Ticket #2501 (closed defect: fixed)
Qos and L-7filter does not filter at all
| Reported by: | anonymous | Owned by: | ejhernandez@… |
|---|---|---|---|
| Milestone: | 2.0.X | Component: | trafficshaping |
| Severity: | major | Keywords: | |
| Cc: |
Description
Dear Zentyal,
your last relase 2.0.6,
is build with great quality but, i've notice a problem wile i'm try to test the Layer 7 filter wich particulary intrest me for the QOS and traffic limitation,
i've done 7 different classification of traffic and particulary set to 7 the P2P with traffic limitation of 64
i've make run a client behind the e-box and lauch a massiv download with lot's of source.
first the limitation has been overtake without any problem and second i've not sean any mark in conntrack file. (evey protocol is marked as 0 )
finaly i've just try un tc qdisk and i got an output like that :
qdisc htb 1: dev eth0 root refcnt 9 r2q 5 default 21 direct_packets_stat 1877 qdisc sfq 15: dev eth0 parent 1:15 limit 127p quantum 1514b perturb 10sec qdisc sfq 1700: dev eth0 parent 1:1700 limit 127p quantum 1514b perturb 10sec qdisc sfq 1800: dev eth0 parent 1:1800 limit 127p quantum 1514b perturb 10sec qdisc sfq 1900: dev eth0 parent 1:1900 limit 127p quantum 1514b perturb 10sec qdisc sfq 1a00: dev eth0 parent 1:1a00 limit 127p quantum 1514b perturb 10sec qdisc sfq 1b00: dev eth0 parent 1:1b00 limit 127p quantum 1514b perturb 10sec qdisc sfq 1c00: dev eth0 parent 1:1c00 limit 127p quantum 1514b perturb 10sec qdisc sfq 1d00: dev eth0 parent 1:1d00 limit 127p quantum 1514b perturb 10sec qdisc sfq 1e00: dev eth0 parent 1:1e00 limit 127p quantum 1514b perturb 10sec qdisc sfq 1f00: dev eth0 parent 1:1f00 limit 127p quantum 1514b perturb 10sec qdisc sfq 2000: dev eth0 parent 1:2000 limit 127p quantum 1514b perturb 10sec qdisc sfq 2100: dev eth0 parent 1:2100 limit 127p quantum 1514b perturb 10sec qdisc htb 1: dev eth1 root refcnt 9 r2q 5 default 21 direct_packets_stat 5040 qdisc sfq ff00: dev eth1 parent 1:ff00 limit 127p quantum 1514b perturb 10sec qdisc sfq 15: dev eth1 parent 1:15 limit 127p quantum 1514b perturb 10sec qdisc sfq 2200: dev eth1 parent 1:2200 limit 127p quantum 1514b perturb 10sec qdisc sfq 2300: dev eth1 parent 1:2300 limit 127p quantum 1514b perturb 10sec qdisc sfq 2400: dev eth1 parent 1:2400 limit 127p quantum 1514b perturb 10sec qdisc sfq 2500: dev eth1 parent 1:2500 limit 127p quantum 1514b perturb 10sec qdisc sfq 2600: dev eth1 parent 1:2600 limit 127p quantum 1514b perturb 10sec qdisc sfq 2700: dev eth1 parent 1:2700 limit 127p quantum 1514b perturb 10sec qdisc sfq 2800: dev eth1 parent 1:2800 limit 127p quantum 1514b perturb 10sec qdisc sfq 2900: dev eth1 parent 1:2900 limit 127p quantum 1514b perturb 10sec qdisc sfq 2a00: dev eth1 parent 1:2a00 limit 127p quantum 1514b perturb 10sec qdisc pfifo_fast 0: dev tun0 root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
so this part sound to work
but protocol view int the iptables -L -t mangles
just this :
Chain EBOX-SHAPER-eth0 (1 references)
pkts bytes target prot opt in out source destination
7 1062 MARK all -- any any anywhere anywhere mark match 0x200/0xff00 MARK and 0x0
617 132K MARK all -- any any anywhere anywhere mark match 0x100/0xff00 MARK and 0x0
