Is that mean if I create my own service based on port, it will work, but select pre-defined service could cause crash?
tatsuya46 wrote:
its not services itself, its ndpi. any custom port based entries will work. which is what i use. more accurate, less cpu etc. i tried using ndpi based entries, i too had the crashing problem around 15-40mins after
Is that mean if I create my own service based on port, it will work, but select pre-defined service could cause crash?
tatsuya46 wrote:
its not services itself, its ndpi. any custom port based entries will work. which is what i use. more accurate, less cpu etc. i tried using ndpi based entries, i too had the crashing problem around 15-40mins after
Anybody know if QoS on ICMP works? wiki page said by default ICMP priority is Premium, but I cannot find it from output of "iptables -nvL -t mangle". I tried to add ICMP into service priority (set to Premium), still cannot find it in "iptables -nvL -t mangle"
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Tue Nov 01, 2016 23:33 Post subject:
it should be ip_icmp, not icmp. lots of the protocols are broken or over/undermatch, also dont use any tcp packet priorities, also broken.. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Wed Nov 02, 2016 5:10 Post subject:
seems its gone now, try adding a custom port entry, for protocol select icmp, & name it something different, none of the previous names that were used before like "icmp2" or something _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
I tried that already, I tried to create a customized service called "m_icmp", protocol is "icmp", but still, "iptables -nvL -t mangle" didn't show anything about icmp.
"grep icmp /proc/net/ip_conntrack" also only shows "mark=0"
tatsuya46 wrote:
seems its gone now, try adding a custom port entry, for protocol select icmp, & name it something different, none of the previous names that were used before like "icmp2" or something
Another issue is: service http cannot capture https traffic. I didn't found https in service list as well, so I assume http include https. But command:
grep "dport=443" /proc/net/ip_conntrack | grep -v "mark=0"
show nothing.
I tried to configure service priority for gmail (imaps, smtps) as well, but none of them (gmail, imap, imaps, smtp, smtps) work. The only way to make it work is define port based customized service.
In my understanding nDPI should be able to detect youtube, gmail even using https, but none of those work for me.
Joined: 03 Jan 2010 Posts: 7568 Location: YWG, Canada
Posted: Wed Nov 02, 2016 23:34 Post subject:
noodle04 wrote:
Another issue is: service http cannot capture https traffic. I didn't found https in service list as well, so I assume http include https. But command:
grep "dport=443" /proc/net/ip_conntrack | grep -v "mark=0"
show nothing.
I tried to configure service priority for gmail (imaps, smtps) as well, but none of them (gmail, imap, imaps, smtp, smtps) work. The only way to make it work is define port based customized service.
In my understanding nDPI should be able to detect youtube, gmail even using https, but none of those work for me.
i use a custom port for https, port 443 ~ 443 tcp only, works. _________________ LATEST FIRMWARE(S)
BrainSlayer wrote:
we just do it since we do not like any restrictions enforced by stupid cocaine snorting managers
I'm on latest Kong's build, and I defined many customized service (port based), which working pretty good. But after hours (not sure how long), QoS settings still there, "iptables -nvL -t mangle" still shows rules, but QoS is not happening.
