DSCP Classify - a service for applying DSCP to connections

Hello everyone, someone is having the same problem as me, in the option src_port command my dscp classifications are being marked but in dest_port my classifications do not appear, could anyone tell me why.

How did you test/confirm that?

2 Likes

hello everyone i dont know if this is the right place as im new on openwrt but i installed this https://github.com/jeverley/dscpclassify/blob/main/README.md
followed all direction but when i do testing on https://www.waveform.com/tools/bufferbloat it doesnt seem to get limited by my set bandwidth. i have fiber frontier 1gb up and down.

root@FriendlyWrt:~# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether b2:c9:aa:1d:07:b2 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 22:53:53:dc:a7:be brd ff:ff:ff:ff:ff:ff permaddr 62:62:9e:17:64:18
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP mode DEFAULT group default qlen 1000
    link/ether 22:53:53:dc:a7:bd brd ff:ff:ff:ff:ff:ff permaddr ae:c9:aa:1d:07:b2
5: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether be:07:e0:d0:66:55 brd ff:ff:ff:ff:ff:ff
6: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
7: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
8: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
219: ifb4eth2: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc cake state UNKNOWN mode DEFAULT group default qlen 32
    link/ether 12:5d:22:3c:be:59 brd ff:ff:ff:ff:ff:ff
221: teql0: <NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 100
    link/void
root@FriendlyWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc mq 0: dev eth1 root
 Sent 5219793828 bytes 4214015 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev eth1 parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 5219793828 bytes 4214015 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 80cd: dev eth2 root refcnt 5 bandwidth 450Mbit diffserv4 dual-srchost nat nowash ack-filter split-gso rtt 100ms noatm overhead 36
 Sent 1836582118 bytes 1760929 pkt (dropped 256, overlimits 2798120 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 2338688b of 15140Kb
 capacity estimate: 450Mbit
 min/max network layer size:           28 /    1500
 min/max overhead-adjusted size:       64 /    1536
 average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh      28125Kbit      450Mbit      225Mbit   112500Kbit
  target            5ms          5ms          5ms          5ms
  interval        100ms        100ms        100ms        100ms
  pk_delay          0us         27us          0us          9us
  av_delay          0us          7us          0us          6us
  sp_delay          0us          2us          0us          3us
  backlog            0b           0b           0b           0b
  pkts                0      1755696            0         5489
  bytes               0   1836367442            0       501982
  way_inds            0        11704            0            7
  way_miss            0         6205            0         4589
  way_cols            0            0            0            0
  drops               0          195            0            0
  marks               0            0            0            0
  ack_drop            0           61            0            0
  sp_flows            0            2            0            1
  bk_flows            0            1            0            0
  un_flows            0            0            0            0
  max_len             0        23264            0          583
  quantum           858         1514         1514         1514

qdisc ingress ffff: dev eth2 parent ffff:fff1 ----------------
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 80cf: dev ifb4eth2 root refcnt 2 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

my sqm config:
    config queue 'eth1'
	option enabled '1'
	option interface 'eth2'
	option download '450000'
	option upload '450000'
	option qdisc 'cake'
	option script 'layer_cake_ct.qos'
	option linklayer 'ethernet'
	option debug_logging '0'
	option verbosity '5'
	option overhead '36'
	option qdisc_advanced '1'
	option squash_dscp '0'
	option squash_ingress '0'
	option ingress_ecn 'ECN'
	option egress_ecn 'NOECN'
	option qdisc_really_really_advanced '1'
	option iqdisc_opts 'nat dual-dsthost ingress diffserv4'
	option eqdisc_opts 'nat dual-srchost ack-filter diffserv4'

`

The output of your config and the output of tc -s qdisc don’t seem like they haven been made with the same settings… You have unlimited on your ingress queue but a limit in your config

  1. Maybe a reboot will solve your issues as it seems like there is something messed up with your sqm settings
  2. Make sure eth2 is your wan device
  3. Also, when using dscpclassify make sure you are using layer_cake_ct.qos sqm script

The ingress instance sees no traffic at all... the was an error somewhere in settong things up, most likely with the ifb setup. Please post the output of
tc -d qdisc
EDIT: -d not -s as you posted that already...

