L7-filter does not work in 2.0RC3

Home Page Forums Network Management Signal a BUG L7-filter does not work in 2.0RC3

This topic contains 2 replies, has 0 voices, and was last updated by  Maklaut 4 years, 9 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #43778

    Maklaut
    Member

    I have ZS 2.0RC3 installed on old asus notebook used as home router.
    It has two ethernet interfaces: WAN and LAN.
    I tried to setup QoS with l7-filter but unfortunatelly it does not work.

    Look at iptables mangle table – only original iptables rules (direct ip/port) works:


    Chain QoS (1 references)
    pkts bytes target prot opt in out source destination
    957K 693M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK and 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent MARK set 0xc
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey MARK set 0xc
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack MARK set 0xc
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella MARK set 0xc
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto directconnect MARK set 0xc
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto sip MARK set 0xb
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto rtp MARK set 0xb
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto rtsp MARK set 0xb
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto skypetoskype MARK set 0xb
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto skypeout MARK set 0xb
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto h323 MARK set 0xb
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    201 50280 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 MARK set 0xd
    201 50280 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 MARK set 0xd
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:23 MARK set 0xd
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 MARK set 0xd
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ftp MARK set 0xe
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    6 3536 MARK all -- * * 77.72.169.0/24 0.0.0.0/0 MARK set 0xb
    6 3536 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    5 3557 MARK all -- * * 0.0.0.0/0 77.72.169.0/24 MARK set 0xb
    5 3557 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    850 170K MARK all -- * * 77.72.168.0/24 0.0.0.0/0 MARK set 0xb
    850 170K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
    917 183K MARK all -- * * 0.0.0.0/0 77.72.168.0/24 MARK set 0xb
    917 183K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0

    As a minimum at this moment I have high utorrent (bittorrent) and little voip (sip/rtp) traffic. But only voip traffic was caught by usual src/dst ip address rule.
    LAYER7 rules does not work.

    #53005

    Saszka
    Member

    I have the same problem.

    When I worked at Zeroshell 1.16beta QoS+ L7 work perfect.
    Properly recognize all the packages (SIP, RTP, HTTP).

    After installing 2.0RC2 and 2.0RC3 (2.0RC1 caused Kernell error) QoS does not work properly with the L7.

    Zeroshell works as the main router.
    WAN<


    Zeroshell(NAT,DHCP,VLAN)


    >LAN

    #53006

    maccowley
    Member

    The Bug still exists on 3.0.0. See https://www.zeroshell.org/forum/viewtopic.php?t=4299.

    None of the L7 filters I tested work in bridge and router mode. The other filters work fine.

    I couldn’t try version 1.16 because it didn’t boot on my Zotac Nano.

    #53007

    Saszka
    Member

    QoS on 1.16beta works perfect.

    ZS1.16beta – Kernel 2.6.25.20

    ZS2.0RC2 – Kernel 3.4.19-ZS
    ZS3.0 Kernel 3.4.75-ZS

    Officialy last version l7-filter work with kernel 2.6.35

    http://l7-filter.clearfoundation.com/#october_8_2013

    Perhaps it is a problem?

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.