490

Try replacing your /etc/init.d/cake-qos-simple with this:

https://raw.githubusercontent.com/lynxthecat/cake-qos-simple/add-source-port-mapping/cake-qos-simple

Then regenerate config using:

service cake-qos-simple gen_config

and regenerate nft.rules using:

service cake-qos-simple gen_nft_rules

The new config and nft.rules are saved with .new appended, and you can just overwrite your old config or nft.rules files, amalgamating any changes as necessary.

2 Likes
491

thanks much will do it a little later and report back

1 Like
492

tried this but still didnt work..also watched a tuturial about nftables and tried to create a rule but
it failed lol...ill learn more about nftables first..dscp classify works perfect for me so ill stick with that untill i learn more about adding nftable rules..thanks much

1 Like
493

Could you please clarify me the diference between the both cod config rules?
Do i always have to use 2 config's per game, and should i forget about the TCP's on DSCP?

495

Hello everyone,

Is there a way to set a rule for a range of ports in the cake-qos-simple config file? The syntax only seems to support a single source port, but my game (CS2) uses multiple ports (UDP 27000-27100). I can only confirm the ports on my end.

For now, Iā€™ve been using Wireshark during each game and manually adding rules for each identified port, but Iā€™m hoping thereā€™s a more efficient method.

For context:

  • CS2 recently revised how they calculate packet loss by including jitter data, and now Iā€™m seeing a lot of upload jitter in the in-game graphs. However, when my ISPā€™s network isnā€™t congested, the jitter only appears momentarily.
  • Iā€™ve tried marking packets using Windows, but I get better results when setting rules directly in the cake-qos-simple config.

I also have a couple of questions:

  1. The voice tin generally has less bandwidth allocated compared to video or best effort. If I put my game traffic in the voice tin, will this bandwidth limitation affect my game? Iā€™m running Cake-autorate with strict parameters and typically get 8-20 Mbps while maintaining bufferbloat below 10ms. Would it make more sense to place my game traffic in the best effort tin? When I play CS2, I only have game traffic and Steam voice chat running.
  2. Given the upload jitter Iā€™m seeing in CS2 after the update, is there anything specific I can tweak in Cake-autorate to reduce network jitter on upload?

Any suggestions or advice would be much appreciated!

Thank you in advance my lord and saviors

496

That should not be the case, I would start investigating why that is and fix it...

1 Like
497

I think perhaps by specifying range using a hyphen so e.g.:

udp . 27000-27100 : goto dscp_set_voice,  # CS2

But I havenā€™t tested this.

Iā€™d just get Windows to set the DSCPs (on upload) because that doesnā€™t require you to get the port ranges right, and port ranges can change over time. cake-qos-simple will then catch and reapply the DSCPs on download.

Having Windows mark packets based on executable is very reliable in my experience.

@moeller0 can better advise on this, however I believe that itā€™s fine to put your game traffic in voice. My understanding is that cake will allow the bandwidth for a tin to exceed the allocation providing there is spare bandwidth available.

What kind of connection do you have?

Itā€™d be helpful to see your full cake-aurorate config and maybe a data file showing a couple of speed tests.

2 Likes
498

@moeller0

I've been using PowerShell to mark traffic (using -PolicyStore Activestore).
Maybe itā€™s because Iā€™m on Windows 11 Home edition, but setting policies through gpedit doesnā€™t work for me no matter what I try. I canā€™t imagine any other reasons for this issue.

Due to my unstable connection, Iā€™m also wondering if the worse feeling of latency is just placebo.

Could you please advise me if the voice tin will limit my gameā€™s bandwidth? Which tin should I use for game traffic?

I've also run into a strange problem:

  • When I mark CS2 traffic as CS4 (which directs it to the voice tin) but donā€™t mark steam.exe or steamwebhelper.exe, matchmaking takes 10-15 minutes or even longer to find a match.
  • If I donā€™t mark anything at all, I get matches in under 4 minutes.
  • But when I mark CS2.exe, steam.exe, and steamwebhelper.exe with CS4 or EF, I get matches in less than 1 minute, though I feel like i'm experiencing more upload jitter in-game.

@Lynx, Iā€™m going to give Windows DSCP marking another try this evening.

