LebGeeks

rolf

Member

Connbytes iptables patch

I'm looking into the connbytes patch, what this thing does is add a match to iptable that will enable you to apply rules to connections depending on the amount of bytes transfterred.
When used in conjunction with tc, it will enable you to give lowest priority to the connections that have trasfrerred lots of data (for example big downloads) and give higher priority to short connections (eg, webpages, small images)
Does anyone have experience on that? I know the patch exists, but it seems that it's unavalable for the latest kernel versions...
Interestingly, it's available on OpenWrt.

Last edited by rolf (December 14 2006)

samer

Admin

Re: Connbytes iptables patch

i'm using the QoS feature in DD-WRT, I think you can enable something like that.

nuclearcat

Member

Re: Connbytes iptables patch

CONFIG_NETFILTER_XT_MATCH_CONNBYTES
config NETFILTER_XT_MATCH_CONNBYTES
        tristate  '"connbytes" per-connection counter match support'
        depends on NETFILTER_XTABLES
        depends on (IP_NF_CONNTRACK && IP_NF_CT_ACCT) || (NF_CT_ACCT && NF_CONNTRACK)
So you have to enable IP_NF_CT_ACCT, to have this option available
config IP_NF_CT_ACCT
        bool "Connection tracking flow accounting"

It is 2.6.19.

rolf

Member

Re: Connbytes iptables patch

I'll try it, thanks a lot.

Last edited by rolf (December 15 2006)

rolf

Member

Re: Connbytes iptables patch

The problem was that uploads (for example uploading a file to ftp) will considerably slow down the downloads.
I have solved it through tc by giving high priority to all ACK packets, now downloads are not slowed down anymore.