0 0 MARK all -- any any anywhere anywhere mark match 0x1700/0xff00 MARK xset 0x1700/0xffffffff 0 0 MARK all -- any any anywhere anywhere mark match 0x1800/0xff00 MARK xset 0x1800/0xffffffff 0 0 MARK all -- any any anywhere anywhere mark match 0x1900/0xff00 MARK xset 0x1900/0xffffffff 0 0 MARK all -- any any anywhere anywhere mark match 0x1a00/0xff00 MARK xset 0x1a00/0xffffffff 0 0 MARK all -- any any anywhere anywhere mark match 0x1b00/0xff00 MARK xset 0x1b00/0xffffffff 0 0 MARK all -- any any anywhere anywhere mark match 0x1c00/0xff00 MARK xset 0x1c00/0xffffffff
159 34554 MARK tcp -- any any anywhere anywhere mark match 0x0/0xff00 tcp dpt:www MARK xset 0x1d00/0xffffffff
0 0 MARK all -- any any anywhere anywhere mark match 0x1e00/0xff00 MARK xset 0x1e00/0xffffffff
2137 477K MARK tcp -- any any anywhere anywhere mark match 0x0/0xff00 MARK xset 0x1f00/0xffffffff 1201 202K MARK udp -- any any anywhere anywhere mark match 0x0/0xff00 MARK xset 0x2000/0xffffffff
438 46746 MARK all -- any any anywhere anywhere mark match 0x2100/0xff00 MARK xset 0x2100/0xffffffff
how can i troubleshoot and make it work ?
Best regards,
Attachments
Change History
comment:1 in reply to: ↑ description Changed 3 years ago by noteris@…
comment:2 Changed 3 years ago by noteris@…
just to mention i've try out th is :
l7-filter -f /var/lib/ebox/conf/trafficshaping/l7filter-eth0.conf
and i've this error going out
error during nfq_create_queue()
it sound to be due to this function :
l7printf(3, "binding this socket to queue '0'\n");
96 qh = nfq_create_queue(h, queuenum, &l7_queue_cb, this); 97 if(!qh) { 98 cerr << "error during nfq_create_queue()\n"; 99 exit(1);
100 }
wich i've found at this link :
so the qh varaiable does not looks like writely initialised or set did you ever experience this ? how can i fix this problem ?
comment:3 Changed 3 years ago by noteris@…
still in investigation about the Lè-filter problem i've som log in /var/log/message wich show some segmentation fault :
device eth0 left promiscuous mode device eth0 entered promiscuous mode [163492.831911] l7-filter[7549]: segfault at 5 ip b756c8aa sp b74f8b3c error 4 in libc-2.11.1.so[b7501000+153000] [205702.037213] l7-filter[25984]: segfault at 5 ip b75d18aa sp b755db3c error 4 in libc-2.11.1.so[b7566000+153000] [208733.282688] type=1503 audit(1289181602.873:28): operation="open" pid=30364 parent=30363 profile="/usr/bin/freshclam" requested_mask="r::" denied_mask="r::" fsuid=111 ouid=111 name="/proc/30364/status" [208733.282703] type=1503 audit(1289181602.873:29): operation="open" pid=30364 parent=30363 profile="/usr/bin/freshclam" requested_mask="::r" denied_mask="::r" fsuid=111 ouid=0 name="/proc/filesystems"
could it be something about the IDS wich is activated as well ?
Best regards,
comment:5 Changed 3 years ago by noteris@…
- Status changed from closed to reopened
- Resolution fixed deleted
actually i've only one interface and it's not working, did you've have made some change ? that i need to update ?
regrads,
comment:6 Changed 3 years ago by cperez@…
Yes, it is fixed in that commit, you can build your own package or wait until we release it (I hope during this week)
I will keep this ticket open until the release, so you will be notified when update is available
comment:7 Changed 3 years ago by cperez@…
Hi noteris,
We have just released ebox-network 2.0.6 and ebox-trafficshaping 2.0.3. If you want you can upgrade and try them out.
Feedback will be welcomed to close this ticket
comment:8 Changed 2 years ago by noteris@…
i've no error anymore in log but the rules does not match really good it does not reconise the torrent and the video-http like youtube. maybe the l-7filter userspace is not as good as the kernel version.
thanks for your patch anyway.
