Two QoS/iptables related questions

Hi... Two questions,

1. Can I make "iptables compatible" mark from application? If yes, how?

2. Is this mark passed over LAN? IE, can I make decision on box B based
on mark made by application on box A?

Thanks

Hi,

On 2005-07-16, Jomu <dragisha@gmail.com> wrote:
> Hi... Two questions,
>
> 1. Can I make "iptables compatible" mark from application? If yes, how?
>
Specififing by application is not possible, that I know of but you might
be able to get a good effect if you use the 'owner' match and dport/sport
options. I assume that there is something common about the network activity
that you could identify with iptables (web browsers 99% of the time connect
to port 80, etc etc) and then you can use the 'owner' matching rule to match
which user on the machine made that request. This might do what you need.

> 2. Is this mark passed over LAN? IE, can I make decision on box B based
> on mark made by application on box A?
>
Not with MARK, but if you use the DSCP field for your own purposes you might
have some luck.

Regards

Alex

> Thanks
>

Alexander Clouter wrote:
> Hi,
>
> On 2005-07-16, Jomu <dragisha@gmail.com> wrote:
> > Hi... Two questions,
> >
> > 1. Can I make "iptables compatible" mark from application? If yes, how?
> >
> Specififing by application is not possible, that I know of but you might
> be able to get a good effect if you use the 'owner' match and dport/sport
> options. I assume that there is something common about the network activity
> that you could identify with iptables (web browsers 99% of the time connect
> to port 80, etc etc) and then you can use the 'owner' matching rule to match
> which user on the machine made that request. This might do what you need.

This I understand, but I would like to mark _from_ application -
meaning to patch application to mark what I need, but I don't know if
it's possible, and how... Maybe to manipulate TOS field and so expedite
some traffic... Hmm, thinking about that... TOS _would_ be passed along
the way and I can make my QoS decision bassed on source host _and_
TOS... Time to google for setsockopt+TOS...

>
> > 2. Is this mark passed over LAN? IE, can I make decision on box B based
> > on mark made by application on box A?
> >
> Not with MARK, but if you use the DSCP field for your own purposes you might
> have some luck.
>

I've glimpsed google with DSCP... Looks like it's replacement/renamed
TOS?

> Regards
>
> Alex
>
> > Thanks
> >

TA,
dd

On 2005-07-16, Jomu <dragisha@gmail.com> wrote:
>
>> Specififing by application is not possible, that I know of but you might
>> be able to get a good effect if you use the 'owner' match and dport/sport
>> options. I assume that there is something common about the network activity
>> that you could identify with iptables (web browsers 99% of the time connect
>> to port 80, etc etc) and then you can use the 'owner' matching rule to match
>> which user on the machine made that request. This might do what you need.
>
> This I understand, but I would like to mark _from_ application -
> meaning to patch application to mark what I need, but I don't know if
> it's possible, and how... Maybe to manipulate TOS field and so expedite
> some traffic... Hmm, thinking about that... TOS _would_ be passed along
> the way and I can make my QoS decision bassed on source host _and_
> TOS... Time to google for setsockopt+TOS...
>
erm....I just said you cannot mark depending on application but you might be
able to do what you want with matching against 'owner' and source/destination
ports...

Erm....and DSCP is more or less TOS, uses the same bits in the IP packet, but
gives you a lot more flexibility than four packet markings. With DSCP you
can have upto 64.

QoS'ing depending on 'application' is usually always the worst way of doing
things, the only thing I can guess is that you might be trying to grab P2P
software; all other sotware has predictable ports/behaviour.

You should use IPP2P or simply pick large ACK packets (above 500 bytes or so)
and mark those as P2P traffic.

Can you give some context to what you are trying to do? If all it takes is
the user to copy a binary and rename it to get better performance then you
are very obviously going the wrong way about things; that is assuming you are
trying to control P2P traffic.

Regards

Alex

>>
>> > 2. Is this mark passed over LAN? IE, can I make decision on box B based
>> > on mark made by application on box A?
>> >
>> Not with MARK, but if you use the DSCP field for your own purposes you might
>> have some luck.
>>
>
> I've glimpsed google with DSCP... Looks like it's replacement/renamed
> TOS?
>
>> Regards
>>
>> Alex
>>
>> > Thanks
>> >
>
> TA,
> dd
>