QoS app. detection ordering problems

Report issues relating to bandwith monitoring, bandwidth quotas or QoS in this forum.

Moderator: Moderators

Post Reply
danielkza
Posts: 18
Joined: Fri Apr 20, 2012 6:57 pm

QoS app. detection ordering problems

Post by danielkza »

I reported this in the bugtracker but it doesn't seem to be used a lot, so I'll repost it here (http://www.gargoyle-router.com/gargoyle/issues/68)

Basically l7protocol rules that are subset of others (e.g. httpvideo vs. http) won't ever work because the checks are done in alphabetical order. I wrote a patch to the iptables generation script so protocols marked as subsets of others are tested first. It is attached in the bug report.

---

After trying to use the 'httpvideo' protocol in QoS in conjunction with lower priority 'http' rules, I noticed no ordering of QoS rules ever allowed httpvideo to match anything: http always matched first. Looking at the iptables rules I then found out the l7-filter protocol matching rules are created in alphabetical order (actually whatever order ls returns, but I digress), which means http is always tested first, and wins by being a superset of httpvideo.

Fortunately protocol files have metadata that helps identify which ones are subset of others. Altering the qos_gargoyle init script to prioritize subset protocols in the rule chain makes httpvideo match properly even when http rules are present.

I included a patch to the latest master. I actually only tested it in 1.5.9 but nothing else seems to have been changed in the firewall utils script relating to l7 between those versions.
Last edited by danielkza on Fri Jan 24, 2014 1:23 am, edited 1 time in total.

danielkza
Posts: 18
Joined: Fri Apr 20, 2012 6:57 pm

Re: QoS app. detection ordering problems

Post by danielkza »

Now that I'm thinking a bit, it would be even better if the generated protocol order would follow how they are used in QoS rules.

pbix
Developer
Posts: 1372
Joined: Fri Aug 21, 2009 5:09 pm

Re: QoS app. detection ordering problems

Post by pbix »

Well I would agree that pattern matching should agree with rule order.

If you come up with a design let me know.
Linksys WRT1900ACv2
Netgear WNDR3700v2
TP Link 1043ND v3
TP-Link TL-WDR3600 v1
Buffalo WZR-HP-G300NH2
WRT54G-TM

Post Reply