I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0 (http://www.shorewall.net/traffic_shaping.htm), each match in tcrules is basically a one liner which quite logically matches a protocol/port combo and marks it. So why is the IPP2P example six lines long??? It would seem to me that based on the tcrules documentation, all that''s needed is 1:P - - ipp2p to match P2P traffic and mark it... Second, can someone post documentation for how to implement connection marking in tcrules? As I understand it, IPP2P only detects command packets, and would need to mark the connection to be effective. I read the tcrules file: # If your kernel and iptables include CONNMARK support then you can also mark the connection rather than the packet. The mark value may be optionally followed by "/" and a mask value (used to determine those bits of the connection mark to actually be set). The mark and optional mask are then followed by one of:... I must have read this 10 or 15 times now, and maybe I''m just stupid, but I can''t make heads or tales of what to do without an example. I checked tcrules doc online, and I can''t find an example that implements connection marking anywhere. If someone has IPP2P classification working, I''d appreciate an example config, but if it''s the same as the one online I''d really appreciate an answer to my question above to go with it. Thanks, Matt ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
On Friday 13 January 2006 12:38, Matt LaPlante wrote:> I have two (interconnected) questions: > > First of all, I''m trying to use IPP2P to classify my P2P traffic and give > it a lower network priority. I''ve already successfully built IPP2P into > iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but > it''s confusing me. Using the documentation for normal tcrules in 3.0 > (http://www.shorewall.net/traffic_shaping.htm), each match in tcrules is > basically a one liner which quite logically matches a protocol/port combo > and marks it. So why is the IPP2P example six lines long??? It would seem > to me that based on the tcrules documentation, all that''s needed is 1:P > - - ipp2p > to match P2P traffic and mark it... > > Second, can someone post documentation for how to implement connection > marking in tcrules?Matt, THE SIX RULES DO EXACTLY THAT!!!!!!!!!!!!!!!!!!!!!!!!!!! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Friday 13 January 2006 18:22, Tom Eastep wrote:> THE SIX RULES DO EXACTLY THAT!!!!!!!!!!!!!!!!!!!!!!!!!!!Sorry for shouting but I''ve had a really bad day... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Sorry to hear about the bad day. You can ignore my questions if you wish, but I hope someone with spare time can give me further answers. I had already deduced that the six rules do what I asked, but my purpose in posting was to better understand why and how...I don''t just want it to work, I want to know why it works. Again, these are my real questions: Why does this method not use the connection tracking method suggested in the tcrules file (forward slash, mask, C_, etc, on one line)? How DO you use the method suggested in the tcrules file (still haven''t found an example)? Why is the method it DOES use (six rules) not seem to be documented on the site or the help file in terms of QoS? (except for the IPP2P page, obviously) Do I need to be using this method to mark other data as well? - Matt> -----Original Message----- > From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users- > admin@lists.sourceforge.net] On Behalf Of Tom Eastep > Sent: Friday, January 13, 2006 9:28 PM > To: shorewall-users@lists.sourceforge.net > Cc: Matt LaPlante > Subject: Re: [Shorewall-users] IPP2P & Marking Connections > > On Friday 13 January 2006 18:22, Tom Eastep wrote: > > > THE SIX RULES DO EXACTLY THAT!!!!!!!!!!!!!!!!!!!!!!!!!!! > > Sorry for shouting but I''ve had a really bad day... > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click