hello this is my output on tc-d qdisc also @Hudra i did reboot also made sure its layer_cake_ct.qos

root@FriendlyWrt:~# tc -d qdisc
qdisc noqueue 0: dev lo root refcnt 2
qdisc mq 0: dev eth1 root
qdisc pfifo_fast 0: dev eth1 parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
qdisc cake 800c: dev eth2 root refcnt 5 bandwidth 450Mbit diffserv4 dual-srchost nat nowash ack-filter split-gso rtt 100ms noatm overhead 36
qdisc ingress ffff: dev eth2 parent ffff:fff1 ----------------
qdisc cake 800d: dev ifb4eth2 root refcnt 2 bandwidth 450Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 36
root@FriendlyWrt:~#

also i suspect this might be the problem
qdisc ingress ffff: dev eth2 parent ffff:fff1 ----------------
It's possible that the parent ffff:fff1 was intended to link the ingress qdisc to another qdisc within the layer-cake setup.
However, if that parent qdisc isn't getting created correctly or is not meant to be a parent for ingress, the error would remain.

And does it work now? Do packets hit your ingress now?

Please show the output of

tc -s qdisc

nft list table inet dscpclassify

tc filter show dev eth2 egress

fw4 -q zone wan

Also it seems like you you are using FriendlyWrt. Maybe there’s some sort of other qos service running and interfering with sqm?

@Hudra here are the requested outputs

tc -s qdisc:

root@FriendlyWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc mq 0: dev eth1 root
 Sent 2083157918 bytes 1744888 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc pfifo_fast 0: dev eth1 parent :1 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 2083157918 bytes 1744888 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 800c: dev eth2 root refcnt 5 bandwidth 450Mbit diffserv4 dual-srchost nat nowash ack-filter split-gso rtt 100ms noatm overhead 36
 Sent 52521107 bytes 271524 pkt (dropped 0, overlimits 2942 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 34560b of 15140Kb
 capacity estimate: 450Mbit
 min/max network layer size:           28 /    1500
 min/max overhead-adjusted size:       64 /    1536
 average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh      28125Kbit      450Mbit      225Mbit   112500Kbit
  target            5ms          5ms          5ms          5ms
  interval        100ms        100ms        100ms        100ms
  pk_delay          0us          9us          2us          9us
  av_delay          0us          8us          0us          6us
  sp_delay          0us          4us          0us          2us
  backlog            0b           0b           0b           0b
  pkts                0       264456            1         7067
  bytes               0     51643241           90       877776
  way_inds            0        13267            0           44
  way_miss            0         3966            1         4719
  way_cols            0            0            0            0
  drops               0            0            0            0
  marks               0            0            0            0
  ack_drop            0            0            0            0
  sp_flows            0            1            0            1
  bk_flows            0            1            0            0
  un_flows            0            0            0            0
  max_len             0        18746           90         4398
  quantum           858         1514         1514         1514

qdisc ingress ffff: dev eth2 parent ffff:fff1 ----------------
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 800d: dev ifb4eth2 root refcnt 2 bandwidth 450Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 36
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15140Kb
 capacity estimate: 450Mbit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Video        Voice
  thresh      28125Kbit      450Mbit      225Mbit   112500Kbit
  target            5ms          5ms          5ms          5ms
  interval        100ms        100ms        100ms        100ms
  pk_delay          0us          0us          0us          0us
  av_delay          0us          0us          0us          0us
  sp_delay          0us          0us          0us          0us
  backlog            0b           0b           0b           0b
  pkts                0            0            0            0
  bytes               0            0            0            0
  way_inds            0            0            0            0
  way_miss            0            0            0            0
  way_cols            0            0            0            0
  drops               0            0            0            0
  marks               0            0            0            0
  ack_drop            0            0            0            0
  sp_flows            0            0            0            0
  bk_flows            0            0            0            0
  un_flows            0            0            0            0
  max_len             0            0            0            0
  quantum           858         1514         1514         1514

nft list table inet dscpclassify

root@FriendlyWrt:~# nft list table inet dscpclassify
table inet dscpclassify {
        set threaded_clients {
                type ipv4_addr . inet_service . inet_proto
                size 65535
                flags dynamic,timeout
        }

        set threaded_clients6 {
                type ipv6_addr . inet_service . inet_proto
                size 65535
                flags dynamic,timeout
        }

