Hello everyone, someone is having the same problem as me, in the option src_port command my dscp classifications are being marked but in dest_port my classifications do not appear, could anyone tell me why.
How did you test/confirm that?
2 Likes
hello everyone i dont know if this is the right place as im new on openwrt but i installed this https://github.com/jeverley/dscpclassify/blob/main/README.md
followed all direction but when i do testing on https://www.waveform.com/tools/bufferbloat it doesnt seem to get limited by my set bandwidth. i have fiber frontier 1gb up and down.
root@FriendlyWrt:~# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether b2:c9:aa:1d:07:b2 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether 22:53:53:dc:a7:be brd ff:ff:ff:ff:ff:ff permaddr 62:62:9e:17:64:18
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP mode DEFAULT group default qlen 1000
link/ether 22:53:53:dc:a7:bd brd ff:ff:ff:ff:ff:ff permaddr ae:c9:aa:1d:07:b2
5: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether be:07:e0:d0:66:55 brd ff:ff:ff:ff:ff:ff
6: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/gre 0.0.0.0 brd 0.0.0.0
7: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
219: ifb4eth2: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc cake state UNKNOWN mode DEFAULT group default qlen 32
link/ether 12:5d:22:3c:be:59 brd ff:ff:ff:ff:ff:ff
221: teql0: <NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 100
link/void
root@FriendlyWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc mq 0: dev eth1 root
Sent 5219793828 bytes 4214015 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev eth1 parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 5219793828 bytes 4214015 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc cake 80cd: dev eth2 root refcnt 5 bandwidth 450Mbit diffserv4 dual-srchost nat nowash ack-filter split-gso rtt 100ms noatm overhead 36
Sent 1836582118 bytes 1760929 pkt (dropped 256, overlimits 2798120 requeues 0)
backlog 0b 0p requeues 0
memory used: 2338688b of 15140Kb
capacity estimate: 450Mbit
min/max network layer size: 28 / 1500
min/max overhead-adjusted size: 64 / 1536
average network hdr offset: 14
Bulk Best Effort Video Voice
thresh 28125Kbit 450Mbit 225Mbit 112500Kbit
target 5ms 5ms 5ms 5ms
interval 100ms 100ms 100ms 100ms
pk_delay 0us 27us 0us 9us
av_delay 0us 7us 0us 6us
sp_delay 0us 2us 0us 3us
backlog 0b 0b 0b 0b
pkts 0 1755696 0 5489
bytes 0 1836367442 0 501982
way_inds 0 11704 0 7
way_miss 0 6205 0 4589
way_cols 0 0 0 0
drops 0 195 0 0
marks 0 0 0 0
ack_drop 0 61 0 0
sp_flows 0 2 0 1
bk_flows 0 1 0 0
un_flows 0 0 0 0
max_len 0 23264 0 583
quantum 858 1514 1514 1514
qdisc ingress ffff: dev eth2 parent ffff:fff1 ----------------
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc cake 80cf: dev ifb4eth2 root refcnt 2 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
memory used: 0b of 15140Kb
capacity estimate: 0bit
min/max network layer size: 65535 / 0
min/max overhead-adjusted size: 65535 / 0
average network hdr offset: 0
Bulk Best Effort Voice
thresh 0bit 0bit 0bit
target 5ms 5ms 5ms
interval 100ms 100ms 100ms
pk_delay 0us 0us 0us
av_delay 0us 0us 0us
sp_delay 0us 0us 0us
backlog 0b 0b 0b
pkts 0 0 0
bytes 0 0 0
way_inds 0 0 0
way_miss 0 0 0
way_cols 0 0 0
drops 0 0 0
marks 0 0 0
ack_drop 0 0 0
sp_flows 0 0 0
bk_flows 0 0 0
un_flows 0 0 0
max_len 0 0 0
quantum 1514 1514 1514
my sqm config:
config queue 'eth1'
option enabled '1'
option interface 'eth2'
option download '450000'
option upload '450000'
option qdisc 'cake'
option script 'layer_cake_ct.qos'
option linklayer 'ethernet'
option debug_logging '0'
option verbosity '5'
option overhead '36'
option qdisc_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option ingress_ecn 'ECN'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option iqdisc_opts 'nat dual-dsthost ingress diffserv4'
option eqdisc_opts 'nat dual-srchost ack-filter diffserv4'
`The output of your config and the output of tc -s qdisc donāt seem like they haven been made with the same settingsā¦ You have unlimited on your ingress queue but a limit in your config
- Maybe a reboot will solve your issues as it seems like there is something messed up with your sqm settings
- Make sure eth2 is your wan device
- Also, when using dscpclassify make sure you are using
layer_cake_ct.qossqm script
The ingress instance sees no traffic at all... the was an error somewhere in settong things up, most likely with the ifb setup. Please post the output of
tc -d qdisc
EDIT: -d not -s as you posted that already...
