Community discussions

MUM Europe 2020
 
ToMikaa87
newbie
Topic Author
Posts: 32
Joined: Mon Apr 25, 2011 8:36 pm

Downlink and uplink traffic shaping

Wed May 02, 2012 2:10 pm

Dear Community,

I have a RB450G installed to my home network in the following setup:
  • ether1: WAN, 20M/20M link
    ether2: computer1
    ether3: computer2
    ether4: WiFi router
    ether5: home server
    ether2-ether5 ports are bridged
On my 'home server' i have a torrent client.
The problem is that i want to setup some kind of QOS to priorize HTTP, VoIP etc. traffic over P2P in both directions (uplink and downlink).
I have tried using a simple queue tree to priorize differently marked packets without any success. I can see the different packets using different queues but the router doesn't give more bandwith to queues with higher priorities. The expected outcome was the router allocate more bandwidth to queues with higher priorities and slow down traffic with lower.

How can i make a queue configuration that does this job for me?

My queue setup:
add max-limit=22M name=in parent=lan-bridge
add name=pri1_i packet-mark=Data-HTTP,Data-HTTPS,Data-SSH,Data-WinBox parent=in priority=1
add name=pri8_i packet-mark=no-mark parent=in
add max-limit=21M name=out parent=ether1-wan
add name=pri1_o packet-mark=Data-HTTP,Data-HTTPS,Data-SSH,Data-WinBox parent=out priority=1
add name=pri8_o packet-mark=no-mark parent=out
add name=pri2_i packet-mark=Data-PPTP parent=in priority=2
add name=pri2_o packet-mark=Data-PPTP parent=out priority=2
/queue type
add kind=red name=qos red-limit=750 red-max-threshold=500
Firewall mangle setup:
/ip firewall mangle
add action=jump chain=forward jump-target=markpackets
add action=jump chain=prerouting jump-target=markpackets
add action=mark-packet chain=markpackets comment=Unclassified disabled=yes new-packet-mark=Unclassified
add action=mark-packet chain=markpackets comment=Data-HTTP dst-port=80,8080 new-packet-mark=Data-HTTP passthrough=no protocol=tcp
add action=mark-packet chain=markpackets comment=Data-HTTPS dst-port=443 new-packet-mark=Data-HTTPS passthrough=no protocol=tcp
add action=mark-packet chain=markpackets comment=Data-SSH dst-port=22,2222 new-packet-mark=Data-SSH passthrough=no protocol=tcp
add action=mark-packet chain=markpackets comment=Data-WinBox dst-port=8291 new-packet-mark=Data-WinBox passthrough=no protocol=tcp
add action=mark-packet chain=markpackets comment=Data-HTTP new-packet-mark=Data-HTTP passthrough=no protocol=tcp src-port=80
add action=mark-packet chain=markpackets comment=Data-PPTP connection-type=pptp new-packet-mark=Data-HTTP passthrough=no
add action=mark-packet chain=markpackets comment=Data-HTTPS new-packet-mark=Data-HTTPS passthrough=no protocol=tcp src-port=443
add action=mark-packet chain=markpackets comment=Data-SSH new-packet-mark=Data-SSH passthrough=no protocol=tcp src-port=22,2222
add action=mark-packet chain=markpackets comment=Data-WinBox new-packet-mark=Data-WinBox passthrough=no protocol=tcp src-port=8291
 
ToMikaa87
newbie
Topic Author
Posts: 32
Joined: Mon Apr 25, 2011 8:36 pm

Re: Downlink and uplink traffic shaping

Sun May 06, 2012 3:47 pm

Up!
 
0ldman
Forum Guru
Forum Guru
Posts: 1446
Joined: Thu Jul 27, 2006 5:01 am

Re: Downlink and uplink traffic shaping

Sun May 06, 2012 4:49 pm

Copy and paste this into terminal. you may have to alter your interface names in the queues, change the speeds to match your connection.
/interface bridge settings set use-ip-firewall=yes
/