        set threaded_services {
                type ipv4_addr . ipv4_addr . inet_service . inet_proto
                size 65535
                flags dynamic,timeout
                elements = { 192.168.2.184 . 23.61.213.0 . 80 . tcp timeout 30s expires 3m27s960ms }
        }

        set threaded_services6 {
                type ipv6_addr . ipv6_addr . inet_service . inet_proto
                size 65535
                flags dynamic,timeout
        }

        map ct_dscp {
                type mark : verdict
                elements = { 0x00000000 : goto dscp_set_cs0, 0x00000001 : goto dscp_set_le, 0x00000008 : goto dscp_set_cs1, 0x0000000a : goto dscp_set_af11, 0x0000000c : goto dscp_set_af12,
                             0x0000000e : goto dscp_set_af13, 0x00000010 : goto dscp_set_cs2, 0x00000012 : goto dscp_set_af21, 0x00000014 : goto dscp_set_af22, 0x00000016 : goto dscp_set_af23,
                             0x00000018 : goto dscp_set_cs3, 0x0000001a : goto dscp_set_af31, 0x0000001c : goto dscp_set_af32, 0x0000001e : goto dscp_set_af33, 0x00000020 : goto dscp_set_cs4,
                             0x00000022 : goto dscp_set_af41, 0x00000024 : goto dscp_set_af42, 0x00000026 : goto dscp_set_af43, 0x00000028 : goto dscp_set_cs5, 0x0000002c : goto dscp_set_va,
                             0x0000002e : goto dscp_set_ef, 0x00000030 : goto dscp_set_cs6, 0x00000038 : goto dscp_set_cs7 }
        }

        map ct_wmm {
                type mark : verdict
                elements = { 0x00000000 : goto dscp_set_cs0, 0x00000001 : goto dscp_set_le, 0x00000008 : goto dscp_set_cs1, 0x0000000a : goto dscp_set_cs0, 0x0000000c : goto dscp_set_cs0,
                             0x0000000e : goto dscp_set_cs0, 0x00000010 : goto dscp_set_cs0, 0x00000012 : goto dscp_set_cs3, 0x00000014 : goto dscp_set_cs3, 0x00000016 : goto dscp_set_cs3,
                             0x00000018 : goto dscp_set_cs4, 0x0000001a : goto dscp_set_cs4, 0x0000001c : goto dscp_set_cs4, 0x0000001e : goto dscp_set_cs4, 0x00000020 : goto dscp_set_cs4,
                             0x00000022 : goto dscp_set_cs4, 0x00000024 : goto dscp_set_cs4, 0x00000026 : goto dscp_set_cs4, 0x00000028 : goto dscp_set_cs5, 0x0000002c : goto dscp_set_cs6,
                             0x0000002e : goto dscp_set_cs6, 0x00000030 : goto dscp_set_cs7, 0x00000038 : goto dscp_set_cs7 }
        }

        map dscp_ct {
                type dscp : verdict
                elements = { cs0 : goto ct_set_cs0,
                             lephb : goto ct_set_le,
                             cs1 : goto ct_set_cs1,
                             af11 : goto ct_set_af11,
                             af12 : goto ct_set_af12,
                             af13 : goto ct_set_af13,
                             cs2 : goto ct_set_cs2,
                             af21 : goto ct_set_af21,
                             af22 : goto ct_set_af22,
                             af23 : goto ct_set_af23,
                             cs3 : goto ct_set_cs3,
                             af31 : goto ct_set_af31,
                             af32 : goto ct_set_af32,
                             af33 : goto ct_set_af33,
                             cs4 : goto ct_set_cs4,
                             af41 : goto ct_set_af41,
                             af42 : goto ct_set_af42,
                             af43 : goto ct_set_af43,
                             cs5 : goto ct_set_cs5,
                             va : goto ct_set_va,
                             ef : goto ct_set_ef,
                             cs6 : goto ct_set_cs6,
                             cs7 : goto ct_set_cs7 }
        }

        chain dscp_set_cs0 {
                ip dscp set cs0
                ip6 dscp set cs0
        }

        chain dscp_set_le {
                ip dscp set lephb
                ip6 dscp set lephb
        }

        chain dscp_set_cs1 {
                ip dscp set cs1
                ip6 dscp set cs1
        }

        chain dscp_set_af11 {
                ip dscp set af11
                ip6 dscp set af11
        }

        chain dscp_set_af12 {
                ip dscp set af12
                ip6 dscp set af12
        }

