Community discussions

 
derr12
Member
Member
Topic Author
Posts: 411
Joined: Fri May 01, 2009 11:32 pm

What is the deal with getting HTTP traffic identified?

Wed Feb 13, 2013 4:51 am

Ive built a mangle rule to pick up all HTTP traffic to or from port 80 on my transparent shaper (ROS6 beta9)

It works when i go to a speedtest site, but just browsing the web or viewing youtube it gets counted on my mangle to catch everything else.
I seem to recall the mangle rule (stolen from the transparent shaper example in the mikrotik wiki) working last time I tried building a transparent shaper.

Mangle rule is in the pre-routing chain, marking connection as "http" dest-port = 80.
Just for shits n giggles i tried a new option, "any-port" same thing.

Does the web at large just not use port 80 anymore?
 
derr12
Member
Member
Topic Author
Posts: 411
Joined: Fri May 01, 2009 11:32 pm

Re: What is the deal with getting HTTP traffic identified?

Wed Feb 13, 2013 10:43 pm

I should note that it seems to be working fine when the mikrotik is a router, you just make the source and destination ports like so:

8 ;;; HTTP Uploads
chain=prerouting action=mark-packet new-packet-mark=p2_up
passthrough=no protocol=tcp dst-port=80

9 ;;; HTTP Downloads
chain=prerouting action=mark-packet new-packet-mark=p2_down
passthrough=no protocol=tcp src-port=80


But it doesnt work for crap when in bridge mode...

Why is it that i can't pick up anything on port 80 while in bridge mode with

;;; HTTP Downloads
chain=prerouting action=mark-connection new-connection-mark=http
passthrough=yes protocol=tcp any-port=80

connections only get marked when im doing a speedtest. When im browsing I get the dns lookups marked and then the actual page data falls into my "everything else" mangle.

Im totally perplexed!
 
User avatar
ohara
Member
Member
Posts: 371
Joined: Mon Jun 13, 2011 11:30 pm
Location: Warsaw

Re: What is the deal with getting HTTP traffic identified?

Wed Feb 13, 2013 11:04 pm

Can you briefly explain what is the difference between passthrough=no and passthrough=yes? Thanks.
 
derr12
Member
Member
Topic Author
Posts: 411
Joined: Fri May 01, 2009 11:32 pm

Re: What is the deal with getting HTTP traffic identified?

Wed Feb 13, 2013 11:17 pm

passthru=no means it will not bother to check any of the mangle rules below it once it has been identified.

For example

mangle rule 1 could be set to pick up http traffic.
mangle rule 2 is set to identify "everything else"

To prevent mangle rule 2 from taking the already marked packets from mangle rule 1 and re-marking them again, you would make passthru=no on mangle rule 1.

In my setup, im trying to mark all http connections and then a second set of mangles to establish direction.

so http traffic passthru = yes
http download passthru =no
http-upload passthru =no.
 
derr12
Member
Member
Topic Author
Posts: 411
Joined: Fri May 01, 2009 11:32 pm

Re: What is the deal with getting HTTP traffic identified?

Thu Feb 14, 2013 12:01 am

Ok I THINK i got it figured out

add action=mark-connection chain=forward comment="Mark HTTP Download" \
disabled=no in-interface=Bridge1 new-connection-mark=http_down \
passthrough=no protocol=tcp src-port=80,443

add action=mark-connection chain=forward comment="Mark HTTP up" disabled=\
no dst-port=80,443 new-connection-mark=http_up out-interface=Bridge1 \
passthrough=no protocol=tcp


Showing hits on my counter when I surf now. Direction seems to be working too. Not sure why adding the interface mattered but hey, it works.

I got inspiration from this gentlemans page: http://www.cbrown.co/2011/09/16/marking ... -queueing/
credit goes to him.

Who is online

Users browsing this forum: MSN [Bot] and 113 guests