:put "These strings are taken from the L7 filter project and are licensed under GPL See: http://www.gnu.org/copyleft/gpl.html"
/ip firewall layer7-protocol
:if ([:len [find name=edonkey]] > 0) do={ :put "already have edonkey" } else={ add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\19\1A\1B\1C\20\21\32\33\34\35\36\38\40\41\42\43\46\47\48\49\4A\4B\4C\4D\4E\4F\50\51\52\53\54\55\56\57\58[\60\81\82\90\91\93\96\97\98\99\9A\9B\9C\9E\A0\A1\A2\A3\A4]|\59................\?[ -~]|\96....\$)" }
:if ([:len [find name=goboogy]] > 0) do={ :put "already have goboogy" } else={ add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?" }
:if ([:len [find name=soribada]] > 0) do={ :put "already have soribada" } else={ add name=soribada regexp="^GETMP3\0D\0AFilename|^\01.\?.\?.\?(\51\3A\\+|\51\32\3A)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\$" }
:if ([:len [find name=rdp]] > 0) do={ :put "already have rdp" } else={ add name=rdp regexp="rdpdr.*cliprdr.*rdpsnd" }
:if ([:len [find name=gnutella]] > 0) do={ :put "already have gnutella" } else={ add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0-9]\0D\0A|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|...................\?lime)" }
:if ([:len [find name=cvs]] > 0) do={ :put "already have cvs" } else={ add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\0A" }
:if ([:len [find name=nbns]] > 0) do={ :put "already have nbns" } else={ add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01" }
:if ([:len [find name=shoutcast]] > 0) do={ :put "already have shoutcast" } else={ add name=shoutcast regexp="icy [1-5][0-9][0-9] [\09-\0D -~]*(content-type:audio|icy-)" }
:if ([:len [find name=dns]] > 0) do={ :put "already have dns" } else={ add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\01\03\04\FF]" }
:if ([:len [find name=quake-halflife]] > 0) do={ :put "already have quake-halflife" } else={ add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)" }
:if ([:len [find name=poco]] > 0) do={ :put "already have poco" } else={ add name=poco regexp="^\80\94\0A\01....\1F\9E" }
:if ([:len [find name=ciscovpn]] > 0) do={ :put "already have ciscovpn" } else={ add name=ciscovpn regexp="^\01\F4\01\F4" }
:if ([:len [find name=x11]] > 0) do={ :put "already have x11" } else={ add name=x11 regexp="^[lb].\?\0B" }
:if ([:len [find name=xboxlive]] > 0) do={ :put "already have xboxlive" } else={ add name=xboxlive regexp="^\58\80........\F3|^\06\58\4E" }
:if ([:len [find name=applejuice]] > 0) do={ :put "already have applejuice" } else={ add name=applejuice regexp="^ajprot\0D\0A" }
:if ([:len [find name=zmaap]] > 0) do={ :put "already have zmaap" } else={ add name=zmaap regexp="^\1B\D7\3B\48[\01\02]\01\?\01" }
:if ([:len [find name=live365]] > 0) do={ :put "already have live365" } else={ add name=live365 regexp="membername.*session.*player" }
:if ([:len [find name=rlogin]] > 0) do={ :put "already have rlogin" } else={ add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00" }
:if ([:len [find name=http]] > 0) do={ :put "already have http" } else={ add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*(connection:|content-type:|content-length:|date:)|post [\09-\0D -~]* http/[01]\\.[019]" }
:if ([:len [find name=sip]] > 0) do={ :put "already have sip" } else={ add name=sip regexp="^(invite|register|cancel) sip[\09-\0D -~]*sip/[0-2]\\.[0-9]" }
:if ([:len [find name=pop3]] > 0) do={ :put "already have pop3" } else={ add name=pop3 regexp="^(\\+ok |-err )" }
:if ([:len [find name=smb]] > 0) do={ :put "already have smb" } else={ add name=smb regexp="\FFsmb[\72\25]" }
:if ([:len [find name=quake1]] > 0) do={ :put "already have quake1" } else={ add name=quake1 regexp="^\80\0C\01quake\03" }
:if ([:len [find name=lpd]] > 0) do={ :put "already have lpd" } else={ add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\0A.[\01\02\03][\01-\0A -~]*|[\03\04][!-~]+[\09-\0D]+[a-z][\09-\0D -~]*|\05[!-~]+[\09-\0D]+([a-z][!-~]*[\09-\0D]+[1-9][0-9]\?[0-9]\?|root[\09-\0D]+[!-~]+).*)\0A\$" }
:if ([:len [find name=mute]] > 0) do={ :put "already have mute" } else={ add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\0AEnd(Public|AES)Key\0A\$" }
:if ([:len [find name=ssh]] > 0) do={ :put "already have ssh" } else={ add name=ssh regexp="^ssh-[12]\\.[0-9]" }
:if ([:len [find name=jabber]] > 0) do={ :put "already have jabber" } else={ add name=jabber regexp="<stream:stream[\09-\0D ][ -~]*[\09-\0D ]xmlns=['\"]jabber" }
:if ([:len [find name=bittorrent]] > 0) do={ :put "already have bittorrent" } else={ add name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get /scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]" }
:if ([:len [find name=ncp]] > 0) do={ :put "already have ncp" } else={ add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)" }
:if ([:len [find name=tls]] > 0) do={ :put "already have tls" } else={ add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)" }
:if ([:len [find name=directconnect]] > 0) do={ :put "already have directconnect" } else={ add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )" }
:if ([:len [find name=netbios]] > 0) do={ :put "already have netbios" } else={ add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]" }
:if ([:len [find name=tftp]] > 0) do={ :put "already have tftp" } else={ add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)" }
:if ([:len [find name=subspace]] > 0) do={ :put "already have subspace" } else={ add name=subspace regexp="^\01....\11\10........\01\$" }
:if ([:len [find name=hotline]] > 0) do={ :put "already have hotline" } else={ add name=hotline regexp="^....................TRTPHOTL\01\02" }
:if ([:len [find name=doom3]] > 0) do={ :put "already have doom3" } else={ add name=doom3 regexp="^\FF\FFchallenge" }
:if ([:len [find name=ftp]] > 0) do={ :put "already have ftp" } else={ add name=ftp regexp="^220[\09-\0D -~]*ftp" }
:if ([:len [find name=kugoo]] > 0) do={ :put "already have kugoo" } else={ add name=kugoo regexp="^\31..\8E" }
:if ([:len [find name=tsp]] > 0) do={ :put "already have tsp" } else={ add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+" }
:if ([:len [find name=battlefield1942]] > 0) do={ :put "already have battlefield1942" } else={ add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10\40\06" }
:if ([:len [find name=ssdp]] > 0) do={ :put "already have ssdp" } else={ add name=ssdp regexp="^notify[\09-\0D ]\\*[\09-\0D ]http/1\\.1[\09-\0D -~]*ssdp:(alive|byebye)|^m-search[\09-\0D ]\\*[\09-\0D ]http/1\\.1[\09-\0D -~]*ssdp:discover" }
:if ([:len [find name=imap]] > 0) do={ :put "already have imap" } else={ add name=imap regexp="^(\\* ok|a[0-9]+ noop)" }
:if ([:len [find name=ares]] > 0) do={ :put "already have ares" } else={ add name=ares regexp="^\03[]Z].\?.\?\05\$" }
:if ([:len [find name=fasttrack]] > 0) do={ :put "already have fasttrack" } else={ add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?" }
:if ([:len [find name=qq]] > 0) do={ :put "already have qq" } else={ add name=qq regexp="^.\?\02.+\03\$" }
:if ([:len [find name=100bao]] > 0) do={ :put "already have 100bao" } else={ add name=100bao regexp="^\01\01\05\0A" }
:if ([:len [find name=aim]] > 0) do={ :put "already have aim" } else={ add name=aim regexp="^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x" }
:if ([:len [find name=unknown]] > 0) do={ :put "already have unknown" } else={ add name=unknown regexp="." }
:if ([:len [find name=msn-filetransfer]] > 0) do={ :put "already have msn-filetransfer" } else={ add name=msn-filetransfer regexp="^(ver [ -~]*msnftp\0D\0Aver msnftp\0D\0Ausr|method msnmsgr:)" }
:if ([:len [find name=yahoo]] > 0) do={ :put "already have yahoo" } else={ add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80" }
:if ([:len [find name=validcertssl]] > 0) do={ :put "already have validcertssl" } else={ add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)" }
:if ([:len [find name=ntp]] > 0) do={ :put "already have ntp" } else={ add name=ntp regexp="^([\13\1B\23\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\?.\?.\?[\C6-\FF])" }
:if ([:len [find name=gnucleuslan]] > 0) do={ :put "already have gnucleuslan" } else={ add name=gnucleuslan regexp="gnuclear connect/[\09-\0D -~]*user-agent: gnucleus [\09-\0D -~]*lan:" }
:if ([:len [find name=vnc]] > 0) do={ :put "already have vnc" } else={ add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\0A\$" }
:if ([:len [find name=bgp]] > 0) do={ :put "already have bgp" } else={ add name=bgp regexp="^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]" }
:if ([:len [find name=tesla]] > 0) do={ :put "already have tesla" } else={ add name=tesla regexp="\03\9A\89\22\31\31\31\\.\30\30\20\42\65\74\61\20|\E2\3C\69\1E\1C\E9" }
:if ([:len [find name=openft]] > 0) do={ :put "already have openft" } else={ add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]" }
:if ([:len [find name=h323]] > 0) do={ :put "already have h323" } else={ add name=h323 regexp="^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05" }
:if ([:len [find name=finger]] > 0) do={ :put "already have finger" } else={ add name=finger regexp="^[a-z][a-z0-9\\-_]+|login: [\09-\0D -~]* name: [\09-\0D -~]* Directory:" }
:if ([:len [find name=ident]] > 0) do={ :put "already have ident" } else={ add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\09-\0D]*,[\09-\0D]*[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\0D\0A|[\0D\0A])\?\$" }
:if ([:len [find name=gkrellm]] > 0) do={ :put "already have gkrellm" } else={ add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\0A\$" }
:if ([:len [find name=hddtemp]] > 0) do={ :put "already have hddtemp" } else={ add name=hddtemp regexp="^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|" }
:if ([:len [find name=socks]] > 0) do={ :put "already have socks" } else={ add name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\01-\08]\?[\01\03]" }
:if ([:len [find name=biff]] > 0) do={ :put "already have biff" } else={ add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$" }
:if ([:len [find name=dhcp]] > 0) do={ :put "already have dhcp" } else={ add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc" }
:if ([:len [find name=smtp]] > 0) do={ :put "already have smtp" } else={ add name=smtp regexp="^220[\09-\0D -~]* (e\?smtp|simple mail)" }
:if ([:len [find name=ipp]] > 0) do={ :put "already have ipp" } else={ add name=ipp regexp="ipp://" }
:if ([:len [find name=msnmessenger]] > 0) do={ :put "already have msnmessenger" } else={ add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\09-\0D -~]*cvr0\0D\0A\$|usr 1 [!-~]+ [0-9. ]+\0D\0A\$|ans 1 [!-~]+ [0-9. ]+\0D\0A\$" }
:if ([:len [find name=irc]] > 0) do={ :put "already have irc" } else={ add name=irc regexp="^(nick[\09-\0D -~]*user[\09-\0D -~]*:|user[\09-\0D -~]*:[\02-\0D -~]*nick[\09-\0D -~]*\0D\0A)" }
:if ([:len [find name=gopher]] > 0) do={ :put "already have gopher" } else={ add name=gopher regexp="^[\09-\0D]*[1-9,+tgi][\09-\0D -~]*\09[\09-\0D -~]*\09[a-z0-9.]*\\.[a-z][a-z].\?.\?\09[1-9]" }
:if ([:len [find name=telnet]] > 0) do={ :put "already have telnet" } else={ add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]" }
:if ([:len [find name=snmp]] > 0) do={ :put "already have snmp" } else={ add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\02\01.\?\30|\A4\06.+\40\04.\?.\?.\?.\?\02\01.\?\02\01.\?\43)" }
:if ([:len [find name=nntp]] > 0) do={ :put "already have nntp" } else={ add name=nntp regexp="^(20[01][\09-\0D -~]*AUTHINFO USER|20[01][\09-\0D -~]*news)" }
:if ([:len [find name=aimwebcontent]] > 0) do={ :put "already have aimwebcontent" } else={ add name=aimwebcontent regexp="user-agent:aim/" }
:if ([:len [find name=rtsp]] > 0) do={ :put "already have rtsp" } else={ add name=rtsp regexp="rtsp/1.0 200 ok" }
:if ([:len [find name=skypeout]] > 0) do={ :put "already have skypeout" } else={ add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\09.\?.\?.\?.\?.\?.\?.\?.\?\09|\0A.\?.\?.\?.\?.\?.\?.\?.\?\0A|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\0D.\?.\?.\?.\?.\?.\?.\?.\?\0D|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F|\20.\?.\?.\?.\?.\?.\?.\?.\?\20|\21.\?.\?.\?.\?.\?.\?.\?.\?\21|\22.\?.\?.\?.\?.\?.\?.\?.\?\22|\23.\?.\?.\?.\?.\?.\?.\?.\?\23|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|\25.\?.\?.\?.\?.\?.\?.\?.\?\25|\26.\?.\?.\?.\?.\?.\?.\?.\?\26|\27.\?.\?.\?.\?.\?.\?.\?.\?\27|\\(.\?.\?.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|\2C.\?.\?.\?.\?.\?.\?.\?.\?\2C|\2D.\?.\?.\?.\?.\?.\?.\?.\?\2D|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|\2F.\?.\?.\?.\?.\?.\?.\?.\?\2F|\30.\?.\?.\?.\?.\?.\?.\?.\?\30|\31.\?.\?.\?.\?.\?.\?.\?.\?\31|\32.\?.\?.\?.\?.\?.\?.\?.\?\32|\33.\?.\?.\?.\?.\?.\?.\?.\?\33|\34.\?.\?.\?.\?.\?.\?.\?.\?\34|\35.\?.\?.\?.\?.\?.\?.\?.\?\35|\36.\?.\?.\?.\?.\?.\?.\?.\?\36|\37.\?.\?.\?.\?.\?.\?.\?.\?\37|\38.\?.\?.\?.\?.\?.\?.\?.\?\38|\39.\?.\?.\?.\?.\?.\?.\?.\?\39|\3A.\?.\?.\?.\?.\?.\?.\?.\?\3A|\3B.\?.\?.\?.\?.\?.\?.\?.\?\3B|\3C.\?.\?.\?.\?.\?.\?.\?.\?\3C|\3D.\?.\?.\?.\?.\?.\?.\?.\?\3D|\3E.\?.\?.\?.\?.\?.\?.\?.\?\3E|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\?|\40.\?.\?.\?.\?.\?.\?.\?.\?\40|\41.\?.\?.\?.\?.\?.\?.\?.\?\41|\42.\?.\?.\?.\?.\?.\?.\?.\?\42|\43.\?.\?.\?.\?.\?.\?.\?.\?\43|\44.\?.\?.\?.\?.\?.\?.\?.\?\44|\45.\?.\?.\?.\?.\?.\?.\?.\?\45|\46.\?.\?.\?.\?.\?.\?.\?.\?\46|\47.\?.\?.\?.\?.\?.\?.\?.\?\47|\48.\?.\?.\?.\?.\?.\?.\?.\?\48|\49.\?.\?.\?.\?.\?.\?.\?.\?\49|\4A.\?.\?.\?.\?.\?.\?.\?.\?\4A|\4B.\?.\?.\?.\?.\?.\?.\?.\?\4B|\4C.\?.\?.\?.\?.\?.\?.\?.\?\4C|\4D.\?.\?.\?.\?.\?.\?.\?.\?\4D|\4E.\?.\?.\?.\?.\?.\?.\?.\?\4E|\4F.\?.\?.\?.\?.\?.\?.\?.\?\4F|\50.\?.\?.\?.\?.\?.\?.\?.\?\50|\51.\?.\?.\?.\?.\?.\?.\?.\?\51|\52.\?.\?.\?.\?.\?.\?.\?.\?\52|\53.\?.\?.\?.\?.\?.\?.\?.\?\53|\54.\?.\?.\?.\?.\?.\?.\?.\?\54|\55.\?.\?.\?.\?.\?.\?.\?.\?\55|\56.\?.\?.\?.\?.\?.\?.\?.\?\56|\57.\?.\?.\?.\?.\?.\?.\?.\?\57|\58.\?.\?.\?.\?.\?.\?.\?.\?\58|\59.\?.\?.\?.\?.\?.\?.\?.\?\59|\5A.\?.\?.\?.\?.\?.\?.\?.\?\5A|\\[.\?.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|\5F.\?.\?.\?.\?.\?.\?.\?.\?\5F|\60.\?.\?.\?.\?.\?.\?.\?.\?\60|\61.\?.\?.\?.\?.\?.\?.\?.\?\61|\62.\?.\?.\?.\?.\?.\?.\?.\?\62|\63.\?.\?.\?.\?.\?.\?.\?.\?\63|\64.\?.\?.\?.\?.\?.\?.\?.\?\64|\65.\?.\?.\?.\?.\?.\?.\?.\?\65|\66.\?.\?.\?.\?.\?.\?.\?.\?\66|\67.\?.\?.\?.\?.\?.\?.\?.\?\67|\68.\?.\?.\?.\?.\?.\?.\?.\?\68|\69.\?.\?.\?.\?.\?.\?.\?.\?\69|\6A.\?.\?.\?.\?.\?.\?.\?.\?\6A|\6B.\?.\?.\?.\?.\?.\?.\?.\?\6B|\6C.\?.\?.\?.\?.\?.\?.\?.\?\6C|\6D.\?.\?.\?.\?.\?.\?.\?.\?\6D|\6E.\?.\?.\?.\?.\?.\?.\?.\?\6E|\6F.\?.\?.\?.\?.\?.\?.\?.\?\6F|\70.\?.\?.\?.\?.\?.\?.\?.\?\70|\71.\?.\?.\?.\?.\?.\?.\?.\?\71|\72.\?.\?.\?.\?.\?.\?.\?.\?\72|\73.\?.\?.\?.\?.\?.\?.\?.\?\73|\74.\?.\?.\?.\?.\?.\?.\?.\?\74|\75.\?.\?.\?.\?.\?.\?.\?.\?\75|\76.\?.\?.\?.\?.\?.\?.\?.\?\76|\77.\?.\?.\?.\?.\?.\?.\?.\?\77|\78.\?.\?.\?.\?.\?.\?.\?.\?\78|\79.\?.\?.\?.\?.\?.\?.\?.\?\79|\7A.\?.\?.\?.\?.\?.\?.\?.\?\7A|\\{.\?.\?.\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\?.\?\\}|\7E.\?.\?.\?.\?.\?.\?.\?.\?\7E|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)" }
:if ([:len [find name=skypetoskype]] > 0) do={ :put "already have skypetoskype" } else={ add name=skypetoskype regexp="^..\02............." }
:if ([:len [find name=counterstrike-source]] > 0) do={ :put "already have counterstrike-source" } else={ add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike" }
:if ([:len [find name=halflife2-deathmatch]] > 0) do={ :put "already have halflife2-deathmatch" } else={ add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch" }
:if ([:len [find name=freenet]] > 0) do={ :put "already have freenet" } else={ add name=freenet regexp="^\01[\08\09][\03\04]" }
:if ([:len [find name=battlefield2]] > 0) do={ :put "already have battlefield2" } else={ add name=battlefield2 regexp="^(\11\20\01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\01\06|\FF\FF\FF))|[]\01].\?battlefield2" }
:if ([:len [find name=napster]] > 0) do={ :put "already have napster" } else={ add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0-9]\? \"[\09-\0D -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\09-\0D -~]+\")" }
:if ([:len [find name=soulseek]] > 0) do={ :put "already have soulseek" } else={ add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$" }
:if ([:len [find name=xunlei]] > 0) do={ :put "already have xunlei" } else={ add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)" }
:if ([:len [find name=ssl]] > 0) do={ :put "already have ssl" } else={ add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)" }
:if ([:len [find name=citrix]] > 0) do={ :put "already have citrix" } else={ add name=citrix regexp="\32\26\85\92\58" }
:if ([:len [find name=whois]] > 0) do={ :put "already have whois" } else={ add name=whois regexp="^[ !-~]+\0D\0A\$" }
:if ([:len [find name=dayofdefeat-source]] > 0) do={ :put "already have dayofdefeat-source" } else={ add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat" }
:if ([:len [find name=teamspeak]] > 0) do={ :put "already have teamspeak" } else={ add name=teamspeak regexp="^\F4\BE\03.*teamspeak" }
:if ([:len [find name=worldofwarcraft]] > 0) do={ :put "already have worldofwarcraft" } else={ add name=worldofwarcraft regexp="^\06\EC\01" }
:if ([:len [find name=ventrilo]] > 0) do={ :put "already have ventrilo" } else={ add name=ventrilo regexp="^..\?v\\\$\CF" }
:if ([:len [find name=http-rtsp]] > 0) do={ :put "already have http-rtsp" } else={ add name=http-rtsp regexp="^(get[\09-\0D -~]* Accept: application/x-rtsp-tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*a=control:rtsp://)" }
:if ([:len [find name=thecircle]] > 0) do={ :put "already have thecircle" } else={ add name=thecircle regexp="^t\03ni.\?[\01-\06]\?t[\01-\05]s[\0A\0B](glob|who are you\$|query data)" }
:if ([:len [find name=uucp]] > 0) do={ :put "already have uucp" } else={ add name=uucp regexp="^\10here=" }
:if ([:len [find name=pcanywhere]] > 0) do={ :put "already have pcanywhere" } else={ add name=pcanywhere regexp="^(nq|st)\$" }
:if ([:len [find name=subversion]] > 0) do={ :put "already have subversion" } else={ add name=subversion regexp="^\\( success \\( 1 2 \\(" }
:if ([:len [find name=imesh]] > 0) do={ :put "already have imesh" } else={ add name=imesh regexp="^(post[\09-\0D -~]*<PasswordHash>................................</PasswordHash><ClientVer>|\34\80\?\0D\?\FC\FF\04|get[\09-\0D -~]*Host: imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\02)\83)" }
:if ([:len [find name=cimd]] > 0) do={ :put "already have cimd" } else={ add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$" }
:if ([:len [find name=mohaa]] > 0) do={ :put "already have mohaa" } else={ add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\0A" }
:if ([:len [find name=stun]] > 0) do={ :put "already have stun" } else={ add name=stun regexp="^[\01\02]................\?\$" }
:if ([:len [find name=tor]] > 0) do={ :put "already have tor" } else={ add name=tor regexp="TOR1.*<identity>" }
:if ([:len [find name=radmin]] > 0) do={ :put "already have radmin" } else={ add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$" }
:if ([:len [find name=unset]] > 0) do={ :put "already have unset" } else={ add name=unset regexp="." }
:if ([:len [find name=chikka]] > 0) do={ :put "already have chikka" } else={ add name=chikka regexp="^CTPv1.[123] Kamusta.*\0D\0A\$" }
:if ([:len [find name=replaytv-ivs]] > 0) do={ :put "already have replaytv-ivs" } else={ add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*\23\23\23\23\23REPLAY_CHUNK_START\23\23\23\23\23)" }
:if ([:len [find name=armagetron]] > 0) do={ :put "already have armagetron" } else={ add name=armagetron regexp="YCLC_E|CYEL" }


