Community discussions

 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Packet flow, queue tree mangle bug or something else

Tue May 20, 2008 5:10 pm

Hi, can you please help me, my head will explode :), I cannot figure out a simple thing.

Here is the problem.
0   ;;; DOWN_ALL
     chain=prerouting in-interface=WAN action=mark-connection new-connection-mark=ALL_CONN_DOWN 
     passthrough=yes 

 1   chain=prerouting in-interface=WAN connection-mark=ALL_CONN_DOWN action=mark-packet 
     new-packet-mark=ALL_PACK_DOWN passthrough=yes 

 2   chain=prerouting in-interface=WAN connection-mark=ALL_CONN_DOWN action=mark-packet 
     new-packet-mark=REST_DOWN passthrough=no
A very very simple mangle, I know third rule is same as second, but between I have some packet and conn marks for HTTP, properly set with passthrough=no, every thing is counting properly.

For start I added queue tree GLOBAL-IN
0   name="DOWNLOAD" parent=global-in packet-mark=ALL_PACK_DOWN limit-at=0 queue=default 
     priority=8 max-limit=1400000 burst-limit=0 burst-threshold=0 burst-time=0s 
This queue dont count ANY packet when last MANGLE is enabled (mangle 2 in this post ), when I disable MANGLE 2 everything is OK.

Why is that happening, the same situation is with complete mangle rules. All mangle rules properly count marked conns and packets.

The idea of the last mangle is to pickup all traffic that is not mangled before so I need that rule.

Very simple to someone but my head cant take it anymore :) .
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Packet flow, queue tree mangle bug or something else

Tue May 20, 2008 5:32 pm

If you enable last rule then packet mark set in previous rule is overwritten from ALL_PACK_DOWN to REST_DOWN
But queue has packet-mark=ALL_PACK_DOWN
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: Packet flow, queue tree mangle bug or something else

Tue May 20, 2008 5:50 pm

hm, so how can I then set all download packet mark to parent global-in?

If I disable last rule then I dont have rest of the connections marked
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: Packet flow, queue tree mangle bug or something else

Wed May 21, 2008 3:24 pm

DO you have all_CONN_UP connection mark? If yes, thats the problem!


Connections can't be upload or download, usually they are bothdirectional (from conntrack point of view) so you must do

mark all connections
-- if interface local - mark all upload packets
-- if interface public - mark all download packets
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: Packet flow, queue tree mangle bug or something else

Thu May 22, 2008 12:57 am

I disabled ALL UP conn marks, whe I tried this. But Ill try your suggestion.

Connections are in both directions, but how can I mark upload and how to mark download ?
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1721
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: Packet flow, queue tree mangle bug or something else

Thu May 22, 2008 9:09 am

mark all connections
-- if interface local - mark all upload packets
-- if interface public - mark all download packets
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: Packet flow, queue tree mangle bug or something else

Thu May 22, 2008 1:03 pm

:) thx, Im exhausted so couldnt see it :) .
 
User avatar
tgrand
Long time Member
Long time Member
Posts: 671
Joined: Mon Aug 21, 2006 2:57 am
Location: Winnipeg, Manitoba, Canada

Re: Packet flow, queue tree mangle bug or something else

Thu May 22, 2008 3:52 pm

Also Note that your rules did not work because

Your rule :
1 chain=prerouting in-interface=WAN connection-mark=ALL_CONN_DOWN action=mark-packet
new-packet-mark=ALL_PACK_DOWN passthrough=yes

Should have been set to passthrough=no

As a result of passing through it matched rule 2 and got remarked.
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: Packet flow, queue tree mangle bug or something else

Thu May 22, 2008 11:04 pm

I have to pass conn mark so packet mark can work. On packet mark I set pass through=no so that marked traffic is not marked twice or more . . .
 
titius
Member
Member
Topic Author
Posts: 338
Joined: Mon Oct 17, 2005 11:43 am
Location: Titel Serbia

Re: Packet flow, queue tree mangle bug or something else

Sun May 25, 2008 4:12 am

Is there any difference in mangling traffic on MT that is doing NAT and on MT without NAT.

Is there ONE universal way of marking UPLOAD and DOWNLOAD ?
 
User avatar
lastguru
Trainer
Trainer
Posts: 435
Joined: Fri May 28, 2004 9:04 pm
Location: Certified Trainer/Consultant in Riga, Latvia
Contact:

Re: Packet flow, queue tree mangle bug or something else

Sun May 25, 2008 4:07 pm

there is no difference, you just have to mind changing addresses, that's all
International MikroTik Certified Trainer and Consultant form Latvia.
I do RouterOS Training and Certification worldwide!

skype: lastguru

Who is online

Users browsing this forum: No registered users and 91 guests