Regarding my connection:

  1. My ISP router is connected to an OpenWrt router in half-bridge mode.
  2. I believe my ISP uses 5G for download and 4G for upload (the router has indicators for both, and I get identical upload speeds on my 4G phone and 5G gateway).
  3. without cake-autorate and cake-qos-simple: i get 230-300Mbps Down and 50-65 Up
  4. With Cake-autorate (in default config) and cake-qos-simple: i get 40Mbps down and up with +20 - +25 bufferbloat on waveform. (shaper rates are low - base - high: 10000 - 70000 - 300000 (download) and 10000 - 40000 - 70000 (upload))

I will try to figure out Cake-autorate logging and will share the data in the Cake-autorate thread later today to gain more insight.

Thank you both so muchā€”I really appreciate your help! :blush:

499

This depends a bit on your total capacity... if the Voice tin's capacity is greater than say 3 times the games capacity demand (to allow for occasional non smooth delivery) you should be fine, and if your game traffic rate is too high for that cake will degrade gracefully, that is gaming packets will receive not as much priority as intended, but will not ge hard dropped either...
Typically the Video tin has a larger capacity share assigned and unless there is lots of traffic already in the Voice and/or Video tin there is no harm in steering game packets into the Video tin. Priorities are relative, so if all other traffic stays in best ettort moving your game to Video or Voice will have exactly the same effect on latency (assuming your game traffic fits comfortably into the Voice tin). Does this help?

1 Like
500

thank you it does make sense.
since i am also using cake-autorate and bandwidth could go down to as low as 8Mbps, does it mean, sometimes the voice tin gets congested?

i will be posting my autorate logs today evening in the respective thread, hopefully it will be of more help and we can discuss there. <3

501

Are you scrubbing DSCPs on upload using the wash option for cake?

Have another look through:

It should work. And you can verify using tcpdump or the cake stats provided with the upload or download options of the cake-qos-simple service.

502

yes, its washing on upload.

cake_ul_options="diffserv4 triple-isolate nat wash ack-filter noatm overhead 0"
cake_dl_options="diffserv4 triple-isolate nat nowash ingress no-ack-filter noatm overhead 0"

first, i did not have gpedit.msc on my pc because my windows 11 was home (not pro), i managed to install it using some guides online and set it up exactly as in your github page. but the packets were not being marked when i checked with wireshark and tcpdump (commands from your github).

i figured windows was not marking packets because gpedit.msc could not specify value for "-NetworkProfile" to "All/ local network" it seemed to be setting DSCP values for domain/ group (from my memory). So i had to set the DSCP vales using powershell using "-NetworkProfile All" and "-PolicyStore Activestore" (it did not mark packets if i did not use -PolicyStore too)

after using powershell to mark packets using "NetQosPolicy", i could see DSCP marks using Wireshark and on download (tcpdump -i ifb-wan -vv) - no markings on upload though (tcpdump -i wan -vv), i realize now that it could be cuz of washing.

503

Yes you need to take a lot of care the specific point at which you look at the packets. Itā€™s a bit fiddly.

You can look at the cake stats for upload or temporarily disable washing.

504

this does not work btw, stops at "Validity check of nft.rules file failed."

I also checked setting DSCP values using gpedit.msc, still does not work.
When i set policy through gpedit.msc, it appears as below (when i check with "Get-NetQosPolicy" )

Name           : CS2
Owner          : Group Policy (Machine)
NetworkProfile : Domain
Precedence     : 127
AppPathName    : cs2.exe
JobObject      :
IPProtocol     : Both
DSCPValue      : 16

But when i set the DSCP values with New-NetQosPolicy -Name "CounterStrike2" -AppPathNameMatchCondition "cs2.exe" -IPProtocol Both -DSCPAction 16 -NetworkProfile All -PolicyStore ActiveStore, it marks the packets properly (verified on both tcpdump and wireshark).
Working NetQosPolicy will be shows as below;

Name           : counterstrike2
Owner          : PowerShell / WMI
NetworkProfile : All
Precedence     : 127
AppPathName    : cs2.exe
JobObject      :
DSCPValue      : 16
505

Then by all means use the powershell method... as long as you can get the marking reliably enabled all is well.

506

As @moeller0 states if Powershell works that's fine, but the OCD in me wants to know why the policy editor method didn't work. You did include the registry key entry, right? Admittedly I have Win 11 (Pro), but I'd be surprised if that's it here.

