Project

General

Profile

Actions

Bug #1575

closed

Limiters are bypassed by local applications injecting rules

Added by Ermal Luçi almost 13 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Low
Assignee:
-
Category:
Traffic Shaper (Limiters)
Target version:
-
Start date:
06/02/2011
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Taking a look at http://forum.pfsense.org/index.php/topic,37399.0.html
it would be good to teach the match action about limiters as well to avoid such kind of issues.

Actions #1

Updated by Chris Buechler almost 13 years ago

  • Target version deleted (2.0)
Actions #2

Updated by Nikolay Stoyanov about 12 years ago

I have same problem in latest 2.0.1-RELEASE.
http://forum.pfsense.org/index.php/topic,46469.0.html

Actions #3

Updated by Bipin Chandra over 11 years ago

will this be fixed or is it fixed in 2.1?

Actions #4

Updated by Ermal Luçi over 11 years ago

Normally this can be overcommed with match rules on floating tab.
It is present there on 2.1 and i am pushing the fix to allow the rule for limiters as well.

Just create a Match rule under floating rules with limiters you want and it would be applied to these rules.

Actions #5

Updated by Ermal Luçi over 11 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #6

Updated by Bipin Chandra about 11 years ago

does seem to work still, upnp devices bypass limiter

Actions #7

Updated by Ermal Luçi about 11 years ago

Can you provide any analysis of how you do your checking?
Also provide a

ipfw pipe show
ipfw queue show
pfctl -vvsr
pfctl -vvsn
pfctl -a miniupnpd -vvsn
pfctl -a miniupnpd -vvsr

Actions #8

Updated by Bipin Chandra about 11 years ago

this was discussed here
http://forum.pfsense.org/index.php/topic,56092.0.html

the easy way to test this is, enable upnp, create limiters, create match rules under floating tab with limiters applied then u first do a speed test and it will be limited fine, now that same speed limit should apply but start a torrent download using utorrent or any such software and make it open a random port using upnp and then notice the download and upload speed exceed the limiter value and this way u know it never works once any application tries to open a port using upnp, the limiter almost becomes dead, it does work fine for other ports not opened by upnp

Actions #9

Updated by Ermal Luçi about 11 years ago

In that forum post i do not see any limiters configured on the ruleset posted.
So please provide the information if you want this to be pursued.

Actions #10

Updated by Bipin Chandra about 11 years ago

plz remove post after u have read it

Actions #11

Updated by Ermal Luçi about 11 years ago

Can you try by removing the quick option on the match rules, if you have selected it?

Actions #12

Updated by Bipin Chandra about 11 years ago

yes its ticked, trying without that now but if we untick then i guess in the past there was a problem of traffic for those clients not going to proper queues and i guess u only mentioned in the forum a very long time back that it needs to be ticked but for now i didnt assign any queues to those rules so no issues

Actions #13

Updated by Bipin Chandra about 11 years ago

tried it still same, clients upload speed exceeds limiter values

Actions #14

Updated by Chris Buechler over 9 years ago

  • Category set to Traffic Shaper (Limiters)
  • Affected Version changed from 2.0 to All
Actions #15

Updated by Anonymous about 5 years ago

Is this issue still present in the latest development build?

Actions #16

Updated by Jim Pingle over 4 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF