The ports are expected to be destination ports on the remote side. It looks like 3074 is the local port on your machine, so it doesn’t work.
You can setup a firewall rule in LuCI to mark any packet from the lan zone with source port 3074 as cs4.
i finally got dscp classify to work..i want to give cake qos a try again but which one you guys think is better
hello what to put here
overwrite_ul_ect_0_val="" # overwrite upload ECT(1) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
overwrite_ul_ect_1_val="" # overwrite upload ECT(0) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
overwrite_dl_ect_0_val="" # overwrite download ECT(1) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
overwrite_dl_ect_1_val="" # overwrite download ECT(1) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
and how to add this 44 64mpu here im doing it wrong
cake_ul_options="diffserv4 triple-isolate nat wash ack-filter noatm overhead 0"
cake_dl_options="diffserv4 triple-isolate nat nowash ingress no-ack-filter noatm overhead 0"
Depends on whether you want to allow/disallow ECN in its rfc3168 variant (can use ECT0 and ECT1) or in its rfc9331 variant (L4S).
I would recommend the following, keep it both enabled, until you see actual real rfc9331 traffic in which case set:
overwrite_ul_ect_1_val="0" # overwrite upload ECT(0) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
overwrite_dl_ect_1_val="0" # overwrite upload ECT(0) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
as cake does not do rfc9331-style signalling.
cake_ul_options="diffserv4 triple-isolate nat wash ack-filter noatm overhead 44 mpu 64"
cake_dl_options="diffserv4 triple-isolate nat nowash ingress no-ack-filter noatm overhead 44 mpu 64"
Personally I would use:
cake_ul_options="diffserv4 dual-srchost nat wash ack-filter noatm overhead 44 mpu 64"
cake_dl_options="diffserv4 dual-dsthost nat nowash ingress no-ack-filter noatm overhead 44 mpu 64"
for a stricter per-internal-IP isolation, but for many traffic mixes triple-isolate likely will be quite similar.
EDIT: typofix dual-srchost instead of the incorrect dual-srhost... mpu 64 instead of mpu64, sigh, not my day, I guess
i added the lines and reloaded cake qos and got this error
login as: root
BusyBox v1.36.1 (2024-03-22 22:09:42 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 23.05.3, r23809-234f1a2efa
-----------------------------------------------------
=== WARNING! =====================================
There is no root password defined on this device!
Use the "passwd" command to set up a new password
in order to prevent unauthorized SSH logins.
--------------------------------------------------
root@OpenWrt:~# service cake-qos-simple reload
Removing ingress handle for interface: 'wan'.
Removing CAKE on interface: 'wan'.
Removing CAKE on interface: 'ifb-wan'.
Setting IFB interface: 'ifb-wan' down.
Removing IFB interface: 'ifb-wan'.
Removing nftables rules for cake-qos-simple
Stopped cake-qos-simple.
Checking validity of nft.rules file.
Validity check of nft.rules file passed.
Setting up nftables rules for cake-qos-simple using: /root/cake-qos-simple/nft.rules.
Setting up ingress handle for interface: 'wan'.
No dl_if specified, so setting up appropriate IFB.
Creating IFB device: 'ifb-wan'.
Setting interface: 'ifb-wan' up.
Setting up tc filter to restore DSCPs from conntrack on ingress packets on interface: 'wan' and redirecting to IFB interface: 'ifb-wan'.
Setting up CAKE on interface: 'wan' with bandwidth: '20Mbit/s' and options: 'diffserv4 dual-srhost nat wash ack-filter noatm overhead 44 mpu 64'.
What is "dual-srhost"?
Usage: ... cake [ bandwidth RATE | unlimited* | autorate-ingress ]
[ rtt TIME | datacentre | lan | metro | regional |
internet* | oceanic | satellite | interplanetary ]
[ besteffort | diffserv8 | diffserv4 | diffserv3* ]
[ flowblind | srchost | dsthost | hosts | flows |
dual-srchost | dual-dsthost | triple-isolate* ]
[ nat | nonat* ]
[ wash | nowash* ]
[ split-gso* | no-split-gso ]
[ ack-filter | ack-filter-aggressive | no-ack-filter* ]
[ memlimit LIMIT ]
[ fwmark MASK ]
[ ptm | atm | noatm* ] [ overhead N | conservative | raw* ]
[ mpu N ] [ ingress | egress* ]
(* marks defaults)
Setting up tc filter to restore DSCPs from conntrack on egress packets on interface 'wan'.