Best regards,
Benoit noteris
comment:9 Changed 2 years ago by noteris@…
for information :
tc -s qdisc qdisc htb 1: dev eth0 root refcnt 9 r2q 5 default 15 direct_packets_stat 4
Sent 10665008 bytes 83371 pkt (dropped 186, overlimits 1676 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 15: dev eth0 parent 1:15 limit 127p quantum 1514b perturb 10sec
Sent 2217592 bytes 16922 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1700: dev eth0 parent 1:1700 limit 127p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1800: dev eth0 parent 1:1800 limit 127p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1900: dev eth0 parent 1:1900 limit 127p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1a00: dev eth0 parent 1:1a00 limit 127p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1b00: dev eth0 parent 1:1b00 limit 127p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1c00: dev eth0 parent 1:1c00 limit 127p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1d00: dev eth0 parent 1:1d00 limit 127p quantum 1514b perturb 10sec
Sent 1523701 bytes 27459 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1e00: dev eth0 parent 1:1e00 limit 127p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 1f00: dev eth0 parent 1:1f00 limit 127p quantum 1514b perturb 10sec
Sent 6301553 bytes 36023 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 2000: dev eth0 parent 1:2000 limit 127p quantum 1514b perturb 10sec
Sent 621946 bytes 2944 pkt (dropped 186, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 2100: dev eth0 parent 1:2100 limit 127p quantum 1514b perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc mq 0: dev eth1 root
Sent 38322341 bytes 41448 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev tun0 root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 1232655263 bytes 1583535 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0
after torrent test youtube http and sip
so the only match is tcp and http.
even the voice is not reconized
and the tc filter is empty is this normal ?
regards
comment:10 Changed 2 years ago by anonymous
for information here is a platform wish i've layer seven running in kernel with IMQ
iptables -L -t mangle -v | more Chain PREROUTING (policy ACCEPT 6960M packets, 3563G bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 30M packets, 3420M bytes)
pkts bytes target prot opt in out source destination 328K 33M ingress_chain all -- eth0 any anywhere anywhere 328K 33M IMQ all -- eth0 any anywhere anywhere IMQ: todev 0
Chain FORWARD (policy ACCEPT 6930M packets, 3560G bytes)
pkts bytes target prot opt in out source destination 325M 315G ingress_chain all -- eth0 any anywhere anywhere 325M 315G IMQ all -- eth0 any anywhere anywhere IMQ: todev 0
Chain OUTPUT (policy ACCEPT 18M packets, 2830M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 4840M packets, 3183G bytes)
pkts bytes target prot opt in out source destination 209M 42G egress_chain all -- any eth0 anywhere anywhere
Chain egress_chain (1 references)
pkts bytes target prot opt in out source destination 209M 42G mark_chain all -- any any anywhere anywhere 127M 5722M MARK tcp -- any any anywhere anywhere length 0:128 tcp flags:SYN,RST,ACK/ACK MARK set 0x1
Chain ingress_chain (2 references)
pkts bytes target prot opt in out source destination 325M 315G mark_chain all -- any any anywhere anywhere
Chain mark_chain (2 references)
pkts bytes target prot opt in out source destination 534M 357G CONNMARK all -- any any anywhere anywhere MARK match 0x0 CONNMARK restore
1437K 94M MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:domain MARK set 0x1
873 50084 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:domain MARK set 0x1 311 14928 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:kerberos MARK set 0x1
38 2044 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3990 MARK set 0x1 11 528 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:sip MARK set 0x1 22 1340 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:sip-tls MARK set 0x1 19 5993 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:kerberos MARK set 0x2
112 29987 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:3074 MARK set 0x2
7064 433K MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:3478 MARK set 0x2
66 4901 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:3479 MARK set 0x2 17 1511 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:3658 MARK set 0x2 25 1657 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:5120 MARK set 0x2
8 726 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:5300 MARK set 0x2
37 3177 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:6073 MARK set 0x2
4 294 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:5062 MARK set 0x2
18 1481 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:iax MARK set 0x2
812K 94M MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpts:10000:20000 MARK set 0x2
21998 1318K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:telnet MARK set 0x2
476K 30M MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:smtp MARK set 0x2
1637K 82M MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:www MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:nntp MARK set 0x2
366 17656 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:pop3 MARK set 0x2
6 288 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:ntp MARK set 0x2 0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:375 MARK set 0x2 0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:ldap MARK set 0x2
102K 5227K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:https MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:425 MARK set 0x2 0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:isakmp MARK set 0x2
55 2816 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:rtsp MARK set 0x2 17 1691 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1030 MARK set 0x2 17 878 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1140 MARK set 0x2 68 3056 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1200 MARK set 0x2
6 481 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1215 MARK set 0x2
428 20687 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1234 MARK set 0x2
21 886 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:lotusnote MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1200 MARK set 0x2
15 646 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1503 MARK set 0x2 13 538 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1547 MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1503 MARK set 0x2 8 516 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1718 MARK set 0x2
18 744 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1719 MARK set 0x2 41 3443 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1720 MARK set 0x2
137 8066 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1723 MARK set 0x2
7 722 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1731 MARK set 0x2
597 28890 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:1755 MARK set 0x2
7 344 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:radius MARK set 0x2
