Re: Same here.

#45907

ajl37
Member

I had not been running the L7 filters for the P2P protocols, I have had some luck with other L7 filters, see below:

Chain FORWARD (policy ACCEPT 2160M packets, 1330G bytes)
pkts bytes target prot opt in out source destination
606K 332M CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
3869 778K ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
355 84740 MARK all — * * 0.0.0.0/0 0.0.0.0/0 ipp2p v0.8.2 –kazaa –gnu –edk –dc –bit MARK set 0xc
602K 331M CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
4 373 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto xunlei MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto thecircle MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto tesla MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto soulseek MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto soribada MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto poco MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto openft MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto napster MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto mute MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto kugoo MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto imesh MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto hotline MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto goboogy MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto freenet MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto audiogalaxy MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ares MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto applejuice MARK set 0xc
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto 100bao MARK set 0xc
18640 3540K MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto skypetoskype MARK set 0x12
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto quicktime MARK set 0x10
0 0 MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http-rtsp MARK set 0x10
34949 36M MARK all — * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto httpvideo MARK set 0x10
3699 575K MARK all — * * xxx.xxx.216.58 0.0.0.0/0 MARK set 0x1b
5286 6717K MARK all — * * 0.0.0.0/0 xxx.xxx.216.58 MARK set 0x1b
9060 5339K MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 MARK set 0x16
9358 7802K MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 MARK set 0x16
22058 2517K MARK tcp — * * 0.0.0.0/0 xxx.xxx.8.1 tcp dpt:8080 MARK set 0x14
37459 47M MARK tcp — * * xxx.xxx.8.1 0.0.0.0/0 tcp spt:8080 MARK set 0x14
117K 151M MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 MARK set 0x15
71103 8280K MARK tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 MARK set 0x15
3018 203K MARK udp — * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 MARK set 0x17
2918 687K MARK udp — * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 MARK set 0x17

I do have some traffic picked up with Xunlei, but not others. It may be just that the filters need updating.

I have had other strange issues with the Skype-to-phone L7 filter which seems to block (or slow up a lot) certain ICMP packets, pings from a machine work fine, but fping doesn’t and neither does “Peer Monitor”. L7 filters should be used cautiously.

Fulvio: Any chance of a feature to automatically update the L7 filetrs? I notice that the option exists but is not functioning, yet?

I think it can be done manually, although maybe not using the CD boot version?

Andrew