hello this is my output on tc-d qdisc also @Hudra i did reboot also made sure its layer_cake_ct.qos
root@FriendlyWrt:~# tc -d qdisc
qdisc noqueue 0: dev lo root refcnt 2
qdisc mq 0: dev eth1 root
qdisc pfifo_fast 0: dev eth1 parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc cake 800c: dev eth2 root refcnt 5 bandwidth 450Mbit diffserv4 dual-srchost nat nowash ack-filter split-gso rtt 100ms noatm overhead 36
qdisc ingress ffff: dev eth2 parent ffff:fff1 ----------------
qdisc cake 800d: dev ifb4eth2 root refcnt 2 bandwidth 450Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 36
root@FriendlyWrt:~#
also i suspect this might be the problem
qdisc ingress ffff: dev eth2 parent ffff:fff1 ----------------
It's possible that the parent ffff:fff1 was intended to link the ingress qdisc to another qdisc within the layer-cake setup.
However, if that parent qdisc isn't getting created correctly or is not meant to be a parent for ingress, the error would remain.
And does it work now? Do packets hit your ingress now?
Please show the output of
tc -s qdisc
nft list table inet dscpclassify
tc filter show dev eth2 egress
fw4 -q zone wan
Also it seems like you you are using FriendlyWrt. Maybe thereās some sort of other qos service running and interfering with sqm?
@Hudra here are the requested outputs
tc -s qdisc:
root@FriendlyWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc mq 0: dev eth1 root
Sent 2083157918 bytes 1744888 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev eth1 parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 2083157918 bytes 1744888 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc cake 800c: dev eth2 root refcnt 5 bandwidth 450Mbit diffserv4 dual-srchost nat nowash ack-filter split-gso rtt 100ms noatm overhead 36
Sent 52521107 bytes 271524 pkt (dropped 0, overlimits 2942 requeues 0)
backlog 0b 0p requeues 0
memory used: 34560b of 15140Kb
capacity estimate: 450Mbit
min/max network layer size: 28 / 1500
min/max overhead-adjusted size: 64 / 1536
average network hdr offset: 14
Bulk Best Effort Video Voice
thresh 28125Kbit 450Mbit 225Mbit 112500Kbit
target 5ms 5ms 5ms 5ms
interval 100ms 100ms 100ms 100ms
pk_delay 0us 9us 2us 9us
av_delay 0us 8us 0us 6us
sp_delay 0us 4us 0us 2us
backlog 0b 0b 0b 0b
pkts 0 264456 1 7067
bytes 0 51643241 90 877776
way_inds 0 13267 0 44
way_miss 0 3966 1 4719
way_cols 0 0 0 0
drops 0 0 0 0
marks 0 0 0 0
ack_drop 0 0 0 0
sp_flows 0 1 0 1
bk_flows 0 1 0 0
un_flows 0 0 0 0
max_len 0 18746 90 4398
quantum 858 1514 1514 1514
qdisc ingress ffff: dev eth2 parent ffff:fff1 ----------------
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc cake 800d: dev ifb4eth2 root refcnt 2 bandwidth 450Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 36
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
memory used: 0b of 15140Kb
capacity estimate: 450Mbit
min/max network layer size: 65535 / 0
min/max overhead-adjusted size: 65535 / 0
average network hdr offset: 0
Bulk Best Effort Video Voice
thresh 28125Kbit 450Mbit 225Mbit 112500Kbit
target 5ms 5ms 5ms 5ms
interval 100ms 100ms 100ms 100ms
pk_delay 0us 0us 0us 0us