        chain dscp_set_af13 {
                ip dscp set af13
                ip6 dscp set af13
        }

        chain dscp_set_cs2 {
                ip dscp set cs2
                ip6 dscp set cs2
        }

        chain dscp_set_af21 {
                ip dscp set af21
                ip6 dscp set af21
        }

        chain dscp_set_af22 {
                ip dscp set af22
                ip6 dscp set af22
        }

        chain dscp_set_af23 {
                ip dscp set af23
                ip6 dscp set af23
        }

        chain dscp_set_cs3 {
                ip dscp set cs3
                ip6 dscp set cs3
        }

        chain dscp_set_af31 {
                ip dscp set af31
                ip6 dscp set af31
        }

        chain dscp_set_af32 {
                ip dscp set af32
                ip6 dscp set af32
        }

        chain dscp_set_af33 {
                ip dscp set af33
                ip6 dscp set af33
        }

        chain dscp_set_cs4 {
                ip dscp set cs4
                ip6 dscp set cs4
        }

        chain dscp_set_af41 {
                ip dscp set af41
                ip6 dscp set af41
        }

        chain dscp_set_af42 {
                ip dscp set af42
                ip6 dscp set af42
        }

        chain dscp_set_af43 {
                ip dscp set af43
                ip6 dscp set af43
        }

        chain dscp_set_cs5 {
                ip dscp set cs5
                ip6 dscp set cs5
        }

        chain dscp_set_va {
                ip dscp set va
                ip6 dscp set va
        }

        chain dscp_set_ef {
                ip dscp set ef
                ip6 dscp set ef
        }

        chain dscp_set_cs6 {
                ip dscp set cs6
                ip6 dscp set cs6
        }

        chain dscp_set_cs7 {
                ip dscp set cs7
                ip6 dscp set cs7
        }

        chain ct_set_cs0 {
                ct mark set ct mark & 0xffffff40 | 0x00000040
        }

        chain ct_set_le {
                ct mark set ct mark & 0xffffff01 | 0x00000001
        }

        chain ct_set_cs1 {
                ct mark set ct mark & 0xffffff08 | 0x00000008
        }

        chain ct_set_af11 {
                ct mark set ct mark & 0xffffff0a | 0x0000000a
        }

        chain ct_set_af12 {
                ct mark set ct mark & 0xffffff0c | 0x0000000c
        }

        chain ct_set_af13 {
                ct mark set ct mark & 0xffffff0e | 0x0000000e
        }

        chain ct_set_cs2 {
                ct mark set ct mark & 0xffffff10 | 0x00000010
        }

        chain ct_set_af21 {
                ct mark set ct mark & 0xffffff12 | 0x00000012
        }

        chain ct_set_af22 {
                ct mark set ct mark & 0xffffff14 | 0x00000014
        }

        chain ct_set_af23 {
                ct mark set ct mark & 0xffffff16 | 0x00000016
        }

        chain ct_set_cs3 {
                ct mark set ct mark & 0xffffff18 | 0x00000018
        }

        chain ct_set_af31 {
                ct mark set ct mark & 0xffffff1a | 0x0000001a
        }

        chain ct_set_af32 {
                ct mark set ct mark & 0xffffff1c | 0x0000001c
        }

        chain ct_set_af33 {
                ct mark set ct mark & 0xffffff1e | 0x0000001e
        }

        chain ct_set_cs4 {
                ct mark set ct mark & 0xffffff20 | 0x00000020
        }

        chain ct_set_af41 {
                ct mark set ct mark & 0xffffff22 | 0x00000022
        }

        chain ct_set_af42 {
                ct mark set ct mark & 0xffffff24 | 0x00000024
        }

        chain ct_set_af43 {
                ct mark set ct mark & 0xffffff26 | 0x00000026
        }

        chain ct_set_cs5 {
                ct mark set ct mark & 0xffffff28 | 0x00000028
        }

        chain ct_set_va {
                ct mark set ct mark & 0xffffff2c | 0x0000002c
        }

        chain ct_set_ef {
                ct mark set ct mark & 0xffffff2e | 0x0000002e
        }

        chain ct_set_cs6 {
                ct mark set ct mark & 0xffffff30 | 0x00000030
        }

        chain ct_set_cs7 {
                ct mark set ct mark & 0xffffff38 | 0x00000038
        }