/ip firewall mangle

add chain=forward protocol=tcp action=mark-packet new-packet-mark=new_packet passthrough=yes comment="ICMP"

add chain=forward action=mark-packet new-packet-mark=new_packet passthrough=no layer7-protocol=ssh comment="ssh"

add chain=forward action=mark-packet new-packet-mark=new_packet passthrough=no layer7-protocol=sip comment="sip"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=gnutella comment="gnutella pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=bittorrent comment="bittorrent pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=ares comment="ares pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=edonkey comment="edonkey pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=applejuice  comment="applejuice pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no p2p=all-p2p comment="all p2p pack"


/ip firewall mangle add chain=forward protocol=tcp action=mark-connection new-connection-mark=new_conn passthrough=yes comment="mark all new connections" disabled=no
/ip firewall mangle add chain=forward protocol=tcp connection-mark=new_conn connection-bytes=0-2000000 action=mark-packet new-packet-mark=new_packet passthrough=no comment="mark packets" disabled=no
/ip firewall mangle add chain=forward protocol=tcp connection-mark=new_conn action=mark-packet new-packet-mark=old_packets passthrough=no comment="marking old packets" disabled=no

/ip firewall mangle add chain=forward protocol=udp action=mark-connection new-connection-mark=new_conn passthrough=yes comment="mark all new connections" disabled=no
/ip firewall mangle add chain=forward protocol=udp connection-mark=new_conn connection-bytes=0-2000000 action=mark-packet new-packet-mark=new_packet passthrough=no comment="mark packets" disabled=no
/ip firewall mangle add chain=forward protocol=udp connection-mark=new_conn action=mark-packet new-packet-mark=old_packets passthrough=no comment="marking old packets" disabled=no