av_delay 0us 0us 0us 0us
sp_delay 0us 0us 0us 0us
backlog 0b 0b 0b 0b
pkts 0 0 0 0
bytes 0 0 0 0
way_inds 0 0 0 0
way_miss 0 0 0 0
way_cols 0 0 0 0
drops 0 0 0 0
marks 0 0 0 0
ack_drop 0 0 0 0
sp_flows 0 0 0 0
bk_flows 0 0 0 0
un_flows 0 0 0 0
max_len 0 0 0 0
quantum 858 1514 1514 1514
nft list table inet dscpclassify
root@FriendlyWrt:~# nft list table inet dscpclassify
table inet dscpclassify {
set threaded_clients {
type ipv4_addr . inet_service . inet_proto
size 65535
flags dynamic,timeout
}
set threaded_clients6 {
type ipv6_addr . inet_service . inet_proto
size 65535
flags dynamic,timeout
}
set threaded_services {
type ipv4_addr . ipv4_addr . inet_service . inet_proto
size 65535
flags dynamic,timeout
elements = { 192.168.2.184 . 23.61.213.0 . 80 . tcp timeout 30s expires 3m27s960ms }
}
set threaded_services6 {
type ipv6_addr . ipv6_addr . inet_service . inet_proto
size 65535
flags dynamic,timeout
}
map ct_dscp {
type mark : verdict
elements = { 0x00000000 : goto dscp_set_cs0, 0x00000001 : goto dscp_set_le, 0x00000008 : goto dscp_set_cs1, 0x0000000a : goto dscp_set_af11, 0x0000000c : goto dscp_set_af12,
0x0000000e : goto dscp_set_af13, 0x00000010 : goto dscp_set_cs2, 0x00000012 : goto dscp_set_af21, 0x00000014 : goto dscp_set_af22, 0x00000016 : goto dscp_set_af23,
0x00000018 : goto dscp_set_cs3, 0x0000001a : goto dscp_set_af31, 0x0000001c : goto dscp_set_af32, 0x0000001e : goto dscp_set_af33, 0x00000020 : goto dscp_set_cs4,
0x00000022 : goto dscp_set_af41, 0x00000024 : goto dscp_set_af42, 0x00000026 : goto dscp_set_af43, 0x00000028 : goto dscp_set_cs5, 0x0000002c : goto dscp_set_va,
0x0000002e : goto dscp_set_ef, 0x00000030 : goto dscp_set_cs6, 0x00000038 : goto dscp_set_cs7 }
}
map ct_wmm {
type mark : verdict
elements = { 0x00000000 : goto dscp_set_cs0, 0x00000001 : goto dscp_set_le, 0x00000008 : goto dscp_set_cs1, 0x0000000a : goto dscp_set_cs0, 0x0000000c : goto dscp_set_cs0,
0x0000000e : goto dscp_set_cs0, 0x00000010 : goto dscp_set_cs0, 0x00000012 : goto dscp_set_cs3, 0x00000014 : goto dscp_set_cs3, 0x00000016 : goto dscp_set_cs3,
0x00000018 : goto dscp_set_cs4, 0x0000001a : goto dscp_set_cs4, 0x0000001c : goto dscp_set_cs4, 0x0000001e : goto dscp_set_cs4, 0x00000020 : goto dscp_set_cs4,
0x00000022 : goto dscp_set_cs4, 0x00000024 : goto dscp_set_cs4, 0x00000026 : goto dscp_set_cs4, 0x00000028 : goto dscp_set_cs5, 0x0000002c : goto dscp_set_cs6,
0x0000002e : goto dscp_set_cs6, 0x00000030 : goto dscp_set_cs7, 0x00000038 : goto dscp_set_cs7 }
}
map dscp_ct {
type dscp : verdict
elements = { cs0 : goto ct_set_cs0,
lephb : goto ct_set_le,
cs1 : goto ct_set_cs1,
af11 : goto ct_set_af11,
af12 : goto ct_set_af12,
af13 : goto ct_set_af13,
cs2 : goto ct_set_cs2,
af21 : goto ct_set_af21,
af22 : goto ct_set_af22,
af23 : goto ct_set_af23,
cs3 : goto ct_set_cs3,
af31 : goto ct_set_af31,
af32 : goto ct_set_af32,
af33 : goto ct_set_af33,
cs4 : goto ct_set_cs4,
af41 : goto ct_set_af41,
af42 : goto ct_set_af42,
af43 : goto ct_set_af43,
cs5 : goto ct_set_cs5,
va : goto ct_set_va,
ef : goto ct_set_ef,
cs6 : goto ct_set_cs6,
cs7 : goto ct_set_cs7 }
}
chain dscp_set_cs0 {
ip dscp set cs0