        chain input {
                type filter hook input priority filter + 2; policy accept;
                iifname "lo" return
                ct mark & 0x000000ff == 0x00000000 ct direction original jump static_classify
                ct mark & 0x00000080 == 0x00000080 jump dynamic_classify
        }

        chain postrouting {
                type filter hook postrouting priority filter + 2; policy accept;
                oifname "lo" return
                ct mark & 0x000000ff == 0x00000000 ct direction original jump static_classify
                ct mark & 0x00000080 == 0x00000080 jump dynamic_classify
                oifname "eth1" ct mark & 0x0000003f vmap @ct_wmm
                ct mark & 0x0000003f vmap @ct_dscp
        }

        chain static_classify {
                meta l4proto { tcp, udp } ip saddr 192.168.2.242 th sport { 5000-5180, 5353, 5500-5680, 6771, 9992, 60456, 64490 } counter packets 0 bytes 0 goto ct_set_ef comment "red"
                meta l4proto { tcp, udp } ip saddr 192.168.2.242 counter packets 63 bytes 23919 goto ct_set_ef comment "red1"
                meta l4proto udp iifname "eth1" ip saddr 192.168.2.119 counter packets 271 bytes 87927 goto ct_set_cs0 comment "garb"
                meta l4proto { tcp, udp } th dport { 53, 853, 5353 } goto ct_set_cs5 comment "DNS"
                meta l4proto { tcp, udp } ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888, 2606:4700:4700::1001, 2606:4700:4700::1111, 2620:fe::9, 2620:fe::11, 2620:fe::fe, 2620:fe::fe:11, 2a10:50c0::ad1:ff, 2a10:50c0::ad2:ff, 2a10:50c0::ded:ff } th dport 443 goto ct_set_cs5 comment "DoH"
                meta l4proto { tcp, udp } ip daddr { 1.0.0.1, 1.1.1.1, 8.8.4.4, 8.8.8.8, 9.9.9.9, 9.9.9.11, 94.140.14.0/24, 149.112.112.11, 149.112.112.112 } th dport 443 goto ct_set_cs5 comment "DoH"
                udp dport { 67, 68 } goto ct_set_cs5 comment "BOOTP/DHCP"
                udp dport 123 goto ct_set_cs5 comment "NTP"
                tcp dport 22 goto ct_set_cs2 comment "SSH"
                ip6 daddr 2603:1063::/39 udp sport 50000-50019 goto ct_set_ef comment "Microsoft Teams voice"
                ip daddr { 13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15 } udp sport 50000-50019 goto ct_set_ef comment "Microsoft Teams voice"
                ip6 daddr 2603:1063::/39 udp dport 3478-3481 udp sport 50020-50039 goto ct_set_af41 comment "Microsoft Teams video"
                ip daddr { 13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15 } udp dport 3478-3481 udp sport 50020-50039 goto ct_set_af41 comment "Microsoft Teams video"
                ip6 daddr 2603:1063::/39 udp dport 3478-3481 udp sport 50040-50059 goto ct_set_af21 comment "Microsoft Teams sharing"
                ip daddr { 13.107.64.0/18, 52.112.0.0/14, 52.122.0.0/15 } udp dport 3478-3481 udp sport 50040-50059 goto ct_set_af21 comment "Microsoft Teams sharing"
                ip daddr { 23.89.0.0/16, 62.109.192.0/18, 64.68.96.0/19, 66.114.160.0/20, 66.163.32.0/19, 69.26.160.0/19, 114.29.192.0/19, 150.253.128.0/17, 170.72.0.0/16, 170.133.128.0/18, 173.39.224.0/19, 173.243.0.0/20, 207.182.160.0/19, 209.197.192.0/19, 210.4.192.0/20, 216.151.128.0/19 } udp dport 4501 goto ct_set_af41 comment "Webex video/audio"
                ip daddr 142.250.82.0/24 udp dport 19302-19309 goto ct_set_af41 comment "Google Meet"
                ip dscp != { cs0, cs6, cs7 } iifname != "eth2" ip dscp vmap @dscp_ct
                ip6 dscp != { cs0, cs6, cs7 } iifname != "eth2" ip6 dscp vmap @dscp_ct
                meta l4proto != { tcp, udp } goto ct_set_cs0
                ct mark set ct mark & 0xffffff80 | 0x00000080
        }

