I'm struggling getting a sensible QoS right. I have a SOHO setup and queue trees with 3 tier traffic, which makes sense for me:
- priority (ICMP, dns requests, TCP packets with rst, fin, ack... all the small stuff.)
- normal (surfing, streaming video etc)
- heavy (ftp, p2p)
Marking priority traffic is straightforward enough. The real problem is to somehow distinct between normal and heavy traffic. I had a rule-of-thumb estimated the amount of data per connection for a normal web browsing and came up with this:
Code: Select all
add action=mark-packet chain=forward comment="mark all small default traffic" connection-mark=conn-heavy new-packet-mark=traffic-normal packet-size=0-1450 passthrough=no
add action=mark-packet chain=forward comment="tolerate big fast packets (heavy traffic) for some time with dst-limit" connection-mark=conn-heavy dst-limit=1,1500,src-and-dst-addresses/10s new-packet-mark=traffic-normal passthrough=no
...Until you want to stream yourself a movie. I like my privacy, so I use encrypted streaming, ftp and p2p, which makes it difficult for router to distinguish what is what. Also most of the FTP servers are passive and some p2p seeders use port 443, so I cannot just use tcp port = 21 or 443. The traffic to get a streaming video looks the same as one torrent connection - plenty load-bearing packets down and some up.
Then I remembered what is different - p2p traffic does not get resolved by DNS and streaming does, at least most of the time. I tried to make a script that would pick all A-type entries from DNS cache and fill a list (in /ip firewall address-list) and then I'd mark connections based on dst-address rule matching that list. It capped my router's CPU instantly.
So, the question is - is it possible to make IP addresses from DNS cache accessible as a list, which is then used in mangle rules?