www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Level 7 filter on 3.0.0

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
maccowley



Joined: 06 Feb 2014
Posts: 17

PostPosted: Thu Feb 06, 2014 7:53 am    Post subject: Level 7 filter on 3.0.0 Reply with quote

I installed Zeroshell on a Zotac with an AMD-350 and it runs very well except of the level 7 filters.

I would like to setup a bridge for QOS like described in http://www.zeroshell.org/qos/. This should enhance the quality of our VOIP calls. The bridge works fine, but I couldn't get the L7 filters running. I tried several of them like VOIP, Skype, FTP,.. without any results. I have made a special test class to monitor the effects without success.
When I look at the processor load I am pretty sure that there is no L7 filter running.

Is it possible that this is a specific problem of the new 3.0 version?

Thanks for any ideas
--
maccowley
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 232

PostPosted: Thu Feb 06, 2014 2:28 pm    Post subject: Reply with quote

Quality of your voip calls will only benefit from router's QOS if your ISP supports QOS too. Been there done that.

Ping to voip proxy has times more impact than your router's QOS alone.
Back to top
View user's profile Send private message
maccowley



Joined: 06 Feb 2014
Posts: 17

PostPosted: Thu Feb 06, 2014 7:35 pm    Post subject: Reply with quote

This doesn't help me to solve my problem.

First I have to control the bandwidth on our Internet line and then I can think of QOS of the provider.
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1073

PostPosted: Thu Feb 06, 2014 7:57 pm    Post subject: Reply with quote

Could you try to classify http traffic by using Layer 7 filter?
I need to understand if your problem is due to the Kernel L7 module or just to signature bugs.

Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
DrmCa



Joined: 12 Apr 2011
Posts: 232

PostPosted: Thu Feb 06, 2014 9:05 pm    Post subject: Reply with quote

maccowley wrote:
This doesn't help me to solve my problem.

First I have to control the bandwidth on our Internet line and then I can think of QOS of the provider.


A little while ago I had the same feeling. But then I realized, that I can QoS SIP/RTP for all I wanted, but provider would just ignore my attempts and transfer all packets in the order received, thus negating any attempts at QoS on my side.

What are you trying to achieve? Prioritizing Voip traffic over HTTP?
This is what's going to happen: someone on your LAN is downloading a file while you are trying to talk over your Voip phone. Your provider does not know about that. You configured ZS to prioritize Voip traffic, but provider is still flooding you with HTTP packets of that download. What do you want the router to do?
Back to top
View user's profile Send private message
maccowley



Joined: 06 Feb 2014
Posts: 17

PostPosted: Thu Feb 06, 2014 9:19 pm    Post subject: Reply with quote

QOS and traffic shaping works very well when using e.g. ip filters. This enhances the quality of VOIP.

If the router or in my case the bridge doesn't acknowledge the http packets, your provider can't flood your line. This is the basic method of handshake.
Back to top
View user's profile Send private message
DrmCa



Joined: 12 Apr 2011
Posts: 232

PostPosted: Fri Feb 07, 2014 6:32 pm    Post subject: Reply with quote

Smile There is no ACK for every packet.
Back to top
View user's profile Send private message
maccowley



Joined: 06 Feb 2014
Posts: 17

PostPosted: Fri Feb 07, 2014 10:29 pm    Post subject: Reply with quote

None of the L7 filter works, even not http.
Filter with IP addresses or port numbers work without any problems.

I read in the forum that there was a problem with 2.0 RC3 and L7 level filter, too. Maybe this is an older bug?
Back to top
View user's profile Send private message
Saszka



Joined: 15 Oct 2013
Posts: 4

PostPosted: Tue Feb 11, 2014 11:20 am    Post subject: Reply with quote

Yes, L7 filter on Zeroshell 3.0 still not work property in router mode.

QoS when using ip filter or packet work, but when we choose L7 filter (http, voip etc), QoS don't see packets.
Back to top
View user's profile Send private message
fulvio
Site Admin


Joined: 01 Nov 2006
Posts: 1073

PostPosted: Tue Feb 11, 2014 10:11 pm    Post subject: Reply with quote

It seems that in bridge mode L7 filters work correctly.
I have not tried routed mode.
Regards
Fulvio
Back to top
View user's profile Send private message Send e-mail
maccowley



Joined: 06 Feb 2014
Posts: 17

PostPosted: Fri Feb 14, 2014 12:02 pm    Post subject: Reply with quote

I started setting up the bridge from scratch and added a level 7 for http only. Not a single bit is assigned to the http class. Everything is default.

I can't agree that the level 7 filters in bridge mode work correctly.

I will give version 2.0RC3 a try.
Back to top
View user's profile Send private message
maccowley



Joined: 06 Feb 2014
Posts: 17

PostPosted: Mon Feb 17, 2014 11:24 am    Post subject: Reply with quote

Same problem with 2.0.RC3: Level 7 filters don't work. I have tried both: router and bridge mode. Other filters work flawless.
Back to top
View user's profile Send private message
lannet2k



Joined: 30 Jan 2014
Posts: 2

PostPosted: Mon Feb 17, 2014 2:27 pm    Post subject: Reply with quote

Also looking in the traffic statistic the filtering is alway 0 all traffic goes to default.
Back to top
View user's profile Send private message
timoguic



Joined: 03 Mar 2014
Posts: 1

PostPosted: Mon Mar 03, 2014 7:44 am    Post subject: Reply with quote

I also tried to get the L7 filters to work on my setup in routed mode, but the statistics show the class does not fill. It actually works fine when using IP / ports combination.

I did not try it in bridged mode yet. It would be nice to have this fixed if it is a bug. I tried to look into it, no luck Smile
Back to top
View user's profile Send private message
sanctusmob



Joined: 28 Apr 2014
Posts: 2

PostPosted: Mon Apr 28, 2014 6:51 pm    Post subject: Reply with quote

Still nothing?
Back to top
View user's profile Send private message
Pit



Joined: 14 Jan 2010
Posts: 45
Location: Germany

PostPosted: Tue Jul 29, 2014 9:21 pm    Post subject: Reply with quote

Hi,

kernel 3.x.y has no support for layer7. Layer7 filtreing can not work.

Therfore i asked Fulvio several times to give us back the kernel 2.x.y. No response til today. Please build a lobby for this and ask again and again.

Regards Pit
Back to top
View user's profile Send private message
m_elias



Joined: 07 Nov 2012
Posts: 30

PostPosted: Wed Jul 30, 2014 1:58 am    Post subject: Reply with quote

Layer 7 would be really awesome!!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group