        chain dynamic_classify {
                ct status & seen-reply != seen-reply return
                ct direction reply goto dynamic_classify_reply
                ip saddr . th sport . meta l4proto @threaded_clients goto threaded_client
                ip6 saddr . th sport . meta l4proto @threaded_clients6 goto threaded_client
                ip saddr . ip daddr & 255.255.255.0 . th dport . meta l4proto @threaded_services goto threaded_service
                ip6 saddr . ip6 daddr & ffff:ffff:ffff:: . th dport . meta l4proto @threaded_services6 goto threaded_service
        }

        chain dynamic_classify_reply {
                ct reply packets 1 jump established_connection
                ip daddr . th dport . meta l4proto @threaded_clients goto threaded_client_reply
                ip6 daddr . th dport . meta l4proto @threaded_clients6 goto threaded_client_reply
                ip daddr . ip saddr & 255.255.255.0 . th sport . meta l4proto @threaded_services goto threaded_service_reply
                ip6 daddr . ip6 saddr & ffff:ffff:ffff:: . th sport . meta l4proto @threaded_services6 goto threaded_service_reply
        }

        chain established_connection {
                meter tc_detect size 65535 { ip daddr . th dport . meta l4proto timeout 5s limit rate over 9/minute } add @threaded_clients { ip daddr . th dport . meta l4proto timeout 30s }
                meter tc_detect6 size 65535 { ip6 daddr . th dport . meta l4proto timeout 5s limit rate over 9/minute } add @threaded_clients6 { ip6 daddr . th dport . meta l4proto timeout 30s }
                meter ts_detect size 65535 { ip daddr . ip saddr & 255.255.255.0 . th sport . meta l4proto timeout 5s limit rate over 2/minute } add @threaded_services { ip daddr . ip saddr & 255.255.255.0 . th sport . meta l4proto timeout 30s }
                meter ts_detect6 size 65535 { ip6 daddr . ip6 saddr & ffff:ffff:ffff:: . th sport . meta l4proto timeout 5s limit rate over 2/minute } add @threaded_services6 { ip6 daddr . ip6 saddr & ffff:ffff:ffff:: . th sport . meta l4proto timeout 30s }
        }

        chain threaded_client {
                meter tc_orig_bulk size 65535 { ip saddr . th sport . meta l4proto timeout 5m limit rate over 1999 bytes/hour } update @threaded_clients { ip saddr . th sport . meta l4proto timeout 5m } goto ct_set_le
                meter tc_orig_bulk6 size 65535 { ip6 saddr . th sport . meta l4proto timeout 5m limit rate over 1999 bytes/hour } update @threaded_clients6 { ip6 saddr . th sport . meta l4proto timeout 5m } goto ct_set_le
        }

        chain threaded_client_reply {
                meter tc_reply_bulk size 65535 { ip daddr . th dport . meta l4proto timeout 5m limit rate over 1999 bytes/hour } update @threaded_clients { ip daddr . th dport . meta l4proto timeout 5m } goto ct_set_le
                meter tc_reply_bulk6 size 65535 { ip6 daddr . th dport . meta l4proto timeout 5m limit rate over 1999 bytes/hour } update @threaded_clients6 { ip6 daddr . th dport . meta l4proto timeout 5m } goto ct_set_le
        }

        chain threaded_service {
                ct original bytes < 2000 return
                update @threaded_services { ip saddr . ip daddr & 255.255.255.0 . th dport . meta l4proto timeout 5m }
                update @threaded_services6 { ip6 saddr . ip6 daddr & ffff:ffff:ffff:: . th dport . meta l4proto timeout 5m }
                goto ct_set_af13
        }

        chain threaded_service_reply {
                ct reply bytes < 2000 return
                update @threaded_services { ip daddr . ip saddr & 255.255.255.0 . th sport . meta l4proto timeout 5m }
                update @threaded_services6 { ip6 daddr . ip6 saddr & ffff:ffff:ffff:: . th sport . meta l4proto timeout 5m }
                goto ct_set_af13
        }
}

tc filter show dev eth2 egress dont have any output

fw4 -q zone wan

root@FriendlyWrt:~# fw4 -q zone wan
eth2
eth2

This seems to be the issue.