14 883 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:radius-acct MARK set 0x2
1745 87618 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:msnp MARK set 0x2
313 15017 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:sieve MARK set 0x2
22 3380 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2090 MARK set 0x2 15 636 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2095 MARK set 0x2 28 1132 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2213 MARK set 0x2 25 2432 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2234 MARK set 0x2
4 160 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2302 MARK set 0x2 8 320 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2346 MARK set 0x2
3823 153K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2967 MARK set 0x2
20 1750 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2233 MARK set 0x2
1655 124K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpts:2302:2400 MARK set 0x2
13 812 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:2450 MARK set 0x2
124 6665 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3000 MARK set 0x2
37 1736 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3074 MARK set 0x2 35 1711 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3100 MARK set 0x2 21 840 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3450 MARK set 0x2 56 3316 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3453 MARK set 0x2 27 1290 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3568 MARK set 0x2
2778 154K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:mysql MARK set 0x2
332 16484 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3724 MARK set 0x2
21 948 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3996 MARK set 0x2 80 5139 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:3999 MARK set 0x2
158 7809 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:4000 MARK set 0x2 201 9709 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:4500 MARK set 0x2
71 3400 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5001 MARK set 0x2 16 968 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5010 MARK set 0x2
5 240 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5062 MARK set 0x2 9 432 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5070 MARK set 0x2 5 232 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:x11-3 MARK set 0x2
97 6230 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5223 MARK set 0x2
1 48 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5310 MARK set 0x2
39 1872 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5500 MARK set 0x2
7 336 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5631 MARK set 0x2
10 476 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5800 MARK set 0x2
1382 69722 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:5900 MARK set 0x2
1 48 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6073 MARK set 0x2
373 19612 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6112 MARK set 0x2
33 1580 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6119 MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6073 MARK set 0x2
42 2016 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6257 MARK set 0x2
3532 189K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:gnutella-svc MARK set 0x2
10 480 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6500 MARK set 0x2 84 4032 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6699 MARK set 0x2
110 7412 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6666 MARK set 0x2
31 2116 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:ircd MARK set 0x2 21 1780 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6891 MARK set 0x2
150 7244 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6900 MARK set 0x2
9 424 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:6901 MARK set 0x2
10089 598K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpts:afs3-fileserver:7999 MARK set 0x2
6184 314K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:webcache MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:8086 MARK set 0x2
8600 413K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:8087 MARK set 0x2
13 1392 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:8602 MARK set 0x2 96 4744 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:8800 MARK set 0x2 71 3408 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:8900 MARK set 0x2
4510 287K MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9000 MARK set 0x2
2 80 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9014 MARK set 0x2 8 1144 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9081 MARK set 0x2
18 880 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9090 MARK set 0x2 36 1732 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9091 MARK set 0x2
9 1204 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9293 MARK set 0x2
14 672 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9100 MARK set 0x2 12 576 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9442 MARK set 0x2
4 172 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9793 MARK set 0x2 9 408 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:9999 MARK set 0x2
52 2496 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:10580 MARK set 0x2
7 336 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:10308 MARK set 0x2 2 100 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:13139 MARK set 0x2
35 1680 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:20100 MARK set 0x2 49 2356 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:21000 MARK set 0x2 42 1984 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:26214 MARK set 0x2
9 416 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:26220 MARK set 0x2 3 152 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:26900 MARK set 0x2
37 1788 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27000 MARK set 0x2
3 120 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27005 MARK set 0x2 6 288 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27010 MARK set 0x2 0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27011 MARK set 0x2 2 96 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27015 MARK set 0x2 4 192 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27016 MARK set 0x2
26 1256 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27030 MARK set 0x2
1 48 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27039 MARK set 0x2 1 40 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27650 MARK set 0x2
23 1096 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27660 MARK set 0x2 48 2296 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27666 MARK set 0x2
6 256 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27692 MARK set 0x2
27 1296 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27900 MARK set 0x2
9 496 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:28800 MARK set 0x2 0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:28910 MARK set 0x2 2 96 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27960 MARK set 0x2 4 192 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:27999 MARK set 0x2
