i have these rules in mangle, within others
in low traffic hours everything is ok. in high traffic hours, ROS hangs and reboot. it works no more than 1minute after reboot, and hangs again. no autosupport is generated.
i use those marked packet to drop p2p or to give low priority (i know that that doesn't work to shape traffic in encrypted clients).

why do you think ROS hangs.
that behavior was tested in ROS v3.14, v3.15 & 3.16.

that's maybe too many L7 dependent rules. L7 is very very CPU intensive, use it as minimal as you can

ok ... thanks for your advise

Code: Select all

add action=mark-connection chain=forward comment=p2p disabled=no \
    new-connection-mark=p2p_conn p2p=all-p2p passthrough=yes

This rule should be before all other layer7 rules.
Use regular rules to mark as many as you can and only then for the rest of the packets use layer7.

all layer-7 rules are executed beacuse of the "passthrough=yes" of the rule you mention.

it's wired because those rules are executed in a Celeron 2GHz... Normis says that layer-7 is very very cpu intensive, but when my ROS hangs only 15% or 20% of cpu usage is present.

Do not use imesh and L7. Imesh regexp is fulting ROS. Dont know why.

itfutura is right, imesh L-7 is not work here. But else L-7 is magic, it really is. I'm using L-7 http protocol for http marking and it's just wonderful, can't imagine how good it is. I have put another L-7 http protocol in MT (not from MT wiki) from L-7 protocol website and it's says this L-7 http protocol is faster then previous one. you ppl can give it a try.

Thanks

I have been using L7 from the Wiki for about 2 weeks so far and really happy with it. But, I notice that I can have 2 Mbs of traffic at the interface whil seeing only 300kbs of traffic on the DSL_In qeue? What gives? What traffic am I missing?

hulk, please post the regexp for http. Thanks.

HTTP L-7 :


http/(0\.9|1\.0|1\.1) [1-5][0-9][0-9]|post [\x09-\x0d -~]* http/[01]\.[019]
# old pattern(s):
#(http[\x09-\x0d -~]*(200 ok|302 |304 )[\x09-\x0d -~]*(connection:|content-type:|content-length:))|^(post [\x09-\x0d -~]* http/)

Thanx, I'll try it

Can someone check me, I might be doing something wrong.
All my traffic is piped thru a MT x86 router. On one end I have a 6Mbs DSL line (called Ouside) and on the other I have a connection to a MT532 that then feeds 3 other MT routers and 58 UBNT CPEs. I have been watching my traffic and I can see some strange readings. The outside interface will read 2.5Mbs Rx while the Qeue DSL_In will read 450Kbs. It should match since the DSL_In parent is global_in. Here is a sample of my config:

Flags: X - disabled, I - invalid, D - dynamic
0 ;;; 100bao_p2p
chain=prerouting action=mark-packet new-packet-mark=100bao_p2p_in
passthrough=yes layer7-protocol=100bao in-interface=Local

1 chain=postrouting action=mark-packet new-packet-mark=100bao_p2p_out
passthrough=yes layer7-protocol=100bao out-interface=Outside

2 ;;; aim mesenger
chain=prerouting action=mark-packet new-packet-mark=aim_mesanger_in
passthrough=yes layer7-protocol=aim in-interface=Local

3 chain=postrouting action=mark-packet new-packet-mark=aim_mesanger_out
passthrough=yes layer7-protocol=aim out-interface=Outside

4 ;;; aim_messenger_web
chain=prerouting action=mark-packet new-packet-mark=aim_mesenger_web_in
passthrough=yes layer7-protocol=aimwebcontent in-interface=Local

5 chain=postrouting action=mark-packet new-packet-mark=aim_mesenger_web_out
passthrough=yes layer7-protocol=aimwebcontent out-interface=Outside

...and my queu tree:

Flags: X - disabled, I - invalid
0 name="DSL_IN" parent=global-in packet-mark="" limit-at=5000000
queue=default priority=1 max-limit=6000000 burst-limit=0
burst-threshold=0 burst-time=0s

1 name="100bao_p2p_in" parent=DSL_IN packet-mark=100bao_p2p_in limit-at=0
queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

2 name="aim_mesanger_in" parent=DSL_IN packet-mark=aim_mesanger_in
limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

3 name="aim_mesenger_web_in" parent=DSL_IN packet-mark=aim_mesenger_web_in
limit-at=0 queue=default priority=6 max-limit=0 burst-limit=0
burst-threshold=0 burst-time=0s

4 name="applejuice_in" parent=DSL_IN packet-mark=applejuice_in limit-at=0
queue=default priority=7 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s

5 name="ares_p2p_in" parent=DSL_IN packet-mark=ares_p2p_in limit-at=0
queue=default priority=7 max-limit=0 burst-limit=0 burst-threshold=0

Any ideas???

wiki example is missing all the rest of the traffic. whoever put it up there made all a bad favor

example:

103 X ;;; all-other
chain=prerouting action=mark-packet new-packet-mark=all-other_in passthrough=no in-interface=ADSL1

104 X chain=postrouting action=mark-packet new-packet-mark=all-other_out passthrough=no out-interface=ADSL1

Haha if our problem with RB433AH is caused by the stupid imesh layer 7 then whoever put it on the WiKi made us a huge bad favor

p.s. I have found that the WiKi for L7 - there is no way to use it like it is - the rules get inserted with lots of errors. I don't know how one must paste them one by one or something for it to work. I'm very angry.

What I did and it didnt work was - copy paste them into a txt which then renamed to src and uplaoded to the router. It seems the txt was the wrong encoding or something. This is very bad.

Which one is correct?!?!



the first one is from http://l7-filter.sourceforge.net/protocols.en.php and the second one is from http://wiki.mikrotik.com/wiki/Basic_tra ... _protocols