Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QoS bandwidth limits ignored with Suricata IPS enabled #6681

Closed
filippocarletti opened this issue Jun 30, 2022 · 4 comments
Closed

QoS bandwidth limits ignored with Suricata IPS enabled #6681

filippocarletti opened this issue Jun 30, 2022 · 4 comments
Labels
bug A defect of the software verified All test cases were verified successfully

Comments

@filippocarletti
Copy link
Member

Download bandwidth limits are ignored for some traffic when Suricata is enabled.
Upload limits are respected.

Note: this is a regression introduced by #6661

Steps to reproduce

  • Add a QoS class with limited bandwidth
  • Assign a network client to the class
  • Run a speedtest from the client

Expected behavior

Download speed is limited to the value set in the class

Actual behavior

Download speed unlimited
Upload speed limit is respected
@filippocarletti filippocarletti added the bug A defect of the software label Jun 30, 2022
@filippocarletti filippocarletti self-assigned this Jun 30, 2022
filippocarletti added a commit to NethServer/nethserver-suricata that referenced this issue Jun 30, 2022
@filippocarletti
Move Suricata bypass mark outside QoS mask
6fa8a53 
Use 0x80 to mark connections to bypass

NethServer/dev#6681
@filippocarletti filippocarletti mentioned this issue Jun 30, 2022
Merged
@filippocarletti
Copy link
Member Author

We support 64 QoS classes, the connection marker mask is 0x3f.
The IPS bypass marker needs to be outside the QoS mask.

@filippocarletti filippocarletti removed their assignment Jun 30, 2022
@francio87
Copy link
Member

Fixed, i can't reproduce the issue.

@francio87 francio87 added the verified All test cases were verified successfully label Jun 30, 2022
@nethbot
Copy link
Member

nethbot commented Jul 1, 2022

in 7.9.2009/testing:

@nethbot
Copy link
Member

nethbot commented Jul 6, 2022

in 7.9.2009/updates:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug A defect of the software verified All test cases were verified successfully
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@filippocarletti @gsanchietti @nethbot @francio87