Sustained connections ignore QoS rule for connection bytes

HawkeyeXB · Post by **HawkeyeXB** » Sun May 19, 2013 11:32 am

Router is DIR-825, rev B1

------------------------------------------------------------------
|            _____                             _                 |
|           |  __ \                           | |                |
|           | |  \/ __ _ _ __ __ _  ___  _   _| | ___            |
|           | | __ / _` | '__/ _` |/ _ \| | | | |/ _ \           |
|           | |_\ \ (_| | | | (_| | (_) | |_| | |  __/           |
|            \____/\__,_|_|  \__, |\___/ \__, |_|\___|           |
|                             __/ |       __/ |                  |
|                            |___/       |___/                   |
|                                                                |
|----------------------------------------------------------------|
| Gargoyle version 1.5.9    | OpenWrt Attitude Adjustment branch |
| Gargoyle revision f73df29 | OpenWrt revision r34879            |
| Built January 03, 2013    | Target  ar71xx/default             |
------------------------------------------------------------------

Code: Select all

root@OpenWRT - Gargoyle:~# cat /proc/cpuinfo | grep system
system type             : Atheros AR7161 rev 2

Code: Select all

root@OpenWRT - Gargoyle:~# df -h
Filesystem                Size      Used Available Use% Mounted on
rootfs                    2.8M    324.0K      2.4M  12% /
/dev/root                 2.5M      2.5M         0 100% /rom
tmpfs                    30.2M    268.0K     29.9M   1% /tmp
tmpfs                   512.0K         0    512.0K   0% /dev
/dev/mtdblock4            2.8M    324.0K      2.4M  12% /overlay
overlayfs:/overlay        2.8M    324.0K      2.4M  12% /

Upload QoS settings:

Code: Select all

[Classification Rules]
Match Criteria                                          Classification
Destination: 50.93.246.0/23, 
Destination Port: 443, Connection bytes: 1024 kBytes    Bulk
Destination: 50.93.255.0/24,
 Destination Port: 443, Connection bytes: 1024 kBytes   Bulk
Destination: 209.208.232.0/23,
 Destination Port: 443, Connection bytes: 1024 kBytes   Bulk
Destination: 209.208.241/24,
 Destination Port: 443, Connection bytes: 1024 kBytes   Bulk
Destination: 209.208.242/28,
 Destination Port: 443, Connection bytes: 1024 kBytes   Bulk
Destination: 209.208.250/24,
 Destination Port: 443, Connection bytes: 1024 kBytes   Bulk
Destination Port: 80, Connection bytes: 1024 kBytes     Normal
Destination Port: 443, Connection bytes: 1024 kBytes    Normal
Destination Port: 88, Connection bytes: 1024 kBytes     Normal
Destination Port: 3074, Connection bytes: 1024 kBytes   Normal
Destination Port: 80                                    Priority
Destination Port: 443                                   Priority
Destination Port: 53                                    Priority
Destination Port: 88                                    Priority
Destination Port: 3074                                  Priority
Destination Port: 4289                                  VoIP
Destination Port: 1863                                  VoIP

Code: Select all

Class Name  Percent BW  Min BW  Max BW      Load (kbps) 
VoIP        1%          80      nolimit      0.0        
Priority    70%         zero    nolimit      4      
Bulk        5%          zero    nolimit     4026        
Normal      24%         zero    nolimit      0.7

Total (Upload) Bandwidth: 4250 kbps

I am using a cloud backup service and utilizing QoS Upload rules to limit the impact it has on my browsing. I set rules for QoS upload for ranges of IP addresses (the cloud backup server IPs), on a specific port (443, HTTPS), and connection bytes reach 1024 kB. With this rule, I assigned the traffic to a low % class (Bulk).

: pre 4GB rollover.PNG (72.81 KiB) Viewed 8055 times

The rule works fine until a connection sends over 4GB of data. At that point, QoS appears to ignore either of my rules pertaining to port 443 and connection bytes 1024 kB. Instead, I end up with all the traffic for upload and download in the Priority class, which is the highest % allocation. This is what I was trying to avoid.

: Screenshot_2013-05-19-03-46-21.png (244.22 KiB) Viewed 8055 times

It looks like you can't set Connection bytes higher than 4GB (4194303 kB), which would correspond to the max value of an unsigned 32-bit integer. Either way, should I expect to see the QoS rule be able to handle a connection of this size? Or should I rewrite my rules to work around it?

Expected behavior: Connection remains Bulk class after reaching 4GB
Observed behavior: Connection changes to Priority class after reaching 4GB

Also, I'm unsure whether this happens with QoS download. This backup application seems peculiar in how long it holds a connection compared to my other applications using download.

I'm finding Gargoyle to be very powerful. Just trying to tune my setup. Thanks for all the hard work.

Post by **pbix** » Tue May 21, 2013 10:53 am

You could be correct that there is problem with large values for the connection byte limit. I would be curious to see the output of the following command when you are having this issue.

iptables -vnL -t mangle

I would be difficult for me to reproduce this issue myself.

HawkeyeXB · Post by **HawkeyeXB** » Tue May 21, 2013 10:53 pm

Thanks for taking a look.

It looks like the connbytes option for the relevant entry in the iptables chain qos_egress has a from:to that is limited from 1M to 4GB (1048576:4294967295 bytes). This also applies to the qos_ingress chain.

iptables -vnL -t mangle output before reaching 4 GB:

Code: Select all

Chain PREROUTING (policy ACCEPT 74M packets, 64G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 286K packets, 43M bytes)
 pkts bytes target     prot opt in     out     source               destination         
68934 9999K qos_ingress  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 73M packets, 64G bytes)
 pkts bytes target     prot opt in     out     source               destination         
  80M   70G zone_wan_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  28M   11G qos_ingress  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 384K packets, 226M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 74M packets, 64G bytes)
 pkts bytes target     prot opt in     out     source               destination         
  45M   53G qos_egress  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
  45M   53G bw_egress  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           

Chain bw_egress (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total1-upload-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist1-upload-minute-15 --type individual_src --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total2-upload-minute-359 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 359 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist2-upload-900-24 --type individual_src --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total3-upload-180-479 --type combined --current_bandwidth 0 --reset_interval 180 --reset_time 180 --intervals_to_save 479 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist3-upload-hour-24 --type individual_src --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total4-upload-7200-359 --type combined --current_bandwidth 0 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist4-upload-day-31 --type individual_src --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total5-upload-day-365 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 365 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist5-upload-month-12 --type individual_src --reset_interval month --intervals_to_save 12 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos1-up-uclass_1-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos2-up-uclass_1-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos3-up-uclass_1-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos4-up-uclass_1-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos5-up-uclass_1-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos1-up-uclass_2-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos2-up-uclass_2-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos3-up-uclass_2-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos4-up-uclass_2-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos5-up-uclass_2-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos1-up-uclass_3-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos2-up-uclass_3-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos3-up-uclass_3-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos4-up-uclass_3-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos5-up-uclass_3-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos1-up-uclass_4-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos2-up-uclass_4-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos3-up-uclass_4-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos4-up-uclass_4-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos5-up-uclass_4-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 

Chain qos_egress (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5833  490K MARK       icmp --  *      *       24.60.112.33         24.60.112.1         icmp type 8 MARK set 0x7f 
 5833  490K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 CONNMARK save mask 0x7f 
 5833  490K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 
  45M   53G MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1863 MARK set 0x2 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1863 MARK set 0x2 
   21  4788 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:4289 MARK set 0x2 
68455   16M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:4289 MARK set 0x2 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:3074 MARK set 0x3 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3074 MARK set 0x3 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:88 MARK set 0x3 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:88 MARK set 0x3 
48404 3110K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 MARK set 0x3 
  996 59733 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 MARK set 0x3 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:443 MARK set 0x3 
  39M   52G MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 MARK set 0x3 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 MARK set 0x3 
 961K  113M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 MARK set 0x3 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:3074 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3074 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:88 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:88 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
  19M   27G MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
 485K   23M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            209.208.250.0/24    udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            209.208.250.0/24    tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            209.208.242.0/28    udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            209.208.242.0/28    tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            209.208.241.0/24    udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            209.208.241.0/24    tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            209.208.232.0/23    udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
  10M   15G MARK       tcp  --  *      *       0.0.0.0/0            209.208.232.0/23    tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            50.93.255.0/24      udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            50.93.255.0/24      tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            50.93.246.0/23      udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
9019K   12G MARK       tcp  --  *      *       0.0.0.0/0            50.93.246.0/23      tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
  45M   53G CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0x7f 

Chain qos_ingress (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 5832  490K RETURN     icmp --  *      *       24.60.112.1          24.60.112.33        icmp type 0 
  28M   11G IMQ        all  --  *      *       0.0.0.0/0            0.0.0.0/0           IMQ: todev 0 
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 CONNMARK save mask 0x7f00 
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 
  28M   11G MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK set 0x400 
   21  4788 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:4289 MARK set 0x200 
 100K   27M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:4289 MARK set 0x200 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:1863 MARK set 0x200 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:1863 MARK set 0x200 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:5563 MARK set 0x500 
1181K 1763M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:5563 MARK set 0x500 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:563 MARK set 0x500 
3792K 5451M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:563 MARK set 0x500 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:3074 MARK set 0x300 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:3074 MARK set 0x300 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:88 MARK set 0x300 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:88 MARK set 0x300 
48337 6156K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 MARK set 0x300 
  712  136K MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:53 MARK set 0x300 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:443 MARK set 0x300 
  20M 1162M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:443 MARK set 0x300 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:80 MARK set 0x300 
1451K 1919M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:80 MARK set 0x300 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:3074 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:3074 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:88 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:88 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
9726K  526M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
 875K 1310M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
  28M   11G CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0x7f00 

Chain zone_wan_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination         
47745 2629K TCPMSS     tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

After 4 GB:

Code: Select all

Chain PREROUTING (policy ACCEPT 76M packets, 66G bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 299K packets, 45M bytes)
 pkts bytes target     prot opt in     out     source               destination         
71502   10M qos_ingress  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT 75M packets, 66G bytes)
 pkts bytes target     prot opt in     out     source               destination         
  82M   72G zone_wan_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  29M   11G qos_ingress  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 402K packets, 237M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 76M packets, 66G bytes)
 pkts bytes target     prot opt in     out     source               destination         
  47M   55G qos_egress  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           
  47M   55G bw_egress  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           

Chain bw_egress (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total1-upload-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist1-upload-minute-15 --type individual_src --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total2-upload-minute-359 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 359 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist2-upload-900-24 --type individual_src --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total3-upload-180-479 --type combined --current_bandwidth 0 --reset_interval 180 --reset_time 180 --intervals_to_save 479 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist3-upload-hour-24 --type individual_src --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total4-upload-7200-359 --type combined --current_bandwidth 0 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist4-upload-day-31 --type individual_src --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total5-upload-day-365 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 365 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist5-upload-month-12 --type individual_src --reset_interval month --intervals_to_save 12 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos1-up-uclass_1-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos2-up-uclass_1-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos3-up-uclass_1-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos4-up-uclass_1-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos5-up-uclass_1-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos1-up-uclass_2-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos2-up-uclass_2-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos3-up-uclass_2-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos4-up-uclass_2-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos5-up-uclass_2-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos1-up-uclass_3-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos2-up-uclass_3-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos3-up-uclass_3-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos4-up-uclass_3-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos5-up-uclass_3-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos1-up-uclass_4-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos2-up-uclass_4-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos3-up-uclass_4-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos4-up-uclass_4-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31 
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos5-up-uclass_4-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12 

