p2p macgaiver`s post seems not working with all protocols

RouterOS General
1

Hello guys :slight_smile:

I am droping p2p traffic as macgaiver posted http://forum.mikrotik.com//viewtopic.php?p=55425#55425

/ ip firewall mangle add action=mark-connection chain=prerouting new-connection-mark=p2p_connection p2p=all-p2p passthrough=yes

/ ip firewall mangle add action=mark-packet chain=prerouting connection-mark=p2p_connection new-packet-mark=p2p_packet passthrough=yes

/ ip firewall filter add action=drop chain=forward packet-mark=p2p_packet

I installed Ares in my notebook to test and I found that the program keeps trying to connecting with no success and I see no upload ares p2p traffic. Then I made a search and I was able to download some files.

Here I am seing two weird things

  • The number of packets marked with the p2p connection mark is the same as the number of packets market with p2p packet mark.

  • Sometimes I see some “established” connections with the p2p connection mark

This is a fresh setup so I don not have complicated mangle/firewall rules, just the rules to block p2p and I am running NAT and doing web proxy in this box.

Can you tell me what is going on???

2

Hello,

As you can read on other topics, the marking rule isn’t marking encrypted traffic generated by new version of p2p software like utorrent, ares etc.

We faced the same problem during last week and we changed the queues system in our routers.

Regards
Marcin

3

Pointer to: http://forum.mikrotik.com/t/macgaviers-rule-not-working/10628/3

4
  • The number of packets marked with the p2p connection mark is the same as the number of packets market with p2p packet mark.

I wonder why all packets belonging to the p2p2 connection is not marked, no matter if the p2p traffic is encripted, the first packets must be unencripted so I should be able to mark the rest because the first ones are classified as p2p.

5

You will be able to find p2p signature only in the established packets

6

Any solution from mikrotik people about blocking new p2p protocols?

Please not advise to priorize traffic, I am doing already, but I would like to have a method to just droping p2p traffic.

7

I don’t think is possible - you need to decrypt that traffic to find the p2p signature - or any other signiture

But as we don’t know is this traffic encrypted or no, we will be trying to decrypt all traffic.

Now imagine what kind of Horsepower we need on the router to handle all this decription! :open_mouth:

8

It is not necessary to decript the entire conversation, it is to detect just the beginning of the p2p conversation and “mark” the rest of the connection. this part is not working in the code you submited because I see the same number of packtes when I try to mark the rest.

9

Thats the problem - it is impossible to differ p2p connection from the other connection only bu the beginning - they all looks the same!

Paste your configuration here plz

10

Ok, I tried three setups without no success

First:
Just putting in the beginning of /ip firewall filter
add chain=forward p2p=all-p2p action=drop

Second as you suggested

/ ip firewall mangle add action=mark-connection chain=prerouting new-connection-mark=p2p_connection p2p=all-p2p passthrough=yes

/ ip firewall mangle add action=mark-packet chain=prerouting connection-mark=p2p_connection new-packet-mark=p2p_packet passthrough=yes

/ ip firewall filter add action=drop chain=forward packet-mark=p2p_packet

Third:
As mikrotik suggest to mark p2p traffic in http://www.mikrotik.com/docs/ros/2.9/ip/mangle


Regarding to Ares It seems like one part of the protocol is not being classified as p2p because there is no upload ares p2p traffic BUT I am able to download through Ares network. So when someone is using ares I see dropped packets in the firewall but I see the low prio download queues full.

Repeat Any suggestion from Mikrotik guys?