Good to know. And it's not just relating to comma right (all entries to have comma at end, save for the last line)?

@dave14305 do you know how to specify a range in an nftables map like this:

	define PROTO_DPORT_DSCP_MAP = {
	        tcp . 53 : goto dscp_set_voice,  # DNS
	        udp . 53 : goto dscp_set_voice,  # DNS
	        tcp . 853 : goto dscp_set_voice, # DNS-over-TLS
	        udp . 853 : goto dscp_set_voice, # DNS-over-TLS
	        udp . 123 : goto dscp_set_voice  # NTP
	}

It seems one can't just use something like X-Y.

507

You must add flags interval as an attribute in your map declaration.

map rules_proto_dport {
    type inet_proto . inet_service : verdict
    flags interval
    elements = \$PROTO_DPORT_DSCP_MAP
}
2 Likes
508

yes i added the registry key. i think the problem is that gpedit applies to NetworkProfile: domain. While my PC seems to be in a "private network"

i can confirm it was not the comma.

i will try the flags interval today.

I have a new question now, i recently learned that CounterStrike 2 uses larger packets than typical ICMP packets,

  • does this impact CAKE in anyway? will playing around with mpu values net me better results?
  • What about overhead values? i tried 30 & 40 but it negatively affected my gameplay (felt like my shots were not registering on time). in your experience, what is a typical overhead value for 4G or 5G internet? (my ISP does not provide any documentation), MTU is set to 1500 on both routers.
  • are ECT values the same as ECN values? which values should i use to overwrite them?
	overwrite_ul_ect_0_val="" # overwrite upload ECT(1) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
	overwrite_ul_ect_1_val="" # overwrite upload ECT(0) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
	overwrite_dl_ect_0_val="" # overwrite download ECT(1) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable
	overwrite_dl_ect_1_val="" # overwrite download ECT(1) values with decimal value (e.g. 0, 1, 2, 3), else "" to disable

after looking at cake-qos-simple stats, i'm fairly confident that my in-game jitter is not caused by OpenWRT, since all the measurements are in Āµs. So its likely to be either my upstream router or ISP :cry: is there any other solution to smooth over packets? i just want to get rid of the +25ms jitter i'm seeing for Counterstrike2.

509

This seems very promising, albeit I still think marking in Windows is preferable.

Pass. This is one for @moeller0.

@moeller0 is again the expert on this, and can correct me if this is bad advice, but based on this discussion here:

I suggest simply setting it to zero, particularly given the bandwidth adjustment that you are letting cake-autorate handle.

I created these to facilitate scrubbing of the so-called (Explicit Congestion Notification) ECN bits. ECT(0) and ECT(1) are just the ECN bits. What does ECT stand for? I'm not sure. Have a read here:

I think the idea is that instead of dropping packets to force the other side to reduce packets, you can actually signal bufferbloat using these ECN bits and the other side can react to that signal.

But some complain that this reaction is slow and that actually one is better off just dropping the packets.

Or in my case I thought my ISP was not handling ECN correctly (but actually from memory I think I was actually mistaken there). One can monitor ECN in action by inspecting packets in both directions using tcpdump, but it's not so easy to get this right.

So, in any case, I thought it'd be helpful to have a mechanism for disabling ECN to force cake to drop packets rather than use the ECN mechanism.

Whether this should be activated or not will depend upon the individual use case. In my case I've just left it active (as in, I do not scrub the ECN bits in cake-qos-simple).

Hmm, decoding those stats is not easy. Tailoring cake-autorate to handle gaming is its own topic and properly better addressed in the cake-autorate thread. Part of the challenge is that the only way we get a sense of whether there is extra bandwidth to allocate is by testing an increase and observing whether there is any increase in latency.

cake-autorate is highly configurable and I'm confident there will be room for improvement one way or another. How much bandwidth does CS2 actually need? Say this is less than or equal to 10Mbit/s, then it'd be interesting to see how gameplay is when setting a fixed cake bandwidth of 10Mbit/s.

510

So my take is Microsoft really does not want home users to use/have access to the group policy editor. The fact that it currently seems to be hidden only in a half assed way (behind a registry key everybody and their dog can set) might be explained by Microsoft aiming only as high as necessary (the more users figuring out the registry setting the less the current approach might fit the "high enough" requirement).