> iptables -A INPUT -i ath0 -m limit --limit _SPECIFIED-LIMIT_ -s _NODE'S A IP_ -j DROP
>
> However,  I am not sure if this prevents the 802.11 ACKs from being transmitted.  This has to do with the place where the above rule is being enforced.
>
> Do you have any comments or suggestions on how I can achieve what I am trying to?
>
> Thanks,
> Kostas
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>

Re: Blocking outgoing 802.11 ACKs

[Sven-Haegar Koch]

On Wed, 28 Jan 2009, Kostas Pelechrinis wrote:

> I have two nodes communicating via their wireless interfaces.  Let us 
> assume that node A sends packets to node B.  Once node B is receiving 
> the packets, he transmits the 802.11 ACK frame.  What I want to do is 
> to prevent node B from sending this ACK frames once every two packets 
> for example. 

iptables does not see 802.11 ACK frames, and depending on the used 
driver they are even invisible to the layers below IP, as they are 
generated/handled in hardware/firmware of the wireless interface.

I do not see a "normal" way to block them beside modifying the wireless 
driver or mac80211 layer (if used by your driver).

c'ya
sven

-- 
The lights are fading out, once more...

Re: Blocking outgoing 802.11 ACKs

[Kostas Pelechrinis]

Hi Ivan,

thanks a lot for the info about the nth module.  Well I know that the quality of the link is going to drop but this is what exactly I want :) I want to force a client "reduce" its rate by not sending ACKs to him.  My concern is that 802.11 ACKs are being handled at the firmware and I do not know if iptables can handle this.  

Anyone knows anything about this?

Thanks a lot,
Kostas


--- On Wed, 1/28/09, Ivan Petrushev <ivanatora@gmail.com> wrote:

> From: Ivan Petrushev <ivanatora@gmail.com>
> Subject: Re: Blocking outgoing 802.11 ACKs
> To: kpele_ntua@yahoo.com
> Cc: netfilter@vger.kernel.org
> Date: Wednesday, January 28, 2009, 6:29 AM
> iptables has "nth" match extension that matches
> every n-th packet. It
> is described in the man page.
> But why would you want to drop ACK packets? That would have
> negative
> impact on your link.
> 
> Ivan.
> 
> On Wed, Jan 28, 2009 at 12:41 PM, Kostas Pelechrinis
> <kpele_ntua@yahoo.com> wrote:
> > Hi all,
> >
> > I have two nodes communicating via their wireless
> interfaces.  Let us assume that node A sends packets to node
> B.  Once node B is receiving the packets, he transmits the
> 802.11 ACK frame.  What I want to do is to prevent node B
> from sending this ACK frames once every two packets for
> example.
> >
> > One indirect way I have thought about is setting the
> following rule to node B:
> >
> > iptables -A INPUT -i ath0 -m limit --limit
> _SPECIFIED-LIMIT_ -s _NODE'S A IP_ -j DROP
> >
> > However,  I am not sure if this prevents the 802.11
> ACKs from being transmitted.  This has to do with the place
> where the above rule is being enforced.
> >
> > Do you have any comments or suggestions on how I can
> achieve what I am trying to?
> >
> > Thanks,
> > Kostas
> >
> >
> >
> > --
> > To unsubscribe from this list: send the line
> "unsubscribe netfilter" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at 
> http://vger.kernel.org/majordomo-info.html
> >


      

Re: Blocking outgoing 802.11 ACKs

[Kostas Pelechrinis]

Hi Sven,

thanks for the reply.  I just saw it.  Thanks for the info.  I was afraid that this would be the case :)

Thanks,
Kostas


--- On Wed, 1/28/09, Sven-Haegar Koch <haegar@sdinet.de> wrote:

> From: Sven-Haegar Koch <haegar@sdinet.de>
> Subject: Re: Blocking outgoing 802.11 ACKs
> To: "Kostas Pelechrinis" <kpele_ntua@yahoo.com>
> Cc: netfilter@vger.kernel.org
> Date: Wednesday, January 28, 2009, 7:00 AM
> On Wed, 28 Jan 2009, Kostas Pelechrinis wrote:
> 
> > I have two nodes communicating via their wireless
> interfaces.  Let us 
> > assume that node A sends packets to node B.  Once node
> B is receiving 
> > the packets, he transmits the 802.11 ACK frame.  What
> I want to do is 
> > to prevent node B from sending this ACK frames once
> every two packets 
> > for example. 
> 
> iptables does not see 802.11 ACK frames, and depending on
> the used 
> driver they are even invisible to the layers below IP, as
> they are 
> generated/handled in hardware/firmware of the wireless
> interface.
> 
> I do not see a "normal" way to block them beside
> modifying the wireless 
> driver or mac80211 layer (if used by your driver).
> 
> c'ya
> sven
> 
> -- 
> The lights are fading out, once more...


      

Re: Blocking outgoing 802.11 ACKs

[Ivan Petrushev]

Dropping ACKs is not the way traffic shaping should be done. TCP over
wireless has one weakness - any packet loss greatly decreases
performance of the network. If the station B does not recieve ACKs it
would resend the previous packet thus flooding your wireless link with
un-necessarry data packets.
If you want to limit the client's bandwidth you should be looking for
another QoS solution that would depend on your network equipment.

On Wed, Jan 28, 2009 at 2:06 PM, Kostas Pelechrinis
<kpele_ntua@yahoo.com> wrote:
> Hi Ivan,
>
> thanks a lot for the info about the nth module.  Well I know that the quality of the link is going to drop but this is what exactly I want :) I want to force a client "reduce" its rate by not sending ACKs to him.  My concern is that 802.11 ACKs are being handled at the firmware and I do not know if iptables can handle this.
>
> Anyone knows anything about this?
>
> Thanks a lot,
> Kostas
>
>
> --- On Wed, 1/28/09, Ivan Petrushev <ivanatora@gmail.com> wrote:
>
>> From: Ivan Petrushev <ivanatora@gmail.com>
>> Subject: Re: Blocking outgoing 802.11 ACKs
>> To: kpele_ntua@yahoo.com
>> Cc: netfilter@vger.kernel.org
>> Date: Wednesday, January 28, 2009, 6:29 AM
>> iptables has "nth" match extension that matches
>> every n-th packet. It
>> is described in the man page.
>> But why would you want to drop ACK packets? That would have
>> negative
>> impact on your link.
>>
>> Ivan.
>>
>> On Wed, Jan 28, 2009 at 12:41 PM, Kostas Pelechrinis
>> <kpele_ntua@yahoo.com> wrote:
>> > Hi all,
>> >
>> > I have two nodes communicating via their wireless
>> interfaces.  Let us assume that node A sends packets to node
>> B.  Once node B is receiving the packets, he transmits the
>> 802.11 ACK frame.  What I want to do is to prevent node B
>> from sending this ACK frames once every two packets for
>> example.
>> >
>> > One indirect way I have thought about is setting the
>> following rule to node B:
>> >
>> > iptables -A INPUT -i ath0 -m limit --limit
>> _SPECIFIED-LIMIT_ -s _NODE'S A IP_ -j DROP
>> >
>> > However,  I am not sure if this prevents the 802.11
>> ACKs from being transmitted.  This has to do with the place
>> where the above rule is being enforced.
>> >
>> > Do you have any comments or suggestions on how I can
>> achieve what I am trying to?
>> >
>> > Thanks,
>> > Kostas
>> >
>> >
>> >
>> > --
>> > To unsubscribe from this list: send the line
>> "unsubscribe netfilter" in
>> > the body of a message to majordomo@vger.kernel.org
>> > More majordomo info at
>> http://vger.kernel.org/majordomo-info.html
>> >
>
>
>
>

nth match extension (was: Blocking outgoing 802.11 ACKs)

[Pascal Hambourg]

Hello,

Ivan Petrushev a écrit :
> iptables has "nth" match extension that matches every n-th packet.

Be aware that "nth" was in the patch-o-matic and was never included in 
the standard kernel. It has been superseded by the "statistic" match 
added in kernel 2.6.18 and iptables 1.3.6.

Re: nth match extension (was: Blocking outgoing 802.11 ACKs)

[Ivan Petrushev]

Thanks for the clarification!

On Wed, Jan 28, 2009 at 2:23 PM, Pascal Hambourg
<pascal.mail@plouf.fr.eu.org> wrote:
> Hello,
>
> Ivan Petrushev a écrit :
>>
>> iptables has "nth" match extension that matches every n-th packet.
>
> Be aware that "nth" was in the patch-o-matic and was never included in the
> standard kernel. It has been superseded by the "statistic" match added in
> kernel 2.6.18 and iptables 1.3.6.
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>