/queue


/queue type add name="PCQ_Upload" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
/queue type add name="PCQ_Download" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 
/queue type add name="PCQ_Download_Rest" kind=pcq pcq-rate=2M pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 
/queue tree add name="Main_Upload" parent=wlan1 packet-mark="" limit-at=0 queue=PCQ_Upload priority=8 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="4 Up First 2Mbyte" parent=Main_Upload packet-mark=new_packet limit-at=256000 queue=PCQ_Upload priority=4 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="7 Up Rest Mbytes" parent=Main_Upload packet-mark=old_packets limit-at=256000 queue=PCQ_Upload priority=7 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="Main_Download" parent=ether1 packet-mark="" limit-at=0 queue=PCQ_Download priority=8 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="4 Down First 2Mbyte" parent=Main_Download packet-mark=new_packet limit-at=256000 queue=PCQ_Download priority=4 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="7 Down Rest Mbytes" parent=Main_Download packet-mark=old_packets limit-at=256000 queue=PCQ_Download_Rest priority=7 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="ICMP" parent=APBridge packet-mark=icmp_pack limit-at=0 queue=default priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="8 Down P2P" parent=Main_Download packet-mark=p2p_pack limit-at=64000 queue=PCQ_Download priority=8 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="8 Up P2P" parent=Main_Upload packet-mark=p2p_pack limit-at=64000 queue=PCQ_Upload priority=8 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="1 SIP Down" parent=Main_Download packet-mark=sip_pack limit-at=256000 queue=PCQ_Download priority=1 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="1 SIP Up" parent=Main_Upload packet-mark=sip_pack limit-at=256000 queue=PCQ_Download priority=1 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 

 
ToMikaa87
newbie
Topic Author
Posts: 32
Joined: Mon Apr 25, 2011 8:36 pm

Re: Downlink and uplink traffic shaping

Sun May 06, 2012 10:59 pm

@Oldman: i have tried your solution but it's still not working as expected. When p2p is running at maximum speed, HTTP download is very slow. I can see the correct speed values in the queue tree so packet marking is OK.
 
0ldman
Forum Guru
Forum Guru
Posts: 1446
Joined: Thu Jul 27, 2006 5:01 am

Re: Downlink and uplink traffic shaping

Tue May 08, 2012 7:21 pm

Did you edit the speeds to match your connection?

if you have 5Mb, set main to 5Mb, sip to whatever, 1Mb, down first to 4800k, down rest to 4800k or less, p2p to 4500k or less, etc.

It needs to be tuned for your connection to work properly.
 
ToMikaa87
newbie
Topic Author
Posts: 32
Joined: Mon Apr 25, 2011 8:36 pm

Re: Downlink and uplink traffic shaping

Tue May 08, 2012 7:36 pm

I tried to make a configuration based on your solution using a pfifo and a different method for packet marking and it seems to be working. I had to adjust the pfifo size to 10000 to let the router handle a larger traffic.
 
rviteri
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Fri Nov 18, 2011 5:53 pm

Re: Downlink and uplink traffic shaping

Sun Jun 24, 2012 5:44 am

I tried to make a configuration based on your solution using a pfifo and a different method for packet marking and it seems to be working. I had to adjust the pfifo size to 10000 to let the router handle a larger traffic.
Hi ToMikaa87, can you post your configuration?

I want the same but for VoIP traffic.
 
rviteri
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Fri Nov 18, 2011 5:53 pm

Re: Downlink and uplink traffic shaping

Sun Jun 24, 2012 12:05 pm

Copy and paste this into terminal. you may have to alter your interface names in the queues, change the speeds to match your connection.
/interface bridge settings set use-ip-firewall=yes
/

