Chain SVQOS_IN (1 references)
pkts bytes target prot opt in out source destination
380K 480M CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
365K 478M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
0 0 MARK 0 -- * * 192.168.1.229 0.0.0.0/0 MARK match 0x0 MARK set 0x28
0 0 MARK 0 -- * * 0.0.0.0/0 192.168.1.229 MARK match 0x0 MARK set 0x28
0 0 MARK 0 -- * * 192.168.1.97 0.0.0.0/0 MARK match 0x0 MARK set 0xa
0 0 MARK 0 -- * * 0.0.0.0/0 192.168.1.97 MARK match 0x0 MARK set 0xa
1 60 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto dns MARK match 0x0 MARK set 0xa
186 194K MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ssl MARK match 0x0 MARK set 0x14
1661 1511K MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http MARK match 0x0 MARK set 0x14
15825 2571K CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
15825 2571K RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain SVQOS_OUT (1 references)
pkts bytes target prot opt in out source destination
234K 23M CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
201K 20M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
1503 85516 MARK 0 -- * * 192.168.1.229 0.0.0.0/0 MARK match 0x0 MARK set 0x28
0 0 MARK 0 -- * * 0.0.0.0/0 192.168.1.229 MARK match 0x0 MARK set 0x28
171 128K MARK 0 -- * * 192.168.1.97 0.0.0.0/0 MARK match 0x0 MARK set 0xa
0 0 MARK 0 -- * * 0.0.0.0/0 192.168.1.97 MARK match 0x0 MARK set 0xa
1895 127K MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto dns MARK match 0x0 MARK set 0xa
0 0 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ssl MARK match 0x0 MARK set 0x14
191 98146 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http MARK match 0x0 MARK set 0x14
32952 3348K CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
32952 3348K RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
root@DD-WRT:~#
Now I would like to prioritize all tcp ACK-packets that are smaller equal 64 Bytes.
This packets should go to class 10.
Is this comand right to realize it?
Code:
iptables -A POSTROUTING -t mangle -o ppp0 -p tcp -m length --length :64 -j MARK --set-mark 0xa
This comand should be boot and 24h reconnect resistant, so where I should put it in?
Chain OUTPUT (policy ACCEPT 5419 packets, 2584K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 488K packets, 473M bytes)
pkts bytes target prot opt in out source destination
169K 7341K SVQOS_OUT 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
[b]165K 6771K MARK tcp -- * ppp0 0.0.0.0/0 0.0.0.0/0 length 0:64 MARK set 0xa[/b]
Chain SVQOS_IN (1 references)
pkts bytes target prot opt in out source destination
314K 463M CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
258K 383M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
0 0 MARK 0 -- * * 192.168.1.229 0.0.0.0/0 MARK match 0x0 MARK set 0x28
0 0 MARK 0 -- * * 0.0.0.0/0 192.168.1.229 MARK match 0x0 MARK set 0x28
0 0 MARK 0 -- * * 192.168.1.97 0.0.0.0/0 MARK match 0x0 MARK set 0xa
0 0 MARK 0 -- * * 0.0.0.0/0 192.168.1.97 MARK match 0x0 MARK set 0xa
0 0 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto dns MARK match 0x0 MARK set 0xa
35 42443 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ssl MARK match 0x0 MARK set 0x14
167 156K MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http MARK match 0x0 MARK set 0x14
56453 80M CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
56453 80M RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain SVQOS_OUT (1 references)
pkts bytes target prot opt in out source destination
169K 7341K CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
132K 5563K RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
0 0 MARK 0 -- * * 192.168.1.229 0.0.0.0/0 MARK match 0x0 MARK set 0x28
0 0 MARK 0 -- * * 0.0.0.0/0 192.168.1.229 MARK match 0x0 MARK set 0x28
11 9028 MARK 0 -- * * 192.168.1.97 0.0.0.0/0 MARK match 0x0 MARK set 0xa
0 0 MARK 0 -- * * 0.0.0.0/0 192.168.1.97 MARK match 0x0 MARK set 0xa
401 25987 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto dns MARK match 0x0 MARK set 0xa
0 0 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ssl MARK match 0x0 MARK set 0x14
5 2900 MARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http MARK match 0x0 MARK set 0x14
36612 1778K CONNMARK 0 -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save
36612 1778K RETURN 0 -- * * 0.0.0.0/0 0.0.0.0/0
root@DD-WRT:~#
I'm not an iptables and tc expert, therefore it would be very nice, if somebody could confirm this, what i'm doing here, is right or not.
Thanx.