What is the deal with getting HTTP traffic identified?

derr12 · February 13, 2013, 2:51am

Ive built a mangle rule to pick up all HTTP traffic to or from port 80 on my transparent shaper (ROS6 beta9)

It works when i go to a speedtest site, but just browsing the web or viewing youtube it gets counted on my mangle to catch everything else.
I seem to recall the mangle rule (stolen from the transparent shaper example in the mikrotik wiki) working last time I tried building a transparent shaper.

Mangle rule is in the pre-routing chain, marking connection as “http” dest-port = 80.
Just for shits n giggles i tried a new option, “any-port” same thing.

Does the web at large just not use port 80 anymore?

derr12 · February 13, 2013, 8:43pm

I should note that it seems to be working fine when the mikrotik is a router, you just make the source and destination ports like so:

8 ;;; HTTP Uploads
chain=prerouting action=mark-packet new-packet-mark=p2_up
passthrough=no protocol=tcp dst-port=80

9 ;;; HTTP Downloads
chain=prerouting action=mark-packet new-packet-mark=p2_down
passthrough=no protocol=tcp src-port=80

But it doesnt work for crap when in bridge mode…

Why is it that i can’t pick up anything on port 80 while in bridge mode with

;;; HTTP Downloads
chain=prerouting action=mark-connection new-connection-mark=http
passthrough=yes protocol=tcp any-port=80

connections only get marked when im doing a speedtest. When im browsing I get the dns lookups marked and then the actual page data falls into my “everything else” mangle.

Im totally perplexed!

ohara · February 13, 2013, 9:04pm

Can you briefly explain what is the difference between passthrough=no and passthrough=yes? Thanks.

derr12 · February 13, 2013, 9:17pm

passthru=no means it will not bother to check any of the mangle rules below it once it has been identified.

For example

mangle rule 1 could be set to pick up http traffic.
mangle rule 2 is set to identify “everything else”

To prevent mangle rule 2 from taking the already marked packets from mangle rule 1 and re-marking them again, you would make passthru=no on mangle rule 1.

In my setup, im trying to mark all http connections and then a second set of mangles to establish direction.

so http traffic passthru = yes
http download passthru =no
http-upload passthru =no.

derr12 · February 13, 2013, 10:01pm

Ok I THINK i got it figured out

add action=mark-connection chain=forward comment=“Mark HTTP Download”
disabled=no in-interface=Bridge1 new-connection-mark=http_down
passthrough=no protocol=tcp src-port=80,443

add action=mark-connection chain=forward comment=“Mark HTTP up” disabled=
no dst-port=80,443 new-connection-mark=http_up out-interface=Bridge1
passthrough=no protocol=tcp

Showing hits on my counter when I surf now. Direction seems to be working too. Not sure why adding the interface mattered but hey, it works.

I got inspiration from this gentlemans page: http://www.cbrown.co/2011/09/16/marking-traffic-for-queueing/
credit goes to him.