Luca, I have a small wireless internet service. I don't actually want to block anything, I want to identify packets so that they can be placed in a HTB queue and prioritized.
For instance, I want to identify bittorrent and put it at a lower priority on my switches and in the queues. I've got ndpi-netfilter 'working'. I tag the packets DSCP like this: iptables -t mangle -A FORWARD -m ndpi --bittorrent -j DSCP --set-dscp 30 iptables -t mangle -A FORWARD -m ndpi --netflix -j DSCP --set-dscp 20 iptables -t mangle -A FORWARD -m ndpi --sip -j DSCP --set-dscp 1 I have a small linux device that simply routes packets and tags them with a DSCP value so that my switches, radios, and routers can provide QoS. My customers should be able to use bittorrent, but I want bittorrent traffic to be the lowest priority packet on the network. I can handle the QoS if I could just identify bittorrent. Same with netflix, I just want to be able to control netflix so that other traffic takes priority. Thanks. On Wed Nov 19 2014 at 2:57:27 AM Luca Deri <[email protected]> wrote: > Dan > I was planning to turn noting into an inline app, so your comment is > inline with what I planned. However I was planning to stop traffic in > ntopng, whereas you want ntopng to mark traffic. Question: how would you > like ntopng to make traffic? How it the DSCP bit set? > > Luca > > > On 18 Nov 2014, at 20:25, dan <[email protected]> wrote: > > > > I'm really impressed with nTOP +nDPI for protocol detection, works > really well! I've been playing with ndpi-netfilter to mark packets w/ DSCP > tags, I have a QoS box that I use DSCP for traffic shaping. > > > > > > Is there another better way to mark packets with nDPI than using the > netfilter hack? nTop is doing FAR better at detecting packets than w/ the > netfilter hack, plus the netfilter hack has some squirrely tricks to > function that are making it miss important protocols. > > > > > > I can match bittorrent and netflix (and soo many more!) with nTOP > perfectly, I'm no impressed! but with the netfilter hack I can't get > netflix or other stuff like ICMP to work. Makes me think that netfilter is > the wrong place to do this... > > > > > > Any ideas/advice would be very much appreciated! Thanks! > > _______________________________________________ > > Ntop-misc mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