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
Setting up filters to overwrite upload ECT(1) values with decimal value: '0'.
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
Setting up CAKE on interface: 'ifb-wan' with bandwidth: '20Mbit/s' and options: 'diffserv4 dual-dsthost nat nowash ingress no-ack-filter noatm overhead 44 mpu64'.
What is "mpu64"?
Usage: ... cake [ bandwidth RATE | unlimited* | autorate-ingress ]
[ rtt TIME | datacentre | lan | metro | regional |
internet* | oceanic | satellite | interplanetary ]
[ besteffort | diffserv8 | diffserv4 | diffserv3* ]
[ flowblind | srchost | dsthost | hosts | flows |
dual-srchost | dual-dsthost | triple-isolate* ]
[ nat | nonat* ]
[ wash | nowash* ]
[ split-gso* | no-split-gso ]
[ ack-filter | ack-filter-aggressive | no-ack-filter* ]
[ memlimit LIMIT ]
[ fwmark MASK ]
[ ptm | atm | noatm* ] [ overhead N | conservative | raw* ]
[ mpu N ] [ ingress | egress* ]
(* marks defaults)
Setting up filters to overwrite download ECT(1) values with decimal value: '0'.
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
Started cake-qos-simple.
root@OpenWrt:~#
Sorry, typo:
WRONG: dual-srhost
CORRECT: dual-srchost
please replace the incorrect line:
cake_ul_options="diffserv4 dual-srhost nat wash ack-filter noatm overhead 44 mpu 64"
with the correct one:
cake_ul_options="diffserv4 dual-srchost nat wash ack-filter noatm overhead 44 mpu 64"
another error
What is "mpu64"?
Usage: ... cake [ bandwidth RATE | unlimited* | autorate-ingress ]
[ rtt TIME | datacentre | lan | metro | regional |
internet* | oceanic | satellite | interplanetary ]
[ besteffort | diffserv8 | diffserv4 | diffserv3* ]
[ flowblind | srchost | dsthost | hosts | flows |
dual-srchost | dual-dsthost | triple-isolate* ]
[ nat | nonat* ]
[ wash | nowash* ]
[ split-gso* | no-split-gso ]
[ ack-filter | ack-filter-aggressive | no-ack-filter* ]
[ memlimit LIMIT ]
[ fwmark MASK ]
[ ptm | atm | noatm* ] [ overhead N | conservative | raw* ]
[ mpu N ] [ ingress | egress* ]
(* marks defaults)
Setting up filters to overwrite download ECT(1) values with decimal value: '0'.
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
Error: Parent Qdisc doesn't exists.
We have an error talking to the kernel
Started cake-qos-simple.
root@OpenWrt:~#
its was missing a space by mpu fixed it..now to test
1 Like
and what file to edit the rules i tried both by just changing the default settings dns port to 3074 to test but it doesnt mark it...can you show me an example how and where to set the rules ..or make a rule with 3074 udp and show me where to put it so ill just continue from there
The nftables file nft.rules is a template. The idea is to add the nft rules that are needed. This does require some knowledge of nftables. Or you can alternatively also just add appropriate firewall rules in LuCi.
What rules are you trying to add? Tagging by source port? This could be something I could add to the template. I’d simply add a line here:
1 Like
call of duty 3074 udp..show an example please and ill learn from there
You mean tag based on source ports?
a rule with the cs4 on 3074 udp source...if i put it on outgoing it will automatically get tagged cs4 on the incoming?....the source port is 3074 and the game uses dst ports between 30000-45000
OK I see. Yes so easier perhaps to tag on the source port then.
1 Like
I think it’d be worth trying to figure it out. It’s just standard nftables rules. You’d be doing what’s done for destination port only adding the appropriate lines for the source port counterpart. And you’d learn useful nftables stuff.
1 Like
ok kool ill dive deeper into it and read up mre about nftables
Actually wait I can put something together now. Two seconds.
ok kool great