Chain qos_egress (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 5833  490K MARK       icmp --  *      *       24.60.112.33         24.60.112.1         icmp type 8 MARK set 0x7f 
 5833  490K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 CONNMARK save mask 0x7f 
 5833  490K RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 
  47M   55G MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1863 MARK set 0x2 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1863 MARK set 0x2 
   21  4788 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:4289 MARK set 0x2 
68455   16M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:4289 MARK set 0x2 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:3074 MARK set 0x3 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3074 MARK set 0x3 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:88 MARK set 0x3 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:88 MARK set 0x3 
50809 3266K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 MARK set 0x3 
  996 59733 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 MARK set 0x3 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:443 MARK set 0x3 
  40M   54G MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 MARK set 0x3 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 MARK set 0x3 
 985K  118M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 MARK set 0x3 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:3074 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3074 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:88 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:88 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
  20M   28G MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
 487K   23M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x5 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            209.208.250.0/24    udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            209.208.250.0/24    tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            209.208.242.0/28    udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            209.208.242.0/28    tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            209.208.241.0/24    udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            209.208.241.0/24    tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            209.208.232.0/23    udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
  11M   16G MARK       tcp  --  *      *       0.0.0.0/0            209.208.232.0/23    tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            50.93.255.0/24      udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            50.93.255.0/24      tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            50.93.246.0/23      udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
9020K   12G MARK       tcp  --  *      *       0.0.0.0/0            50.93.246.0/23      tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4 
  47M   55G CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0x7f 

Chain qos_ingress (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 5832  490K RETURN     icmp --  *      *       24.60.112.1          24.60.112.33        icmp type 0 
  29M   11G IMQ        all  --  *      *       0.0.0.0/0            0.0.0.0/0           IMQ: todev 0 
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 CONNMARK save mask 0x7f00 
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 
  29M   11G MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK set 0x400 
   21  4788 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:4289 MARK set 0x200 
 100K   27M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:4289 MARK set 0x200 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:1863 MARK set 0x200 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:1863 MARK set 0x200 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:5563 MARK set 0x500 
1181K 1763M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:5563 MARK set 0x500 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:563 MARK set 0x500 
3792K 5451M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:563 MARK set 0x500 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:3074 MARK set 0x300 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:3074 MARK set 0x300 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:88 MARK set 0x300 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:88 MARK set 0x300 
50727 6488K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 MARK set 0x300 
  712  136K MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:53 MARK set 0x300 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:443 MARK set 0x300 
  20M 1222M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:443 MARK set 0x300 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:80 MARK set 0x300 
1478K 1948M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:80 MARK set 0x300 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:3074 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:3074 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:88 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:88 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
  10M  558M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
 879K 1315M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x400 
  29M   11G CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0x7f00 

Chain zone_wan_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination         
50012 2749K TCPMSS     tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

There was no difference, only the byte counts in the first columns.

If the "to" limit were removed from the chain rule-specification, would this solve the issue? Or is there some other reason that the full connbytes range is specified?

Post by **pbix** » Thu May 23, 2013 6:25 am

You can use the iptables command to manually delete the rule in question and add it back either with a limit higher than 4GB or without the too part of the rule.

To see the original syntax of how the rules where created you can run /etc/inint.d/qos_gargoyle restart.

To see how to delete a rule google man iptables.

Then report your results here.

HawkeyeXB · Post by **HawkeyeXB** » Thu May 23, 2013 11:44 pm

I used the iptables target REPLACE on one of the rules, after trying unsuccessfully to change them all at once:

Code: Select all

root@OpenWRT - Gargoyle:~# iptables -t mangle -R qos_egress 38 -d 50.93.246.0/23 -p tcp -m tcp --dport 443 -m connbytes --connbytes 1048576:
1099511627775 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x4/0xffffffff
root@OpenWRT - Gargoyle:~# iptables -t mangle -nL qos_egress --line-numbers | grep 38
38   MARK       tcp  --  0.0.0.0/0            50.93.246.0/23      tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x4

The iptables command records a max of 4GB for any entered value above 4GB (my entered value was 1TB) or a blank 'to' part of the rule.

Code: Select all

root@OpenWRT - Gargoyle:~# iptables -t mangle -R qos_egress 38 -d 50.93.246.0/23 -p tcp -m tcp --dport 443 -m connbytes --connbytes 1048576:
4294967294 --connbytes-mode bytes --connbytes-dir both -j MARK --set-xmark 0x4/0xffffffff
root@OpenWRT - Gargoyle:~# iptables -t mangle -nL qos_egress --line-numbers | grep 38
38   MARK       tcp  --  0.0.0.0/0            50.93.246.0/23      tcp dpt:443 connbytes 1048576:4294967294 connbytes mode bytes connbytes direction both MARK set 0x4

I can make any changes I want to the 'from:to' parameters as long as the values are less than 2^32 - 1.

Not sure what's causing this. I think iptables and netfilter have connbytes typically defined as a 64-bit integer.

Post by **pbix** » Wed Jun 05, 2013 8:24 am

While the underlying code is u64 there is a problem in the parse routine in iptables v1.4.10 which AA is using.

The code was rewritten in iptables v1.4.11. The OpenWRT trunk is using v1.4.18 so it should be fixed there.

In the meantime you could switch to using packets instead of bytes when manually entering the line or you could patch your source and roll your own Gargoyle. The problem is in the file libxt_connbytes.c and following parse routine. Changing strtoul() to strtoull() should suffice.

Code: Select all

static void
parse_range(const char *arg, struct xt_connbytes_info *si)
{
	char *colon,*p;

	si->count.from = strtoul(arg,&colon,10);
	if (*colon != ':') 
		xtables_error(PARAMETER_PROBLEM, "Bad range \"%s\"", arg);
	si->count.to = strtoul(colon+1,&p,10);
	if (p == colon+1) {
		/* second number omited */
		si->count.to = 0xffffffff;
	}
	if (si->count.from > si->count.to)
		xtables_error(PARAMETER_PROBLEM, "%llu should be less than %llu",
			   (unsigned long long)si->count.from,
			   (unsigned long long)si->count.to);
}

HawkeyeXB · Post by **HawkeyeXB** » Wed Jun 05, 2013 7:02 pm

Thanks for doing all that research. I will look into compiling my own release based on the changes you've suggested. In the meantime, before my next router upgrade, I'll just use packets or come up with another way to filter those connections that doesn't involve connection_bytes.

Thanks again!

rjbell4 · Post by **rjbell4** » Fri Mar 07, 2014 1:56 pm

What's the status on this issue? I had a connection that should have matched my "Slow" QoS setting, but it was matching "Fast". I was very happen to find this thread, because the connection had exceeded 9 GB (it's my cloud-based backup), and I think that's why this wouldn't work for me. As I understand it, once a connection exceeds 4 GB, it no longer matches a rule with a connection limit, which would explain my problem.

For now, I'm removing the connection limit. But I'd like to put it back in if there was an official fix for this.

I'm using Gargoyle 1.5.11. I see 1.6.0 is out now. I could try that, though I presume it's very close to 1.5.11 (which I presume is like the 1.6.0 Beta).

Post by **pbix** » Sat Mar 08, 2014 11:35 am

There status of this issue will not change until Barrier Breaker is released and a new Gargoyle based on it is made.

The fix remains to use packets in your rules (not bytes) or patch the code yourself. Both of these fixes require your to manually do stuff.

Gargoyle Forum

Sustained connections ignore QoS rule for connection bytes

Sustained connections ignore QoS rule for connection bytes

Re: Sustained connections ignore QoS rule for connection byt

Re: Sustained connections ignore QoS rule for connection byt

Re: Sustained connections ignore QoS rule for connection byt

Re: Sustained connections ignore QoS rule for connection byt

Re: Sustained connections ignore QoS rule for connection byt

Re: Sustained connections ignore QoS rule for connection byt

Re: Sustained connections ignore QoS rule for connection byt

Re: Sustained connections ignore QoS rule for connection byt