Did you forget to install

kmod-sched-ctinfo

What is the output of:

logread | grep SQM

i think its where the error at here is the output

root@FriendlyWrt:~# logread | grep SQM
Mon Feb 12 11:58:14 2024 user.notice SQM: Starting SQM script: layer_cake_ct.qos on eth2, in: 85000 Kbps, out: 10000 Kbps
Mon Feb 12 11:58:14 2024 user.notice SQM: ERROR: cmd_wrapper: tc: FAILURE (2): /sbin/tc filter add dev eth2 parent ffff: matchall action ctinfo dscp 0x0000003f mirred egress redirect dev ifb4eth2
Mon Feb 12 11:58:14 2024 user.notice SQM: ERROR: cmd_wrapper: tc: LAST ERROR: RTNETLINK answers: No such file or directory We have an error talking to the kernel
Mon Feb 12 11:58:14 2024 user.notice SQM: WARNING: sqm_start_default: layer_cake_ct.qos lacks an ingress() function
Mon Feb 12 11:58:14 2024 user.notice SQM: layer_cake_ct.qos was started on eth2 successfully
root@FriendlyWrt:~#

Did you install the required kmod as mentioned in the first post?

i did here is the output sir

root@FriendlyWrt:~# repo="https://raw.githubusercontent.com/jeverley/dscpclassify/main"
te
opkg root@FriendlyWrt:~# opkg update
kmod-sched-ctinfo
wget "$repo/usr/lib/sqm/layer_cake_ct.qos" -O "/usr/lib/sqm/layer_cake_ct.qos"
wget "$repo/usr/lib/sqm/layer_cake_ct.qos.help" -O "/usr/lib/sqm/layer_cake_ct.qos.help"Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/base/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_base
Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/luci/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_luci
Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/packages/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_packages
Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/routing/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_routing
Downloading https://mirrors.cloud.tencent.com/openwrt/releases/23.05.2/packages/aarch64_generic/telephony/Packages.gz
Updated list of available packages in /opt/opkg-lists/openwrt_telephony
Downloading file://opt/packages/Packages.gz
Updated list of available packages in /opt/opkg-lists/friendlywrt_packages
root@FriendlyWrt:~# opkg install kmod-sched-ctinfo
Package kmod-sched-ctinfo (5.15.137-1) installed in root is up to date.
root@FriendlyWrt:~# wget "$repo/usr/lib/sqm/layer_cake_ct.qos" -O "/usr/lib/sqm/layer_cake_ct.qos"
--2024-02-12 12:14:12--  https://raw.githubusercontent.com/jeverley/dscpclassify/main/usr/lib/sqm/layer_cake_ct.qos
Resolving raw.githubusercontent.com... 185.199.110.133, 185.199.111.133, 185.199.108.133, ...
Connecting to raw.githubusercontent.com|185.199.110.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1638 (1.6K) [text/plain]
Saving to: '/usr/lib/sqm/layer_cake_ct.qos'

/usr/lib/sqm/layer_cake_ct.qos                              100%[========================================================================================================================================>]   1.60K  --.-KB/s    in 0s

2024-02-12 12:14:12 (23.5 MB/s) - '/usr/lib/sqm/layer_cake_ct.qos' saved [1638/1638]

root@FriendlyWrt:~# wget "$repo/usr/lib/sqm/layer_cake_ct.qos.help" -O "/usr/lib/sqm/layer_cake_ct.qos.help"

@JPIRA - DSCP classify didnt work for me on Ingress with friendlyWRT on my NanoPI R6S, try using qosify, that worked fine.

1 Like

Or you could just send a bug report to FriendlyWRT. It seems like it might be a FriendlyWRT-specific issue…

Or even better, use official OpenWrt - if possible

Qosify is an alternative but unfortunately cannot do everything that dscpclassify can.

1 Like

Can also try cake-qos-simple. I use this myself to handle DSCPs, which can be set in LAN clients on upload and restored from conntrack on download, or can be set in router. It also sets up the cake interfaces. All in simple service script and nftables template.

3 Likes

Is anyone running this with a internal modem with a PPPoE interface for a VDSL2 connection?
If so, is anyone getting the same?

My SQM settings seems to be going fine with the right download and upload speed and everything i did in the config e.g dsrv4 etc but for some reason it just dosnt like dscpclassify.

The issue im facing is that when downloading a Ubuntu torrent and then i started a HTTP download via my public server (not LAN to LAN) , It seem that P2P (torrent client) is taking over the HTTP download.

