Hi there, since the kamikaze rc1 fixed the pppoe issues I finally had the chance to install gargoyle and I am really impressed. Great work you have done here !
Now for a quick question:
Is there an easy way to import custom layer7 patterns ? I copied my old ones from my old white russian installation back into the pattern folder under /etc but the gui wouldn't let me select them in the qos settings. Is there a way to use them ? There are some patterns that work great for some online games for example that I have used in the past and it would be nice to get them working again.
Oh btw: the opkg config file points to a location that doesn't seem to exist, so opkg update fails. I changed the RC2 in the path to RC1 to get it working again.
Custom layer7 patterns
Moderator: Moderators
Re: Custom layer7 patterns
Unfortunately there is not any way to do this very simply right now.
There are several places you need to edit to add new layer7 protocols. The QoS implementation is a bit more complex and convoluted (e.g. stupidly designed) than the restriction rule implementation, mostly because I created the QoS code first and didn't make the same mistakes twice.
To add new protocol:
1) add pattern to /etc/l7-protocols directory
2) edit /www/js/qos.js. There are two arrays called protocolIds and displayProtocolNames. On the end of protocolIds add the actual name of the protocol (which will get passed to iptables), and on the end of displayProtocolNames and the name of the protocol.
3) edit the following three files: /www/qos_upload.sh, /www/qos_download.sh, and qos_edit_rule.sh in the same way. Find the select element with the id "app_protocol". To this add another option with the display name of your new protocol
4) To add the new protocol to the access restriction page, just edit templates/restriction_template, and add an option that has a value equal to the name of the protocol that gets sent to iptables, and the text to the display name of the protocol.
That should do it. Sorry, I didn't make adding custom protocols easier. I'll see if I can address this in future releases.
There are several places you need to edit to add new layer7 protocols. The QoS implementation is a bit more complex and convoluted (e.g. stupidly designed) than the restriction rule implementation, mostly because I created the QoS code first and didn't make the same mistakes twice.
To add new protocol:
1) add pattern to /etc/l7-protocols directory
2) edit /www/js/qos.js. There are two arrays called protocolIds and displayProtocolNames. On the end of protocolIds add the actual name of the protocol (which will get passed to iptables), and on the end of displayProtocolNames and the name of the protocol.
3) edit the following three files: /www/qos_upload.sh, /www/qos_download.sh, and qos_edit_rule.sh in the same way. Find the select element with the id "app_protocol". To this add another option with the display name of your new protocol
4) To add the new protocol to the access restriction page, just edit templates/restriction_template, and add an option that has a value equal to the name of the protocol that gets sent to iptables, and the text to the display name of the protocol.
That should do it. Sorry, I didn't make adding custom protocols easier. I'll see if I can address this in future releases.
-
hotzenpl0tz
- Posts: 51
- Joined: Thu Dec 18, 2008 1:11 pm
Re: Custom layer7 patterns
Aha, thanks so much ! Then there is only one more question left - on my quest to try and find out how to do the changes myself - I stumbled upon: /etc/l7marker.marks
Since I had absolutely no idea what the values behind the protocols meant, I thought I was stuck and didn't go any further - can you help met out here ?
Other than that - I am very happy though - I really like the traffic/qos usage statistics - very nice! Thanks for your work on this, I really appreciate this.
Oh and btw: I would put that sort of customization back on your todo list - I don't believe there are that many people who really need more layer7 rules than the ones provided. The only ones I was missing were some specific ones for some games - and I wanted to try some other ones to see if anything matches "lastfm" traffic - a webradio service that everyone in my flat uses. I don't want to get shouted at anymore because my downloads disrupt the webradio experience
Since I had absolutely no idea what the values behind the protocols meant, I thought I was stuck and didn't go any further - can you help met out here ?
Other than that - I am very happy though - I really like the traffic/qos usage statistics - very nice! Thanks for your work on this, I really appreciate this.
Oh and btw: I would put that sort of customization back on your todo list - I don't believe there are that many people who really need more layer7 rules than the ones provided. The only ones I was missing were some specific ones for some games - and I wanted to try some other ones to see if anything matches "lastfm" traffic - a webradio service that everyone in my flat uses. I don't want to get shouted at anymore because my downloads disrupt the webradio experience
Re: Custom layer7 patterns
You don't need to edit /etc/l7marker.marks. This gets generated automatically.
Here's how it works: The layer7 match module can't identify every packet of a protocol. Sometimes it needs to see very specific packets before it can identify what protocol a connection belongs to. So, when a layer7 protocol matches a given connection, a special marker called a connmark is set on the connection to be able to identify what protocol is associated with it. The connmark persists and applies to all packets in the connection. The /etc/l7marker.marks is a list of what connmark gets associated with what layer7 protocol. The connmarks get assigned consecutively, one for each protocol to a maximum of 255. This allows programs to easily interpret what a given mark means and take the appropiate action.
What I was going to put on my todo list wasn't adding more protocols, but having a single place where the available protocols are listed, so only editing one file is necessary to add/remove protocols instead of five different files. That's a sign of a bad design and should be fixed.
Here's how it works: The layer7 match module can't identify every packet of a protocol. Sometimes it needs to see very specific packets before it can identify what protocol a connection belongs to. So, when a layer7 protocol matches a given connection, a special marker called a connmark is set on the connection to be able to identify what protocol is associated with it. The connmark persists and applies to all packets in the connection. The /etc/l7marker.marks is a list of what connmark gets associated with what layer7 protocol. The connmarks get assigned consecutively, one for each protocol to a maximum of 255. This allows programs to easily interpret what a given mark means and take the appropiate action.
What I was going to put on my todo list wasn't adding more protocols, but having a single place where the available protocols are listed, so only editing one file is necessary to add/remove protocols instead of five different files. That's a sign of a bad design and should be fixed.
Re: Custom layer7 patterns
Looks like 8.09 RC2 is released, so there's no need to change the opkg.conf any more now.hotzenpl0tz wrote: Oh btw: the opkg config file points to a location that doesn't seem to exist, so opkg update fails. I changed the RC2 in the path to RC1 to get it working again.
Re: Custom layer7 patterns
Any chance of getting the Skype L7 pattern added, I want to be able to strangle Skype video when needed.
S
S