:put "These strings are taken from the L7 filter project and are licensed under GPL See: http://www.gnu.org/copyleft/gpl.html"
/ip firewall layer7-protocol
:if ([:len [find name=edonkey]] > 0) do={ :put "already have edonkey" } else={ add name=edonkey regexp="^[\C5\D4\E3-\E5].\?.\?.\?.\?([\01\02\05\14\15\16\18\19\1A\1B\1C\20\21\32\33\34\35\36\38\40\41\42\43\46\47\48\49\4A\4B\4C\4D\4E\4F\50\51\52\53\54\55\56\57\58[\60\81\82\90\91\93\96\97\98\99\9A\9B\9C\9E\A0\A1\A2\A3\A4]|\59................\?[ -~]|\96....\$)" }
:if ([:len [find name=goboogy]] > 0) do={ :put "already have goboogy" } else={ add name=goboogy regexp="<peerplat>|^get /getfilebyhash\\.cgi\\\?|^get /queue_register\\.cgi\\\?|^get /getupdowninfo\\.cgi\\\?" }
:if ([:len [find name=soribada]] > 0) do={ :put "already have soribada" } else={ add name=soribada regexp="^GETMP3\0D\0AFilename|^\01.\?.\?.\?(\51\3A\\+|\51\32\3A)|^\10[\14-\16]\10[\15-\17].\?.\?.\?.\?\$" }
:if ([:len [find name=rdp]] > 0) do={ :put "already have rdp" } else={ add name=rdp regexp="rdpdr.*cliprdr.*rdpsnd" }
:if ([:len [find name=gnutella]] > 0) do={ :put "already have gnutella" } else={ add name=gnutella regexp="^(gnd[\01\02]\?.\?.\?\01|gnutella connect/[012]\\.[0-9]\0D\0A|get /uri-res/n2r\\\?urn:sha1:|get /.*user-agent: (gtk-gnutella|bearshare|mactella|gnucleus|gnotella|limewire|imesh)|get /.*content-type: application/x-gnutella-packets|giv [0-9]*:[0-9a-f]*/|queue [0-9a-f]* [1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?\\.[1-9][0-9]\?[0-9]\?:[1-9][0-9]\?[0-9]\?[0-9]\?|gnutella.*content-type: application/x-gnutella|...................\?lime)" }
:if ([:len [find name=cvs]] > 0) do={ :put "already have cvs" } else={ add name=cvs regexp="^BEGIN (AUTH|VERIFICATION|GSSAPI) REQUEST\0A" }
:if ([:len [find name=nbns]] > 0) do={ :put "already have nbns" } else={ add name=nbns regexp="\01\10\01|\\)\10\01\01|0\10\01" }
:if ([:len [find name=shoutcast]] > 0) do={ :put "already have shoutcast" } else={ add name=shoutcast regexp="icy [1-5][0-9][0-9] [\09-\0D -~]*(content-type:audio|icy-)" }
:if ([:len [find name=dns]] > 0) do={ :put "already have dns" } else={ add name=dns regexp="^.\?.\?.\?.\?[\01\02].\?.\?.\?.\?.\?.\?[\01-\?][a-z0-9][\01-\?a-z]*[\02-\06][a-z][a-z][fglmoprstuvz]\?[aeop]\?(um)\?[\01-\10\1C][\01\03\04\FF]" }
:if ([:len [find name=quake-halflife]] > 0) do={ :put "already have quake-halflife" } else={ add name=quake-halflife regexp="^\FF\FF\FF\FFget(info|challenge)" }
:if ([:len [find name=poco]] > 0) do={ :put "already have poco" } else={ add name=poco regexp="^\80\94\0A\01....\1F\9E" }
:if ([:len [find name=ciscovpn]] > 0) do={ :put "already have ciscovpn" } else={ add name=ciscovpn regexp="^\01\F4\01\F4" }
:if ([:len [find name=x11]] > 0) do={ :put "already have x11" } else={ add name=x11 regexp="^[lb].\?\0B" }
:if ([:len [find name=xboxlive]] > 0) do={ :put "already have xboxlive" } else={ add name=xboxlive regexp="^\58\80........\F3|^\06\58\4E" }
:if ([:len [find name=applejuice]] > 0) do={ :put "already have applejuice" } else={ add name=applejuice regexp="^ajprot\0D\0A" }
:if ([:len [find name=zmaap]] > 0) do={ :put "already have zmaap" } else={ add name=zmaap regexp="^\1B\D7\3B\48[\01\02]\01\?\01" }
:if ([:len [find name=live365]] > 0) do={ :put "already have live365" } else={ add name=live365 regexp="membername.*session.*player" }
:if ([:len [find name=rlogin]] > 0) do={ :put "already have rlogin" } else={ add name=rlogin regexp="^[a-z][a-z0-9][a-z0-9]+/[1-9][0-9]\?[0-9]\?[0-9]\?00" }
:if ([:len [find name=http]] > 0) do={ :put "already have http" } else={ add name=http regexp="http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*(connection:|content-type:|content-length:|date:)|post [\09-\0D -~]* http/[01]\\.[019]" }
:if ([:len [find name=sip]] > 0) do={ :put "already have sip" } else={ add name=sip regexp="^(invite|register|cancel) sip[\09-\0D -~]*sip/[0-2]\\.[0-9]" }
:if ([:len [find name=pop3]] > 0) do={ :put "already have pop3" } else={ add name=pop3 regexp="^(\\+ok |-err )" }
:if ([:len [find name=smb]] > 0) do={ :put "already have smb" } else={ add name=smb regexp="\FFsmb[\72\25]" }
:if ([:len [find name=quake1]] > 0) do={ :put "already have quake1" } else={ add name=quake1 regexp="^\80\0C\01quake\03" }
:if ([:len [find name=lpd]] > 0) do={ :put "already have lpd" } else={ add name=lpd regexp="^(\01[!-~]+|\02[!-~]+\0A.[\01\02\03][\01-\0A -~]*|[\03\04][!-~]+[\09-\0D]+[a-z][\09-\0D -~]*|\05[!-~]+[\09-\0D]+([a-z][!-~]*[\09-\0D]+[1-9][0-9]\?[0-9]\?|root[\09-\0D]+[!-~]+).*)\0A\$" }
:if ([:len [find name=mute]] > 0) do={ :put "already have mute" } else={ add name=mute regexp="^(Public|AES)Key: [0-9a-f]*\0AEnd(Public|AES)Key\0A\$" }
:if ([:len [find name=ssh]] > 0) do={ :put "already have ssh" } else={ add name=ssh regexp="^ssh-[12]\\.[0-9]" }
:if ([:len [find name=jabber]] > 0) do={ :put "already have jabber" } else={ add name=jabber regexp="<stream:stream[\09-\0D ][ -~]*[\09-\0D ]xmlns=['\"]jabber" }
:if ([:len [find name=bittorrent]] > 0) do={ :put "already have bittorrent" } else={ add name=bittorrent regexp="^(\13bittorrent protocol|azver\01\$|get /scrape\\\?info_hash=)|d1:ad2:id20:|\08'7P\\)[RP]" }
:if ([:len [find name=ncp]] > 0) do={ :put "already have ncp" } else={ add name=ncp regexp="^(dmdt.*\01.*(\"\"|\11\11|uu)|tncp.*33)" }
:if ([:len [find name=tls]] > 0) do={ :put "already have tls" } else={ add name=tls regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)" }
:if ([:len [find name=directconnect]] > 0) do={ :put "already have directconnect" } else={ add name=directconnect regexp="^(\\\$mynick |\\\$lock |\\\$key )" }
:if ([:len [find name=netbios]] > 0) do={ :put "already have netbios" } else={ add name=netbios regexp="\81.\?.\?.[A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P][A-P]" }
:if ([:len [find name=tftp]] > 0) do={ :put "already have tftp" } else={ add name=tftp regexp="^(\01|\02)[ -~]*(netascii|octet|mail)" }
:if ([:len [find name=subspace]] > 0) do={ :put "already have subspace" } else={ add name=subspace regexp="^\01....\11\10........\01\$" }
:if ([:len [find name=hotline]] > 0) do={ :put "already have hotline" } else={ add name=hotline regexp="^....................TRTPHOTL\01\02" }
:if ([:len [find name=doom3]] > 0) do={ :put "already have doom3" } else={ add name=doom3 regexp="^\FF\FFchallenge" }
:if ([:len [find name=ftp]] > 0) do={ :put "already have ftp" } else={ add name=ftp regexp="^220[\09-\0D -~]*ftp" }
:if ([:len [find name=kugoo]] > 0) do={ :put "already have kugoo" } else={ add name=kugoo regexp="^\31..\8E" }
:if ([:len [find name=tsp]] > 0) do={ :put "already have tsp" } else={ add name=tsp regexp="^[\01-\13\16-\$]\01.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?[ -~]+" }
:if ([:len [find name=battlefield1942]] > 0) do={ :put "already have battlefield1942" } else={ add name=battlefield1942 regexp="^\01\11\10\\|\F8\02\10\40\06" }
:if ([:len [find name=ssdp]] > 0) do={ :put "already have ssdp" } else={ add name=ssdp regexp="^notify[\09-\0D ]\\*[\09-\0D ]http/1\\.1[\09-\0D -~]*ssdp:(alive|byebye)|^m-search[\09-\0D ]\\*[\09-\0D ]http/1\\.1[\09-\0D -~]*ssdp:discover" }
:if ([:len [find name=imap]] > 0) do={ :put "already have imap" } else={ add name=imap regexp="^(\\* ok|a[0-9]+ noop)" }
:if ([:len [find name=ares]] > 0) do={ :put "already have ares" } else={ add name=ares regexp="^\03[]Z].\?.\?\05\$" }
:if ([:len [find name=fasttrack]] > 0) do={ :put "already have fasttrack" } else={ add name=fasttrack regexp="^get (/.download/[ -~]*|/.supernode[ -~]|/.status[ -~]|/.network[ -~]*|/.files|/.hash=[0-9a-f]*/[ -~]*) http/1.1|user-agent: kazaa|x-kazaa(-username|-network|-ip|-supernodeip|-xferid|-xferuid|tag)|^give [0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]\?[0-9]\?[0-9]\?" }
:if ([:len [find name=qq]] > 0) do={ :put "already have qq" } else={ add name=qq regexp="^.\?\02.+\03\$" }
:if ([:len [find name=100bao]] > 0) do={ :put "already have 100bao" } else={ add name=100bao regexp="^\01\01\05\0A" }
:if ([:len [find name=aim]] > 0) do={ :put "already have aim" } else={ add name=aim regexp="^(\\*[\01\02].*\03\0B|\\*\01.\?.\?.\?.\?\01)|flapon|toc_signon.*0x" }
:if ([:len [find name=unknown]] > 0) do={ :put "already have unknown" } else={ add name=unknown regexp="." }
:if ([:len [find name=msn-filetransfer]] > 0) do={ :put "already have msn-filetransfer" } else={ add name=msn-filetransfer regexp="^(ver [ -~]*msnftp\0D\0Aver msnftp\0D\0Ausr|method msnmsgr:)" }
:if ([:len [find name=yahoo]] > 0) do={ :put "already have yahoo" } else={ add name=yahoo regexp="^(ymsg|ypns|yhoo).\?.\?.\?.\?.\?.\?.\?[lwt].*\C0\80" }
:if ([:len [find name=validcertssl]] > 0) do={ :put "already have validcertssl" } else={ add name=validcertssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B).*(thawte|equifax secure|rsa data security, inc|verisign, inc|gte cybertrust root|entrust\\.net limited)" }
:if ([:len [find name=ntp]] > 0) do={ :put "already have ntp" } else={ add name=ntp regexp="^([\13\1B\23\D3\DB\E3]|[\14\1C\$].......\?.\?.\?.\?.\?.\?.\?.\?.\?[\C6-\FF])" }
:if ([:len [find name=gnucleuslan]] > 0) do={ :put "already have gnucleuslan" } else={ add name=gnucleuslan regexp="gnuclear connect/[\09-\0D -~]*user-agent: gnucleus [\09-\0D -~]*lan:" }
:if ([:len [find name=vnc]] > 0) do={ :put "already have vnc" } else={ add name=vnc regexp="^rfb 00[1-9]\\.00[0-9]\0A\$" }
:if ([:len [find name=bgp]] > 0) do={ :put "already have bgp" } else={ add name=bgp regexp="^\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF..\?\01[\03\04]" }
:if ([:len [find name=tesla]] > 0) do={ :put "already have tesla" } else={ add name=tesla regexp="\03\9A\89\22\31\31\31\\.\30\30\20\42\65\74\61\20|\E2\3C\69\1E\1C\E9" }
:if ([:len [find name=openft]] > 0) do={ :put "already have openft" } else={ add name=openft regexp="x-openftalias: [-)(0-9a-z ~.]" }
:if ([:len [find name=h323]] > 0) do={ :put "already have h323" } else={ add name=h323 regexp="^\03..\?\08...\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\05" }
:if ([:len [find name=finger]] > 0) do={ :put "already have finger" } else={ add name=finger regexp="^[a-z][a-z0-9\\-_]+|login: [\09-\0D -~]* name: [\09-\0D -~]* Directory:" }
:if ([:len [find name=ident]] > 0) do={ :put "already have ident" } else={ add name=ident regexp="^[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?[\09-\0D]*,[\09-\0D]*[1-9][0-9]\?[0-9]\?[0-9]\?[0-9]\?(\0D\0A|[\0D\0A])\?\$" }
:if ([:len [find name=gkrellm]] > 0) do={ :put "already have gkrellm" } else={ add name=gkrellm regexp="^gkrellm [23].[0-9].[0-9]\0A\$" }
:if ([:len [find name=hddtemp]] > 0) do={ :put "already have hddtemp" } else={ add name=hddtemp regexp="^\\|/dev/[a-z][a-z][a-z]\\|[0-9a-z]*\\|[0-9][0-9]\\|[cfk]\\|" }
:if ([:len [find name=socks]] > 0) do={ :put "already have socks" } else={ add name=socks regexp="\05[\01-\08]*\05[\01-\08]\?.*\05[\01-\03][\01\03].*\05[\01-\08]\?[\01\03]" }
:if ([:len [find name=biff]] > 0) do={ :put "already have biff" } else={ add name=biff regexp="^[a-z][a-z0-9]+@[1-9][0-9]+\$" }
:if ([:len [find name=dhcp]] > 0) do={ :put "already have dhcp" } else={ add name=dhcp regexp="^[\01\02][\01- ]\06.*c\82sc" }
:if ([:len [find name=smtp]] > 0) do={ :put "already have smtp" } else={ add name=smtp regexp="^220[\09-\0D -~]* (e\?smtp|simple mail)" }
:if ([:len [find name=ipp]] > 0) do={ :put "already have ipp" } else={ add name=ipp regexp="ipp://" }
:if ([:len [find name=msnmessenger]] > 0) do={ :put "already have msnmessenger" } else={ add name=msnmessenger regexp="ver [0-9]+ msnp[1-9][0-9]\? [\09-\0D -~]*cvr0\0D\0A\$|usr 1 [!-~]+ [0-9. ]+\0D\0A\$|ans 1 [!-~]+ [0-9. ]+\0D\0A\$" }
:if ([:len [find name=irc]] > 0) do={ :put "already have irc" } else={ add name=irc regexp="^(nick[\09-\0D -~]*user[\09-\0D -~]*:|user[\09-\0D -~]*:[\02-\0D -~]*nick[\09-\0D -~]*\0D\0A)" }
:if ([:len [find name=gopher]] > 0) do={ :put "already have gopher" } else={ add name=gopher regexp="^[\09-\0D]*[1-9,+tgi][\09-\0D -~]*\09[\09-\0D -~]*\09[a-z0-9.]*\\.[a-z][a-z].\?.\?\09[1-9]" }
:if ([:len [find name=telnet]] > 0) do={ :put "already have telnet" } else={ add name=telnet regexp="^\FF[\FB-\FE].\FF[\FB-\FE].\FF[\FB-\FE]" }
:if ([:len [find name=snmp]] > 0) do={ :put "already have snmp" } else={ add name=snmp regexp="^\02\01\04.+([\A0-\A3]\02[\01-\04].\?.\?.\?.\?\02\01.\?\02\01.\?\30|\A4\06.+\40\04.\?.\?.\?.\?\02\01.\?\02\01.\?\43)" }
:if ([:len [find name=nntp]] > 0) do={ :put "already have nntp" } else={ add name=nntp regexp="^(20[01][\09-\0D -~]*AUTHINFO USER|20[01][\09-\0D -~]*news)" }
:if ([:len [find name=aimwebcontent]] > 0) do={ :put "already have aimwebcontent" } else={ add name=aimwebcontent regexp="user-agent:aim/" }
:if ([:len [find name=rtsp]] > 0) do={ :put "already have rtsp" } else={ add name=rtsp regexp="rtsp/1.0 200 ok" }
:if ([:len [find name=skypeout]] > 0) do={ :put "already have skypeout" } else={ add name=skypeout regexp="^(\01.\?.\?.\?.\?.\?.\?.\?.\?\01|\02.\?.\?.\?.\?.\?.\?.\?.\?\02|\03.\?.\?.\?.\?.\?.\?.\?.\?\03|\04.\?.\?.\?.\?.\?.\?.\?.\?\04|\05.\?.\?.\?.\?.\?.\?.\?.\?\05|\06.\?.\?.\?.\?.\?.\?.\?.\?\06|\07.\?.\?.\?.\?.\?.\?.\?.\?\07|\08.\?.\?.\?.\?.\?.\?.\?.\?\08|\09.\?.\?.\?.\?.\?.\?.\?.\?\09|\0A.\?.\?.\?.\?.\?.\?.\?.\?\0A|\0B.\?.\?.\?.\?.\?.\?.\?.\?\0B|\0C.\?.\?.\?.\?.\?.\?.\?.\?\0C|\0D.\?.\?.\?.\?.\?.\?.\?.\?\0D|\0E.\?.\?.\?.\?.\?.\?.\?.\?\0E|\0F.\?.\?.\?.\?.\?.\?.\?.\?\0F|\10.\?.\?.\?.\?.\?.\?.\?.\?\10|\11.\?.\?.\?.\?.\?.\?.\?.\?\11|\12.\?.\?.\?.\?.\?.\?.\?.\?\12|\13.\?.\?.\?.\?.\?.\?.\?.\?\13|\14.\?.\?.\?.\?.\?.\?.\?.\?\14|\15.\?.\?.\?.\?.\?.\?.\?.\?\15|\16.\?.\?.\?.\?.\?.\?.\?.\?\16|\17.\?.\?.\?.\?.\?.\?.\?.\?\17|\18.\?.\?.\?.\?.\?.\?.\?.\?\18|\19.\?.\?.\?.\?.\?.\?.\?.\?\19|\1A.\?.\?.\?.\?.\?.\?.\?.\?\1A|\1B.\?.\?.\?.\?.\?.\?.\?.\?\1B|\1C.\?.\?.\?.\?.\?.\?.\?.\?\1C|\1D.\?.\?.\?.\?.\?.\?.\?.\?\1D|\1E.\?.\?.\?.\?.\?.\?.\?.\?\1E|\1F.\?.\?.\?.\?.\?.\?.\?.\?\1F|\20.\?.\?.\?.\?.\?.\?.\?.\?\20|\21.\?.\?.\?.\?.\?.\?.\?.\?\21|\22.\?.\?.\?.\?.\?.\?.\?.\?\22|\23.\?.\?.\?.\?.\?.\?.\?.\?\23|\\\$.\?.\?.\?.\?.\?.\?.\?.\?\\\$|\25.\?.\?.\?.\?.\?.\?.\?.\?\25|\26.\?.\?.\?.\?.\?.\?.\?.\?\26|\27.\?.\?.\?.\?.\?.\?.\?.\?\27|\\(.\?.\?.\?.\?.\?.\?.\?.\?\\(|\\).\?.\?.\?.\?.\?.\?.\?.\?\\)|\\*.\?.\?.\?.\?.\?.\?.\?.\?\\*|\\+.\?.\?.\?.\?.\?.\?.\?.\?\\+|\2C.\?.\?.\?.\?.\?.\?.\?.\?\2C|\2D.\?.\?.\?.\?.\?.\?.\?.\?\2D|\\..\?.\?.\?.\?.\?.\?.\?.\?\\.|\2F.\?.\?.\?.\?.\?.\?.\?.\?\2F|\30.\?.\?.\?.\?.\?.\?.\?.\?\30|\31.\?.\?.\?.\?.\?.\?.\?.\?\31|\32.\?.\?.\?.\?.\?.\?.\?.\?\32|\33.\?.\?.\?.\?.\?.\?.\?.\?\33|\34.\?.\?.\?.\?.\?.\?.\?.\?\34|\35.\?.\?.\?.\?.\?.\?.\?.\?\35|\36.\?.\?.\?.\?.\?.\?.\?.\?\36|\37.\?.\?.\?.\?.\?.\?.\?.\?\37|\38.\?.\?.\?.\?.\?.\?.\?.\?\38|\39.\?.\?.\?.\?.\?.\?.\?.\?\39|\3A.\?.\?.\?.\?.\?.\?.\?.\?\3A|\3B.\?.\?.\?.\?.\?.\?.\?.\?\3B|\3C.\?.\?.\?.\?.\?.\?.\?.\?\3C|\3D.\?.\?.\?.\?.\?.\?.\?.\?\3D|\3E.\?.\?.\?.\?.\?.\?.\?.\?\3E|\\\?.\?.\?.\?.\?.\?.\?.\?.\?\\\?|\40.\?.\?.\?.\?.\?.\?.\?.\?\40|\41.\?.\?.\?.\?.\?.\?.\?.\?\41|\42.\?.\?.\?.\?.\?.\?.\?.\?\42|\43.\?.\?.\?.\?.\?.\?.\?.\?\43|\44.\?.\?.\?.\?.\?.\?.\?.\?\44|\45.\?.\?.\?.\?.\?.\?.\?.\?\45|\46.\?.\?.\?.\?.\?.\?.\?.\?\46|\47.\?.\?.\?.\?.\?.\?.\?.\?\47|\48.\?.\?.\?.\?.\?.\?.\?.\?\48|\49.\?.\?.\?.\?.\?.\?.\?.\?\49|\4A.\?.\?.\?.\?.\?.\?.\?.\?\4A|\4B.\?.\?.\?.\?.\?.\?.\?.\?\4B|\4C.\?.\?.\?.\?.\?.\?.\?.\?\4C|\4D.\?.\?.\?.\?.\?.\?.\?.\?\4D|\4E.\?.\?.\?.\?.\?.\?.\?.\?\4E|\4F.\?.\?.\?.\?.\?.\?.\?.\?\4F|\50.\?.\?.\?.\?.\?.\?.\?.\?\50|\51.\?.\?.\?.\?.\?.\?.\?.\?\51|\52.\?.\?.\?.\?.\?.\?.\?.\?\52|\53.\?.\?.\?.\?.\?.\?.\?.\?\53|\54.\?.\?.\?.\?.\?.\?.\?.\?\54|\55.\?.\?.\?.\?.\?.\?.\?.\?\55|\56.\?.\?.\?.\?.\?.\?.\?.\?\56|\57.\?.\?.\?.\?.\?.\?.\?.\?\57|\58.\?.\?.\?.\?.\?.\?.\?.\?\58|\59.\?.\?.\?.\?.\?.\?.\?.\?\59|\5A.\?.\?.\?.\?.\?.\?.\?.\?\5A|\\[.\?.\?.\?.\?.\?.\?.\?.\?\\[|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\].\?.\?.\?.\?.\?.\?.\?.\?\\]|\\^.\?.\?.\?.\?.\?.\?.\?.\?\\^|\5F.\?.\?.\?.\?.\?.\?.\?.\?\5F|\60.\?.\?.\?.\?.\?.\?.\?.\?\60|\61.\?.\?.\?.\?.\?.\?.\?.\?\61|\62.\?.\?.\?.\?.\?.\?.\?.\?\62|\63.\?.\?.\?.\?.\?.\?.\?.\?\63|\64.\?.\?.\?.\?.\?.\?.\?.\?\64|\65.\?.\?.\?.\?.\?.\?.\?.\?\65|\66.\?.\?.\?.\?.\?.\?.\?.\?\66|\67.\?.\?.\?.\?.\?.\?.\?.\?\67|\68.\?.\?.\?.\?.\?.\?.\?.\?\68|\69.\?.\?.\?.\?.\?.\?.\?.\?\69|\6A.\?.\?.\?.\?.\?.\?.\?.\?\6A|\6B.\?.\?.\?.\?.\?.\?.\?.\?\6B|\6C.\?.\?.\?.\?.\?.\?.\?.\?\6C|\6D.\?.\?.\?.\?.\?.\?.\?.\?\6D|\6E.\?.\?.\?.\?.\?.\?.\?.\?\6E|\6F.\?.\?.\?.\?.\?.\?.\?.\?\6F|\70.\?.\?.\?.\?.\?.\?.\?.\?\70|\71.\?.\?.\?.\?.\?.\?.\?.\?\71|\72.\?.\?.\?.\?.\?.\?.\?.\?\72|\73.\?.\?.\?.\?.\?.\?.\?.\?\73|\74.\?.\?.\?.\?.\?.\?.\?.\?\74|\75.\?.\?.\?.\?.\?.\?.\?.\?\75|\76.\?.\?.\?.\?.\?.\?.\?.\?\76|\77.\?.\?.\?.\?.\?.\?.\?.\?\77|\78.\?.\?.\?.\?.\?.\?.\?.\?\78|\79.\?.\?.\?.\?.\?.\?.\?.\?\79|\7A.\?.\?.\?.\?.\?.\?.\?.\?\7A|\\{.\?.\?.\?.\?.\?.\?.\?.\?\\{|\\|.\?.\?.\?.\?.\?.\?.\?.\?\\||\\}.\?.\?.\?.\?.\?.\?.\?.\?\\}|\7E.\?.\?.\?.\?.\?.\?.\?.\?\7E|\7F.\?.\?.\?.\?.\?.\?.\?.\?\7F|\80.\?.\?.\?.\?.\?.\?.\?.\?\80|\81.\?.\?.\?.\?.\?.\?.\?.\?\81|\82.\?.\?.\?.\?.\?.\?.\?.\?\82|\83.\?.\?.\?.\?.\?.\?.\?.\?\83|\84.\?.\?.\?.\?.\?.\?.\?.\?\84|\85.\?.\?.\?.\?.\?.\?.\?.\?\85|\86.\?.\?.