ip6 dscp set cs0
}
chain dscp_set_le {
ip dscp set lephb
ip6 dscp set lephb
}
chain dscp_set_cs1 {
ip dscp set cs1
ip6 dscp set cs1
}
chain dscp_set_af11 {
ip dscp set af11
ip6 dscp set af11
}
chain dscp_set_af12 {
ip dscp set af12
ip6 dscp set af12
}
chain dscp_set_af13 {
ip dscp set af13
ip6 dscp set af13
}
chain dscp_set_cs2 {
ip dscp set cs2
ip6 dscp set cs2
}
chain dscp_set_af21 {
ip dscp set af21
ip6 dscp set af21
}
chain dscp_set_af22 {
ip dscp set af22
ip6 dscp set af22
}
chain dscp_set_af23 {
ip dscp set af23
ip6 dscp set af23
}
chain dscp_set_cs3 {
ip dscp set cs3
ip6 dscp set cs3
}
chain dscp_set_af31 {
ip dscp set af31
ip6 dscp set af31
}
chain dscp_set_af32 {
ip dscp set af32
ip6 dscp set af32
}
chain dscp_set_af33 {
ip dscp set af33
ip6 dscp set af33
}
chain dscp_set_cs4 {
ip dscp set cs4
ip6 dscp set cs4
}
chain dscp_set_af41 {
ip dscp set af41
ip6 dscp set af41
}
chain dscp_set_af42 {
ip dscp set af42
ip6 dscp set af42
}
chain dscp_set_af43 {
ip dscp set af43
ip6 dscp set af43
}
chain dscp_set_cs5 {
ip dscp set cs5
ip6 dscp set cs5
}
chain dscp_set_va {
ip dscp set va
ip6 dscp set va
}
chain dscp_set_ef {
ip dscp set ef
ip6 dscp set ef
}
chain dscp_set_cs6 {
ip dscp set cs6
ip6 dscp set cs6
}
chain dscp_set_cs7 {
ip dscp set cs7
ip6 dscp set cs7
}
chain ct_set_cs0 {
ct mark set ct mark & 0xffffff40 | 0x00000040
}
chain ct_set_le {
ct mark set ct mark & 0xffffff01 | 0x00000001
}
chain ct_set_cs1 {
ct mark set ct mark & 0xffffff08 | 0x00000008
}
chain ct_set_af11 {
ct mark set ct mark & 0xffffff0a | 0x0000000a
}
chain ct_set_af12 {
ct mark set ct mark & 0xffffff0c | 0x0000000c
}
chain ct_set_af13 {
ct mark set ct mark & 0xffffff0e | 0x0000000e
}
chain ct_set_cs2 {
ct mark set ct mark & 0xffffff10 | 0x00000010
}
chain ct_set_af21 {
ct mark set ct mark & 0xffffff12 | 0x00000012
}
chain ct_set_af22 {
ct mark set ct mark & 0xffffff14 | 0x00000014
}
chain ct_set_af23 {
ct mark set ct mark & 0xffffff16 | 0x00000016
}
chain ct_set_cs3 {
ct mark set ct mark & 0xffffff18 | 0x00000018
}
chain ct_set_af31 {
ct mark set ct mark & 0xffffff1a | 0x0000001a
}
chain ct_set_af32 {
ct mark set ct mark & 0xffffff1c | 0x0000001c
}
chain ct_set_af33 {
ct mark set ct mark & 0xffffff1e | 0x0000001e
}
chain ct_set_cs4 {
ct mark set ct mark & 0xffffff20 | 0x00000020
}
chain ct_set_af41 {
ct mark set ct mark & 0xffffff22 | 0x00000022
}
chain ct_set_af42 {
ct mark set ct mark & 0xffffff24 | 0x00000024
}
chain ct_set_af43 {
ct mark set ct mark & 0xffffff26 | 0x00000026
}
chain ct_set_cs5 {
ct mark set ct mark & 0xffffff28 | 0x00000028
}
chain ct_set_va {
ct mark set ct mark & 0xffffff2c | 0x0000002c
}
chain ct_set_ef {
ct mark set ct mark & 0xffffff2e | 0x0000002e
}
chain ct_set_cs6 {
ct mark set ct mark & 0xffffff30 | 0x00000030
}
chain ct_set_cs7 {
ct mark set ct mark & 0xffffff38 | 0x00000038
}
chain input {
type filter hook input priority filter + 2; policy accept;
iifname "lo" return
ct mark & 0x000000ff == 0x00000000 ct direction original jump static_classify
ct mark & 0x00000080 == 0x00000080 jump dynamic_classify
}
chain postrouting {
type filter hook postrouting priority filter + 2; policy accept;
oifname "lo" return
ct mark & 0x000000ff == 0x00000000 ct direction original jump static_classify
ct mark & 0x00000080 == 0x00000080 jump dynamic_classify
oifname "eth1" ct mark & 0x0000003f vmap @ct_wmm
ct mark & 0x0000003f vmap @ct_dscp
}
chain static_classify {
meta l4proto { tcp, udp } ip saddr 192.168.2.242 th sport { 5000-5180, 5353, 5500-5680, 6771, 9992, 60456, 64490 } counter packets 0 bytes 0 goto ct_set_ef comment "red"
meta l4proto { tcp, udp } ip saddr 192.168.2.242 counter packets 63 bytes 23919 goto ct_set_ef comment "red1"
meta l4proto udp iifname "eth1" ip saddr 192.168.2.119 counter packets 271 bytes 87927 goto ct_set_cs0 comment "garb"
meta l4proto { tcp, udp } th dport { 53, 853, 5353 } goto ct_set_cs5 comment "DNS"
meta l4proto { tcp, udp } ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888, 2606:4700:4700::1001, 2606:4700:4700::1111, 2620:fe::9, 2620:fe::11, 2620:fe::fe, 2620:fe::fe:11, 2a10:50c0::ad1:ff, 2a10:50c0::ad2:ff, 2a10:50c0::ded:ff } th dport 443 goto ct_set_cs5 comment "DoH"
meta l4proto { tcp, udp } ip daddr { 1.0.0.1, 1.1.1.1, 8.8.4.4, 8.8.8.8, 9.9.9.9, 9.9.9.11, 94.140.14.0/24, 149.112.112.11, 149.112.112.112 } th dport 443 goto ct_set_cs5 comment "DoH"
udp dport { 67, 68 } goto ct_set_cs5 comment "BOOTP/DHCP"
udp dport 123 goto ct_set_cs5 comment "NTP"
tcp dport 22 goto ct_set_cs2 comment "SSH"
ip6 daddr 2603:1063::/39 udp sport 50000-50019 goto ct_set_ef comment "Microsoft Teams voice"
ip daddr { 13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15 } udp sport 50000-50019 goto ct_set_ef comment "Microsoft Teams voice"
ip6 daddr 2603:1063::/39 udp dport 3478-3481 udp sport 50020-50039 goto ct_set_af41 comment "Microsoft Teams video"
ip daddr { 13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15 } udp dport 3478-3481 udp sport 50020-50039 goto ct_set_af41 comment "Microsoft Teams video"
ip6 daddr 2603:1063::/39 udp dport 3478-3481 udp sport 50040-50059 goto ct_set_af21 comment "Microsoft Teams sharing"
ip daddr { 13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15 } udp dport 3478-3481 udp sport 50040-50059 goto ct_set_af21 comment "Microsoft Teams sharing"
ip daddr { 23.89.0.0/16, 62.109.192.0/18, 64.68.96.0/19, 66.114.160.0/20, 66.163.32.0/19, 69.26.160.0/19, 114.29.192.0/19, 150.253.128.0/17, 170.72.0.0/16, 170.133.128.0/18, 173.39.224.0/19, 173.243.0.0/20, 207.182.160.0/19, 209.197.192.0/19, 210.4.192.0/20, 216.151.128.0/19 } udp dport 4501 goto ct_set_af41 comment "Webex video/audio"
ip daddr 142.250.82.0/24 udp dport 19302-19309 goto ct_set_af41 comment "Google Meet"
ip dscp != { cs0, cs6, cs7 } iifname != "eth2" ip dscp vmap @dscp_ct
ip6 dscp != { cs0, cs6, cs7 } iifname != "eth2" ip6 dscp vmap @dscp_ct
meta l4proto != { tcp, udp } goto ct_set_cs0
ct mark set ct mark & 0xffffff80 | 0x00000080
}
chain dynamic_classify {
ct status & seen-reply != seen-reply return
ct direction reply goto dynamic_classify_reply
ip saddr . th sport . meta l4proto @threaded_clients goto threaded_client
ip6 saddr . th sport . meta l4proto @threaded_clients6 goto threaded_client
ip saddr . ip daddr & 255.255.255.0 . th dport . meta l4proto @threaded_services goto threaded_service
ip6 saddr . ip6 daddr & ffff:ffff:ffff:: . th dport . meta l4proto @threaded_services6 goto threaded_service
}
chain dynamic_classify_reply {
ct reply packets 1 jump established_connection
ip daddr . th dport . meta l4proto @threaded_clients goto threaded_client_reply
ip6 daddr . th dport . meta l4proto @threaded_clients6 goto threaded_client_reply
ip daddr . ip saddr & 255.255.255.0 . th sport . meta l4proto @threaded_services goto threaded_service_reply
ip6 daddr . ip6 saddr & ffff:ffff:ffff:: . th sport . meta l4proto @threaded_services6 goto threaded_service_reply
}
chain established_connection {
meter tc_detect size 65535 { ip daddr . th dport . meta l4proto timeout 5s limit rate over 9/minute } add @threaded_clients { ip daddr . th dport . meta l4proto timeout 30s }
meter tc_detect6 size 65535 { ip6 daddr . th dport . meta l4proto timeout 5s limit rate over 9/minute } add @threaded_clients6 { ip6 daddr . th dport . meta l4proto timeout 30s }
meter ts_detect size 65535 { ip daddr . ip saddr & 255.255.255.0 . th sport . meta l4proto timeout 5s limit rate over 2/minute } add @threaded_services { ip daddr . ip saddr & 255.255.255.0 . th sport . meta l4proto timeout 30s }
meter ts_detect6 size 65535 { ip6 daddr . ip6 saddr & ffff:ffff:ffff:: . th sport . meta l4proto timeout 5s limit rate over 2/minute } add @threaded_services6 { ip6 daddr . ip6 saddr & ffff:ffff:ffff:: . th sport . meta l4proto timeout 30s }
}
chain threaded_client {
meter tc_orig_bulk size 65535 { ip saddr . th sport . meta l4proto timeout 5m limit rate over 1999 bytes/hour } update @threaded_clients { ip saddr . th sport . meta l4proto timeout 5m } goto ct_set_le
meter tc_orig_bulk6 size 65535 { ip6 saddr . th sport . meta l4proto timeout 5m limit rate over 1999 bytes/hour } update @threaded_clients6 { ip6 saddr . th sport . meta l4proto timeout 5m } goto ct_set_le
}
chain threaded_client_reply {
meter tc_reply_bulk size 65535 { ip daddr . th dport . meta l4proto timeout 5m limit rate over 1999 bytes/hour } update @threaded_clients { ip daddr . th dport . meta l4proto timeout 5m } goto ct_set_le
meter tc_reply_bulk6 size 65535 { ip6 daddr . th dport . meta l4proto timeout 5m limit rate over 1999 bytes/hour } update @threaded_clients6 { ip6 daddr . th dport . meta l4proto timeout 5m } goto ct_set_le
}
chain threaded_service {
ct original bytes < 2000 return
update @threaded_services { ip saddr . ip daddr & 255.255.255.0 . th dport . meta l4proto timeout 5m }
update @threaded_services6 { ip6 saddr . ip6 daddr & ffff:ffff:ffff:: . th dport . meta l4proto timeout 5m }
goto ct_set_af13
}
chain threaded_service_reply {
ct reply bytes < 2000 return
update @threaded_services { ip daddr . ip saddr & 255.255.255.0 . th sport . meta l4proto timeout 5m }
update @threaded_services6 { ip6 daddr . ip6 saddr & ffff:ffff:ffff:: . th sport . meta l4proto timeout 5m }
goto ct_set_af13
}
}
tc filter show dev eth2 egress dont have any output
fw4 -q zone wan
root@FriendlyWrt:~# fw4 -q zone wan
eth2
eth2
This seems to be the issue.