42 2028 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:28900 MARK set 0x2
0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:28902 MARK set 0x2 0 0 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:29900 MARK set 0x2
100 5049 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:47624 MARK set 0x2
6899K 663M MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpts:1024:65535 MARK set 0x4 2780K 175M MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpts:1024:65535 MARK set 0x4
679 38340 MARK tcp -- any any anywhere anywhere MARK match 0x0 tcp dpt:ftp MARK set 0x4
0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto ssh MARK set 0x1 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto dns MARK set 0x1 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto rdp MARK set 0x1 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto teamspeak MARK set 0x1 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto ventrilo MARK set 0x1 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto sip MARK set 0x1
52545 3202K MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto skypeout MARK set 0x1 90300 6443K MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto skypetoskype MARK set 0x1
2 168 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto h323 MARK set 0x1 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto dhcp MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto httpvideo MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto quicktime MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto httpaudio MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto http-itunes MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto pressplay MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto yahoo MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto aim MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto imap MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto skypeout MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto quake-halflife MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto xboxlive MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto jabber MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto live365 MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto ciscovpn MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto shoutcast MARK set 0x2 7 1279 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto rtp MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto tftp MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto doom3 MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto battlefield1942 MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto imap MARK set 0x2
613 51454 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto qq MARK set 0x2
0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto msn-filetransfer MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto validcertssl MARK set 0x2
10449 873K MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto ntp MARK set 0x2
0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto vnc MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto bgp MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto biff MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto msnmessenger MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto irc MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto gopher MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto telnet MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto snmp MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto nntp MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto aimwebcontent MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto counterstrike-source MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto halflife2-deathmatch MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto battlefield2 MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto dayofdefeat-source MARK set 0x2 1 78 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto worldofwarcraft MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto http-rtsp MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto pcanywhere MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto mohaa MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto tor MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto armagetron MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto teamfortress2 MARK set 0x2 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto battlefield2142 MARK set 0x2
11 624 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto gnutella MARK set 0x4
1560 118K MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x4
2 246 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto goboogy MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto soribada MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto poco MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto mute MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto netbios MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto hotline MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto kugoo MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto ares MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto fasttrack MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto 100bao MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto tesla MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto openft MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto napster MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto soulseek MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto xunlei MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto thecircle MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto imesh MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto applejuice MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto gnucleuslan MARK set 0x4 0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto directconnect MARK set 0x4
1654K 109M MARK all -- any any anywhere anywhere MARK match 0x0 MARK set 0x3
534M 357G CONNMARK all -- any any anywhere anywhere CONNMARK save
4623K 237M MARK icmp -- any any anywhere anywhere MARK set 0x1
0 0 MARK ipv6-icmp-- any any anywhere anywhere MARK set 0x1
70M 6170M MARK udp -- any any anywhere anywhere length 0:256 MARK set 0x1
with the mangle table you can realy clearly see the match i cannot find the same kind of view with l-7filter userspace.
best regards,
Benoit noteris
comment:11 Changed 2 years ago by jacalvo@…
- Owner changed from ejhernandez@… to ejhernandez@…
- Status changed from reopened to new
comment:12 Changed 2 years ago by jacalvo@…
- Status changed from new to closed
- Resolution set to fixed
This should be fixed now. Please upgrade the l7-filter-userspace package with:
sudo apt-get update sudo apt-get install l7-filter-userspace
Reopen if you still encounter any problem after that.
Thanks.
just to had my email wish i've forgot.
Best regards
Replying to anonymous: