How to mark related connections?

balkis · January 23, 2017, 6:34pm

Hey,

I am trying to set up QOS using queue tree, however I am struggling to mark a related connections. To be more specific, I want to mark all BitTorrent traffic, so in order to achieve this I have specified in BitTorrent client (uTorrent) to use port 60464. In Mangle, I am marking all connections and packets for this port:

/ip firewall mangle
add action=mark-connection chain=prerouting comment="TORRENT connections" connection-mark=no-mark \
    connection-state=new layer7-protocol=L7-torrent-sites new-connection-mark=torrent-mark \
    passthrough=yes
add action=mark-connection chain=prerouting comment="TORRENT connections" connection-mark=no-mark \
    connection-state=new layer7-protocol=L7-Torrent new-connection-mark=torrent-mark passthrough=yes
add action=mark-connection chain=prerouting comment="TORRENT connections" connection-mark=no-mark \
    connection-state=new new-connection-mark=torrent-mark passthrough=yes protocol=udp src-port=\
    60464
add action=mark-packet chain=prerouting comment="TORRENT packets" connection-mark=torrent-mark \
    new-packet-mark=torrent-mark passthrough=no

/ip firewall layer7-protocol
add name=L7-torrent-sites regexp="^.*(get|GET).+(torrent|thepiratebay|isohunt|entertane|demonoid|btju\
    nkie|mininova|flixflux|torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|entertane|zooz\
    le|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|flixflux|seedpeer|fenopy|gpirate|linkomanija|commo\
    nbits).*\$"
add name=L7-Torrent regexp="^(\\x13bittorrent protocol|azver\\x01\$|get /scrape\\\?info_hash=get /ann\
    ounce\\\?info_hash=|get /client/bitcomet/|GET /data\\\?fid=)|d1:ad2:id20:|\\x08'7P\\)[RP]"

However I have noticed that majority of traffic appears to happen on a different port, not on 60464. Although the traffic is being initiated under this port.

The question is - how can i mark the related traffic? In the rule i can select that this is for related connections, however how do I specify for which connection it is related?

balkis · January 31, 2017, 7:56pm

anyone?

Sob · January 31, 2017, 11:47pm

You can get related connections to stuff recognized by conntrack helpers (look at “/ip firewall service-port” to get an idea what that might be). They need to understand the protocol and be able to see inside packets to read the info. So you’ll be able to see e.g. FTP data connections as related, but only if control connection is not encrypted. You can’t do that for any random protocol.

balkis · February 1, 2017, 5:40pm

BitTorrent traffic is encyrpted, so this wont work
The problem is that torrents use all bandwidth and http/https traffic becomes unresponsive, although I have a queue tree for http/https traffic:

/queue tree
add name=parent parent=global priority=1 queue=default
add name=tv packet-mark=iptv-mark parent=parent priority=1 queue=default
add name=admin packet-mark=admin-mark parent=parent priority=1 queue=default
add name=vpn packet-mark=vpn-mark parent=parent priority=2 queue=default
add name=http packet-mark=http-mark parent=parent priority=2 queue=default
add name=plex packet-mark=plex-mark parent=parent priority=3 queue=default
add name=video packet-mark=video-mark parent=parent priority=3 queue=default
add name=other packet-mark=other-mark parent=parent priority=7 queue=default
add name=torrent packet-mark=torrent-mark parent=parent queue=default
add name=no-mark packet-mark=no-mark parent=parent queue=default

The strange thing is that BitTorrent traffic even does not appear under NO-MARK packets (last line above, with lowest priority)