Table of Contents

Assigning priorities according to the protocols

The protocol priorities (assigned by system administrator) are loaded by DPI from the file /etc/dpi/protocols.dscp.

This file is created in two steps: first one creates a text file with the list of protocols and their priorities. Second, it is converted into an internal format by a special utility.

To apply the changes you need to the DPI configuration with the following command: 

service fastdpi reload

The file format of protocols and priorities list:

Each line contains the protocol name, then space, then dscp value. For example: 

dns         0x3F
skype       drop
compressnet 010
ftp         keep
http        cs0
default     keep
Full list of protocols.
DSCP value is specified as decimal, hex or octal number or as a text abbreviation.

Keywords meaning:

To ensure that the drop action is applied only after TLS has been parsed and the SNI has been determined, you must add the parameter smartdrop = 1 to fastdpi.conf. This means that if drop is specified for a protocol, the action will be deferred until TLS has been parsed or a TLS parsing error occurs. This is a hot parameter; simply reload the configuration.

Configuring Traffic Classification

1. Create a file named protocols.txt containing a list of the protocol groups we want to filter out from general traffic, along with their assigned priorities (classes): 

dns cs0
ICMP cs0
http cs0
https cs0
QUIC cs1
default cs2
bittorrent cs7

where

This marking is taken into account in class-based policing rules.

2. Convert it to the DSCP format, which fastDPI understands 

cat protocols.txt|lst2dscp /etc/dpi/protocols.dscp
You can add comments (#) and blank lines to the input files of the lst2dscp utility.

3. Apply the settings 

service fastdpi reload

When moving settings to the working directory after saving a configuration backup, you must perform a reload after the move: 

mv protocols.dscp  /etc/dpi/protocols.dscp
Use only the mv command — it is atomic; do not use copying