\?.\?.\?.\?.\?.\?\86|\87.\?.\?.\?.\?.\?.\?.\?.\?\87|\88.\?.\?.\?.\?.\?.\?.\?.\?\88|\89.\?.\?.\?.\?.\?.\?.\?.\?\89|\8A.\?.\?.\?.\?.\?.\?.\?.\?\8A|\8B.\?.\?.\?.\?.\?.\?.\?.\?\8B|\8C.\?.\?.\?.\?.\?.\?.\?.\?\8C|\8D.\?.\?.\?.\?.\?.\?.\?.\?\8D|\8E.\?.\?.\?.\?.\?.\?.\?.\?\8E|\8F.\?.\?.\?.\?.\?.\?.\?.\?\8F|\90.\?.\?.\?.\?.\?.\?.\?.\?\90|\91.\?.\?.\?.\?.\?.\?.\?.\?\91|\92.\?.\?.\?.\?.\?.\?.\?.\?\92|\93.\?.\?.\?.\?.\?.\?.\?.\?\93|\94.\?.\?.\?.\?.\?.\?.\?.\?\94|\95.\?.\?.\?.\?.\?.\?.\?.\?\95|\96.\?.\?.\?.\?.\?.\?.\?.\?\96|\97.\?.\?.\?.\?.\?.\?.\?.\?\97|\98.\?.\?.\?.\?.\?.\?.\?.\?\98|\99.\?.\?.\?.\?.\?.\?.\?.\?\99|\9A.\?.\?.\?.\?.\?.\?.\?.\?\9A|\9B.\?.\?.\?.\?.\?.\?.\?.\?\9B|\9C.\?.\?.\?.\?.\?.\?.\?.\?\9C|\9D.\?.\?.\?.\?.\?.\?.\?.\?\9D|\9E.\?.\?.\?.\?.\?.\?.\?.\?\9E|\9F.\?.\?.\?.\?.\?.\?.\?.\?\9F|\A0.\?.\?.\?.\?.\?.\?.\?.\?\A0|\A1.\?.\?.\?.\?.\?.\?.\?.\?\A1|\A2.\?.\?.\?.\?.\?.\?.\?.\?\A2|\A3.\?.\?.\?.\?.\?.\?.\?.\?\A3|\A4.\?.\?.\?.\?.\?.\?.\?.\?\A4|\A5.\?.\?.\?.\?.\?.\?.\?.\?\A5|\A6.\?.\?.\?.\?.\?.\?.\?.\?\A6|\A7.\?.\?.\?.\?.\?.\?.\?.\?\A7|\A8.\?.\?.\?.\?.\?.\?.\?.\?\A8|\A9.\?.\?.\?.\?.\?.\?.\?.\?\A9|\AA.\?.\?.\?.\?.\?.\?.\?.\?\AA|\AB.\?.\?.\?.\?.\?.\?.\?.\?\AB|\AC.\?.\?.\?.\?.\?.\?.\?.\?\AC|\AD.\?.\?.\?.\?.\?.\?.\?.\?\AD|\AE.\?.\?.\?.\?.\?.\?.\?.\?\AE|\AF.\?.\?.\?.\?.\?.\?.\?.\?\AF|\B0.\?.\?.\?.\?.\?.\?.\?.\?\B0|\B1.\?.\?.\?.\?.\?.\?.\?.\?\B1|\B2.\?.\?.\?.\?.\?.\?.\?.\?\B2|\B3.\?.\?.\?.\?.\?.\?.\?.\?\B3|\B4.\?.\?.\?.\?.\?.\?.\?.\?\B4|\B5.\?.\?.\?.\?.\?.\?.\?.\?\B5|\B6.\?.\?.\?.\?.\?.\?.\?.\?\B6|\B7.\?.\?.\?.\?.\?.\?.\?.\?\B7|\B8.\?.\?.\?.\?.\?.\?.\?.\?\B8|\B9.\?.\?.\?.\?.\?.\?.\?.\?\B9|\BA.\?.\?.\?.\?.\?.\?.\?.\?\BA|\BB.\?.\?.\?.\?.\?.\?.\?.\?\BB|\BC.\?.\?.\?.\?.\?.\?.\?.\?\BC|\BD.\?.\?.\?.\?.\?.\?.\?.\?\BD|\BE.\?.\?.\?.\?.\?.\?.\?.\?\BE|\BF.\?.\?.\?.\?.\?.\?.\?.\?\BF|\C0.\?.\?.\?.\?.\?.\?.\?.\?\C0|\C1.\?.\?.\?.\?.\?.\?.\?.\?\C1|\C2.\?.\?.\?.\?.\?.\?.\?.\?\C2|\C3.\?.\?.\?.\?.\?.\?.\?.\?\C3|\C4.\?.\?.\?.\?.\?.\?.\?.\?\C4|\C5.\?.\?.\?.\?.\?.\?.\?.\?\C5|\C6.\?.\?.\?.\?.\?.\?.\?.\?\C6|\C7.\?.\?.\?.\?.\?.\?.\?.\?\C7|\C8.\?.\?.\?.\?.\?.\?.\?.\?\C8|\C9.\?.\?.\?.\?.\?.\?.\?.\?\C9|\CA.\?.\?.\?.\?.\?.\?.\?.\?\CA|\CB.\?.\?.\?.\?.\?.\?.\?.\?\CB|\CC.\?.\?.\?.\?.\?.\?.\?.\?\CC|\CD.\?.\?.\?.\?.\?.\?.\?.\?\CD|\CE.\?.\?.\?.\?.\?.\?.\?.\?\CE|\CF.\?.\?.\?.\?.\?.\?.\?.\?\CF|\D0.\?.\?.\?.\?.\?.\?.\?.\?\D0|\D1.\?.\?.\?.\?.\?.\?.\?.\?\D1|\D2.\?.\?.\?.\?.\?.\?.\?.\?\D2|\D3.\?.\?.\?.\?.\?.\?.\?.\?\D3|\D4.\?.\?.\?.\?.\?.\?.\?.\?\D4|\D5.\?.\?.\?.\?.\?.\?.\?.\?\D5|\D6.\?.\?.\?.\?.\?.\?.\?.\?\D6|\D7.\?.\?.\?.\?.\?.\?.\?.\?\D7|\D8.\?.\?.\?.\?.\?.\?.\?.\?\D8|\D9.\?.\?.\?.\?.\?.\?.\?.\?\D9|\DA.\?.\?.\?.\?.\?.\?.\?.\?\DA|\DB.\?.\?.\?.\?.\?.\?.\?.\?\DB|\DC.\?.\?.\?.\?.\?.\?.\?.\?\DC|\DD.\?.\?.\?.\?.\?.\?.\?.\?\DD|\DE.\?.\?.\?.\?.\?.\?.\?.\?\DE|\DF.\?.\?.\?.\?.\?.\?.\?.\?\DF|\E0.\?.\?.\?.\?.\?.\?.\?.\?\E0|\E1.\?.\?.\?.\?.\?.\?.\?.\?\E1|\E2.\?.\?.\?.\?.\?.\?.\?.\?\E2|\E3.\?.\?.\?.\?.\?.\?.\?.\?\E3|\E4.\?.\?.\?.\?.\?.\?.\?.\?\E4|\E5.\?.\?.\?.\?.\?.\?.\?.\?\E5|\E6.\?.\?.\?.\?.\?.\?.\?.\?\E6|\E7.\?.\?.\?.\?.\?.\?.\?.\?\E7|\E8.\?.\?.\?.\?.\?.\?.\?.\?\E8|\E9.\?.\?.\?.\?.\?.\?.\?.\?\E9|\EA.\?.\?.\?.\?.\?.\?.\?.\?\EA|\EB.\?.\?.\?.\?.\?.\?.\?.\?\EB|\EC.\?.\?.\?.\?.\?.\?.\?.\?\EC|\ED.\?.\?.\?.\?.\?.\?.\?.\?\ED|\EE.\?.\?.\?.\?.\?.\?.\?.\?\EE|\EF.\?.\?.\?.\?.\?.\?.\?.\?\EF|\F0.\?.\?.\?.\?.\?.\?.\?.\?\F0|\F1.\?.\?.\?.\?.\?.\?.\?.\?\F1|\F2.\?.\?.\?.\?.\?.\?.\?.\?\F2|\F3.\?.\?.\?.\?.\?.\?.\?.\?\F3|\F4.\?.\?.\?.\?.\?.\?.\?.\?\F4|\F5.\?.\?.\?.\?.\?.\?.\?.\?\F5|\F6.\?.\?.\?.\?.\?.\?.\?.\?\F6|\F7.\?.\?.\?.\?.\?.\?.\?.\?\F7|\F8.\?.\?.\?.\?.\?.\?.\?.\?\F8|\F9.\?.\?.\?.\?.\?.\?.\?.\?\F9|\FA.\?.\?.\?.\?.\?.\?.\?.\?\FA|\FB.\?.\?.\?.\?.\?.\?.\?.\?\FB|\FC.\?.\?.\?.\?.\?.\?.\?.\?\FC|\FD.\?.\?.\?.\?.\?.\?.\?.\?\FD|\FE.\?.\?.\?.\?.\?.\?.\?.\?\FE|\FF.\?.\?.\?.\?.\?.\?.\?.\?\FF)" }
:if ([:len [find name=skypetoskype]] > 0) do={ :put "already have skypetoskype" } else={ add name=skypetoskype regexp="^..\02............." }
:if ([:len [find name=counterstrike-source]] > 0) do={ :put "already have counterstrike-source" } else={ add name=counterstrike-source regexp="^\FF\FF\FF\FF.*cstrikeCounter-Strike" }
:if ([:len [find name=halflife2-deathmatch]] > 0) do={ :put "already have halflife2-deathmatch" } else={ add name=halflife2-deathmatch regexp="^\FF\FF\FF\FF.*hl2mpDeathmatch" }
:if ([:len [find name=freenet]] > 0) do={ :put "already have freenet" } else={ add name=freenet regexp="^\01[\08\09][\03\04]" }
:if ([:len [find name=battlefield2]] > 0) do={ :put "already have battlefield2" } else={ add name=battlefield2 regexp="^(\11\20\01...\?\11|\FE\FD.\?.\?.\?.\?.\?.\?(\14\01\06|\FF\FF\FF))|[]\01].\?battlefield2" }
:if ([:len [find name=napster]] > 0) do={ :put "already have napster" } else={ add name=napster regexp="^(.[\02\06][!-~]+ [!-~]+ [0-9][0-9]\?[0-9]\?[0-9]\?[0-9]\? \"[\09-\0D -~]+\" ([0-9]|10)|1(send|get)[!-~]+ \"[\09-\0D -~]+\")" }
:if ([:len [find name=soulseek]] > 0) do={ :put "already have soulseek" } else={ add name=soulseek regexp="^(\05..\?|.\01.[ -~]+\01F..\?.\?.\?.\?.\?.\?.\?)\$" }
:if ([:len [find name=xunlei]] > 0) do={ :put "already have xunlei" } else={ add name=xunlei regexp="^[()]...\?.\?.\?(reg|get|query)" }
:if ([:len [find name=ssl]] > 0) do={ :put "already have ssl" } else={ add name=ssl regexp="^(.\?.\?\16\03.*\16\03|.\?.\?\01\03\01\?.*\0B)" }
:if ([:len [find name=citrix]] > 0) do={ :put "already have citrix" } else={ add name=citrix regexp="\32\26\85\92\58" }
:if ([:len [find name=whois]] > 0) do={ :put "already have whois" } else={ add name=whois regexp="^[ !-~]+\0D\0A\$" }
:if ([:len [find name=dayofdefeat-source]] > 0) do={ :put "already have dayofdefeat-source" } else={ add name=dayofdefeat-source regexp="^\FF\FF\FF\FF.*dodDay of Defeat" }
:if ([:len [find name=teamspeak]] > 0) do={ :put "already have teamspeak" } else={ add name=teamspeak regexp="^\F4\BE\03.*teamspeak" }
:if ([:len [find name=worldofwarcraft]] > 0) do={ :put "already have worldofwarcraft" } else={ add name=worldofwarcraft regexp="^\06\EC\01" }
:if ([:len [find name=ventrilo]] > 0) do={ :put "already have ventrilo" } else={ add name=ventrilo regexp="^..\?v\\\$\CF" }
:if ([:len [find name=http-rtsp]] > 0) do={ :put "already have http-rtsp" } else={ add name=http-rtsp regexp="^(get[\09-\0D -~]* Accept: application/x-rtsp-tunnelled|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*a=control:rtsp://)" }
:if ([:len [find name=thecircle]] > 0) do={ :put "already have thecircle" } else={ add name=thecircle regexp="^t\03ni.\?[\01-\06]\?t[\01-\05]s[\0A\0B](glob|who are you\$|query data)" }
:if ([:len [find name=uucp]] > 0) do={ :put "already have uucp" } else={ add name=uucp regexp="^\10here=" }
:if ([:len [find name=pcanywhere]] > 0) do={ :put "already have pcanywhere" } else={ add name=pcanywhere regexp="^(nq|st)\$" }
:if ([:len [find name=subversion]] > 0) do={ :put "already have subversion" } else={ add name=subversion regexp="^\\( success \\( 1 2 \\(" }
:if ([:len [find name=imesh]] > 0) do={ :put "already have imesh" } else={ add name=imesh regexp="^(post[\09-\0D -~]*<PasswordHash>................................</PasswordHash><ClientVer>|\34\80\?\0D\?\FC\FF\04|get[\09-\0D -~]*Host: imsh\\.download-prod\\.musicnet\\.com|\02(\01|\02)\83.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?.\?\02(\01|\02)\83)" }
:if ([:len [find name=cimd]] > 0) do={ :put "already have cimd" } else={ add name=cimd regexp="\02[0-4][0-9]:[0-9]+.*\03\$" }
:if ([:len [find name=mohaa]] > 0) do={ :put "already have mohaa" } else={ add name=mohaa regexp="^\FF\FF\FF\FFgetstatus\0A" }
:if ([:len [find name=stun]] > 0) do={ :put "already have stun" } else={ add name=stun regexp="^[\01\02]................\?\$" }
:if ([:len [find name=tor]] > 0) do={ :put "already have tor" } else={ add name=tor regexp="TOR1.*<identity>" }
:if ([:len [find name=radmin]] > 0) do={ :put "already have radmin" } else={ add name=radmin regexp="^\01\01(\08\08|\1B\1B)\$" }
:if ([:len [find name=unset]] > 0) do={ :put "already have unset" } else={ add name=unset regexp="." }
:if ([:len [find name=chikka]] > 0) do={ :put "already have chikka" } else={ add name=chikka regexp="^CTPv1.[123] Kamusta.*\0D\0A\$" }
:if ([:len [find name=replaytv-ivs]] > 0) do={ :put "already have replaytv-ivs" } else={ add name=replaytv-ivs regexp="^(get /ivs-IVSGetFileChunk|http/(0\\.9|1\\.0|1\\.1) [1-5][0-9][0-9] [\09-\0D -~]*\23\23\23\23\23REPLAY_CHUNK_START\23\23\23\23\23)" }
:if ([:len [find name=armagetron]] > 0) do={ :put "already have armagetron" } else={ add name=armagetron regexp="YCLC_E|CYEL" }


/ip firewall mangle

add chain=forward protocol=tcp action=mark-packet new-packet-mark=new_packet passthrough=yes comment="ICMP"

add chain=forward action=mark-packet new-packet-mark=new_packet passthrough=no layer7-protocol=ssh comment="ssh"

add chain=forward action=mark-packet new-packet-mark=new_packet passthrough=no layer7-protocol=sip comment="sip"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=gnutella comment="gnutella pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=bittorrent comment="bittorrent pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=ares comment="ares pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=edonkey comment="edonkey pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no layer7-protocol=applejuice  comment="applejuice pack"

add chain=forward action=mark-packet new-packet-mark=p2p_pack passthrough=no p2p=all-p2p comment="all p2p pack"


/ip firewall mangle add chain=forward protocol=tcp action=mark-connection new-connection-mark=new_conn passthrough=yes comment="mark all new connections" disabled=no
/ip firewall mangle add chain=forward protocol=tcp connection-mark=new_conn connection-bytes=0-2000000 action=mark-packet new-packet-mark=new_packet passthrough=no comment="mark packets" disabled=no
/ip firewall mangle add chain=forward protocol=tcp connection-mark=new_conn action=mark-packet new-packet-mark=old_packets passthrough=no comment="marking old packets" disabled=no

/ip firewall mangle add chain=forward protocol=udp action=mark-connection new-connection-mark=new_conn passthrough=yes comment="mark all new connections" disabled=no
/ip firewall mangle add chain=forward protocol=udp connection-mark=new_conn connection-bytes=0-2000000 action=mark-packet new-packet-mark=new_packet passthrough=no comment="mark packets" disabled=no
/ip firewall mangle add chain=forward protocol=udp connection-mark=new_conn action=mark-packet new-packet-mark=old_packets passthrough=no comment="marking old packets" disabled=no


/queue


/queue type add name="PCQ_Upload" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=src-address pcq-total-limit=2000
/queue type add name="PCQ_Download" kind=pcq pcq-rate=0 pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 
/queue type add name="PCQ_Download_Rest" kind=pcq pcq-rate=2M pcq-limit=50 pcq-classifier=dst-address pcq-total-limit=2000 
/queue tree add name="Main_Upload" parent=wlan1 packet-mark="" limit-at=0 queue=PCQ_Upload priority=8 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="4 Up First 2Mbyte" parent=Main_Upload packet-mark=new_packet limit-at=256000 queue=PCQ_Upload priority=4 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="7 Up Rest Mbytes" parent=Main_Upload packet-mark=old_packets limit-at=256000 queue=PCQ_Upload priority=7 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="Main_Download" parent=ether1 packet-mark="" limit-at=0 queue=PCQ_Download priority=8 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="4 Down First 2Mbyte" parent=Main_Download packet-mark=new_packet limit-at=256000 queue=PCQ_Download priority=4 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="7 Down Rest Mbytes" parent=Main_Download packet-mark=old_packets limit-at=256000 queue=PCQ_Download_Rest priority=7 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="ICMP" parent=APBridge packet-mark=icmp_pack limit-at=0 queue=default priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="8 Down P2P" parent=Main_Download packet-mark=p2p_pack limit-at=64000 queue=PCQ_Download priority=8 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="8 Up P2P" parent=Main_Upload packet-mark=p2p_pack limit-at=64000 queue=PCQ_Upload priority=8 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="1 SIP Down" parent=Main_Download packet-mark=sip_pack limit-at=256000 queue=PCQ_Download priority=1 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 
/queue tree add name="1 SIP Up" parent=Main_Upload packet-mark=sip_pack limit-at=256000 queue=PCQ_Download priority=1 max-limit=50000000 burst-limit=0 burst-threshold=0 burst-time=0s 


Hi can you please explain to me what this Queue tree is doing? I am having a hard time understanding what's going on. For example, why did you load so many L7 rules but only use a few?

Thanks!
 
0ldman
Forum Guru
Forum Guru
Posts: 1446
Joined: Thu Jul 27, 2006 5:01 am

Re: Downlink and uplink traffic shaping

Tue Jun 26, 2012 7:03 pm

I just added the entire list rather than pick and choose. I don't have to add the L7 identification if I decide to add a mangle rule later.

SIP is highest priority.
First 2 MB down is next.
Download rest is anything after the first 2MB of an individual connection.
P2P speaks for itself.

This isn't all my work, this is pieced together from several different QoS configs over a few years and some of my own work.

Who is online

Users browsing this forum: joarc, ttdd85 and 102 guests