Did you forget to install
kmod-sched-ctinfo
What is the output of:
logread | grep SQM
i think its where the error at here is the output
root@FriendlyWrt:~# logread | grep SQM
Mon Feb 12 11:58:14 2024 user.notice SQM: Starting SQM script: layer_cake_ct.qos on eth2, in: 85000 Kbps, out: 10000 Kbps
Mon Feb 12 11:58:14 2024 user.notice SQM: ERROR: cmd_wrapper: tc: FAILURE (2): /sbin/tc filter add dev eth2 parent ffff: matchall action ctinfo dscp 0x0000003f mirred egress redirect dev ifb4eth2
Mon Feb 12 11:58:14 2024 user.notice SQM: ERROR: cmd_wrapper: tc: LAST ERROR: RTNETLINK answers: No such file or directory We have an error talking to the kernel
Mon Feb 12 11:58:14 2024 user.notice SQM: WARNING: sqm_start_default: layer_cake_ct.qos lacks an ingress() function
Mon Feb 12 11:58:14 2024 user.notice SQM: layer_cake_ct.qos was started on eth2 successfully
root@FriendlyWrt:~#
Did you install the required kmod as mentioned in the first post?
i did here is the output sir
root@FriendlyWrt:~# repo="https://raw.githubusercontent.com/jeverley/dscpclassify/main"
te
opkg root@FriendlyWrt:~# opkg update
kmod-sched-ctinfo
wget "$repo/usr/lib/sqm/layer_cake_ct.qos" -O "/usr/lib/sqm/layer_cake_ct.qos"
wget "$repo/usr/lib/sqm/layer_cake_ct.qos.help" -O "/usr/lib/sqm/layer_cake_ct.qos.help"Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/base/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_base
Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/luci/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_luci
Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/packages/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_packages
Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/routing/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_routing
Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/telephony/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_telephony
Downloading file://opt/packages/Packages.gz
Updated list of available packages in /opt/opkg-lists/friendlywrt_packages
root@FriendlyWrt:~# opkg install kmod-sched-ctinfo
Package kmod-sched-ctinfo (5.15.137-1) installed in root is up to date.
root@FriendlyWrt:~# wget "$repo/usr/lib/sqm/layer_cake_ct.qos" -O "/usr/lib/sqm/layer_cake_ct.qos"
--2024-02-12 12:14:12-- https://raw.githubusercontent.com/jeverley/dscpclassify/main/usr/lib/sqm/layer_cake_ct.qos
Resolving raw.githubusercontent.com... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1638 (1.6K) [text/plain]
Saving to: '/usr/lib/sqm/layer_cake_ct.qos'
/usr/lib/sqm/layer_cake_ct.qos 100%[========================================================================================================================================>] 1.60K --.-KB/s in 0s
2024-02-12 12:14:12 (23.5 MB/s) - '/usr/lib/sqm/layer_cake_ct.qos' saved [1638/1638]
root@FriendlyWrt:~# wget "$repo/usr/lib/sqm/layer_cake_ct.qos.help" -O "/usr/lib/sqm/layer_cake_ct.qos.help"
@JPIRA - DSCP classify didnt work for me on Ingress with friendlyWRT on my NanoPI R6S, try using qosify, that worked fine.
1 Like
Or you could just send a bug report to FriendlyWRT. It seems like it might be a FriendlyWRT-specific issueā¦
Or even better, use official OpenWrt - if possible
Qosify is an alternative but unfortunately cannot do everything that dscpclassify can.
1 Like
Can also try cake-qos-simple. I use this myself to handle DSCPs, which can be set in LAN clients on upload and restored from conntrack on download, or can be set in router. It also sets up the cake interfaces. All in simple service script and nftables template.
3 Likes
Is anyone running this with a internal modem with a PPPoE interface for a VDSL2 connection?
If so, is anyone getting the same?
My SQM settings seems to be going fine with the right download and upload speed and everything i did in the config e.g dsrv4 etc but for some reason it just dosnt like dscpclassify.
The issue im facing is that when downloading a Ubuntu torrent and then i started a HTTP download via my public server (not LAN to LAN) , It seem that P2P (torrent client) is taking over the HTTP download.
My understand is, The HTTP download should be the first rather then the P2P what should slow down.
As you can see, nftables is just 1 packet.
chain static_classify { meta l4proto { tcp, udp } th dport { 53, 5353 } counter packets 19 bytes 1368 goto ct_set_cs5 comment "DNS" udp dport { 67, 68 } counter packets 1 bytes 314 goto ct_set_cs5 comment "BOOTP/DHCP" udp dport 123 counter packets 0 bytes 0 goto ct_set_cs5 comment "NTP" tcp dport 22 counter packets 0 bytes 0 goto ct_set_cs2 comment "SSH" udp dport 4500 counter packets 0 bytes 0 goto ct_set_ef comment "WiFi Calling" ip daddr XX.XX.XX counter packets 1 bytes 52 goto ct_set_cs0 comment "Test File" meta l4proto icmp counter packets 0 bytes 0 goto ct_set_cs0 comment "ICMP" udp dport != { 80, 443 } ip saddr { 192.168.1.200, 192.168.1.201 } counter packets 1 bytes 1350 goto ct_set_cs0 comment "Game Console non-HTTP" ip dscp != { cs0, cs6, cs7 } iifname != "pppoe-wan" ip dscp vmap @dscp_ct ip6 dscp != { cs0, cs6, cs7 } iifname != "pppoe-wan" ip6 dscp vmap @dscp_ct meta l4proto != { tcp, udp } goto ct_set_cs0 ct mark set ct mark & 0xffffff80 | 0x00000080
SQM
config queue 'eth1'
option enabled '1'
option interface 'pppoe-wan'
option download '60000' # 60MB
option upload '17000' # 17MB
option qdisc 'cake'
option script 'layer_cake_ct.qos'
option linklayer 'ethernet'
option debug_logging '0'
option verbosity '0'
option overhead '34'
option qdisc_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option ingress_ecn 'ECN'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option iqdisc_opts 'nat dual-dsthost ingress diffserv4'
option eqdisc_opts 'nat dual-srchost ack-filter diffserv4'
dscpclassify
config global 'global'
option class_bulk 'cs1'
option class_high_throughput 'cs1'
option client_hints '1'
option threaded_client_min_bytes '10000'
option threaded_service_min_bytes '1000000'
option wmm '0'
config rule
option name 'DNS'
list proto 'tcp'
list proto 'udp'
list dest_port '53'
list dest_port '5353'
option class 'cs5'
option counter '1'
config rule
option name 'BOOTP/DHCP'
option proto 'udp'
list dest_port '67'
list dest_port '68'
option class 'cs5'
option counter '1'
config rule
option name 'NTP'
option proto 'udp'
option dest_port '123'
option class 'cs5'
option counter '1'
config rule
option name 'SSH'
option proto 'tcp'
option dest_port '22'
option class 'cs2'
option counter '1'
config rule
option name 'WiFi Calling'
option proto 'udp'
option dest_port '4500'
option class 'ef'
option counter '1'
config rule
option name 'Test File on Server'
list dest_ip 'XX.XX.XX.XX'
option class 'cs0'
option counter '1'
config rule
option name 'ICMP'
list proto 'icmp'
option class 'cs0'
option enabled '1'
option counter '1'
config rule # A rule which marks all non-HTTP UDP connections from a specific IP
option name 'Game Console non-HTTP'
option proto 'udp'
list src_ip '192.168.1.200'
list src_ip '192.168.1.201'
list dest_port '!80'
list dest_port '!443'
option class 'cs0'
option counter '1'
option enabled '1'
ip addr
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
dsl0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
link/ether
dsl0.101@dsl0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether
pppoe-wan: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1492 qdisc cake state UNKNOWN qlen 3
link/ppp
inet MY PUBLIC IP FROM ISP peer 172.16.11.165/32 scope global pppoe-wan
valid_lft forever preferred_lft forever
Hello, can someone please provide a config with focus on work related things? Like web, voip, and prevent/punish large downloads?
Ty
option threaded_client_min_bytes '10000'
From my understanding is, This rule tells the router, anything over 1MB will be class af13 for downloads.
I have the following you can add
option name 'Apple FaceTime Incoming'
option proto 'udp'
list src_port '16384-16387'
list src_port '16393-16402'
option class 'af41'
option counter '1'
config rule
option name 'Apple FaceTime Outgoing'
option proto 'udp'
list dest_port '16384-16387'
list dest_port '16393-16402'
option class 'af41'
option counter '1'
config rule
option name 'WiFi Calling VoWiFi'
option proto 'udp'
option dest_port '500'
option dest_port '4500'
option class 'ef'
option counter '1'
hello everybody , I would like some help to configure my dscp classify because when i install and active dscp classify my upload slowdown to 11 MB
Not a DSCP classify expert, but I guess the following pieces of information might help:
- the output of
tc -s qdisc - a screenshot of the final results of: https://speed.cloudflare.com
- the output of
tc -s qdisctaken immediate after the speedtest finished (and before taking the screenshot)
And I guess the DSCP classify configuration files...