My understand is, The HTTP download should be the first rather then the P2P what should slow down.

As you can see, nftables is just 1 packet.

    chain static_classify {
            meta l4proto { tcp, udp } th dport { 53, 5353 } counter packets 19 bytes 1368 goto ct_set_cs5 comment "DNS"
            udp dport { 67, 68 } counter packets 1 bytes 314 goto ct_set_cs5 comment "BOOTP/DHCP"
            udp dport 123 counter packets 0 bytes 0 goto ct_set_cs5 comment "NTP"
            tcp dport 22 counter packets 0 bytes 0 goto ct_set_cs2 comment "SSH"
            udp dport 4500 counter packets 0 bytes 0 goto ct_set_ef comment "WiFi Calling"
            ip daddr XX.XX.XX counter packets 1 bytes 52 goto ct_set_cs0 comment "Test File"
            meta l4proto icmp counter packets 0 bytes 0 goto ct_set_cs0 comment "ICMP"
            udp dport != { 80, 443 } ip saddr { 192.168.1.200, 192.168.1.201 } counter packets 1 bytes 1350 goto ct_set_cs0 comment "Game Console non-HTTP"
            ip dscp != { cs0, cs6, cs7 } iifname != "pppoe-wan" ip dscp vmap @dscp_ct
            ip6 dscp != { cs0, cs6, cs7 } iifname != "pppoe-wan" ip6 dscp vmap @dscp_ct
            meta l4proto != { tcp, udp } goto ct_set_cs0
            ct mark set ct mark & 0xffffff80 | 0x00000080

SQM

config queue 'eth1'
	option enabled '1'
	option interface 'pppoe-wan'
	option download '60000' # 60MB
	option upload '17000' # 17MB
	option qdisc 'cake'
	option script 'layer_cake_ct.qos'
	option linklayer 'ethernet'
	option debug_logging '0'
	option verbosity '0'
	option overhead '34'
	option qdisc_advanced '1'
	option squash_dscp '0'
	option squash_ingress '0'
	option ingress_ecn 'ECN'
	option egress_ecn 'NOECN'
	option qdisc_really_really_advanced '1'
	option iqdisc_opts 'nat dual-dsthost ingress diffserv4'
	option eqdisc_opts 'nat dual-srchost ack-filter diffserv4'

dscpclassify

config global 'global'
	option class_bulk 'cs1'
	option class_high_throughput 'cs1'
	option client_hints '1'
	option threaded_client_min_bytes '10000'
	option threaded_service_min_bytes '1000000'
	option wmm '0'

config rule
	option name 'DNS'
	list proto 'tcp'
	list proto 'udp'
	list dest_port '53'
	list dest_port '5353'
	option class 'cs5'
	option counter '1'

config rule
	option name 'BOOTP/DHCP'
	option proto 'udp'
	list dest_port '67'
	list dest_port '68'
	option class 'cs5'
	option counter '1'

config rule
	option name 'NTP'
	option proto 'udp'
	option dest_port '123'
	option class 'cs5'
	option counter '1'

config rule
	option name 'SSH'
	option proto 'tcp'
	option dest_port '22'
	option class 'cs2'
	option counter '1'

config rule
	option name 'WiFi Calling'
	option proto 'udp'
	option dest_port '4500'
	option class 'ef'
	option counter '1'
	
config rule
	option name 'Test File on Server'
	list dest_ip 'XX.XX.XX.XX'
	option class 'cs0'
	option counter '1'

config rule
	option name 'ICMP'
	list proto 'icmp'
	option class 'cs0'
	option enabled '1'
	option counter '1'

config rule # A rule which marks all non-HTTP UDP connections from a specific IP
	option name 'Game Console non-HTTP'
	option proto 'udp'
	list src_ip '192.168.1.200'
	list src_ip '192.168.1.201'
	list dest_port '!80'
	list dest_port '!443'
	option class 'cs0'
	option counter '1'
	option enabled '1'

ip addr

eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
dsl0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether
dsl0.101@dsl0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether
pppoe-wan: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1492 qdisc cake state UNKNOWN qlen 3
    link/ppp
    inet MY PUBLIC IP FROM ISP peer 172.16.11.165/32 scope global pppoe-wan
       valid_lft forever preferred_lft forever

Hello, can someone please provide a config with focus on work related things? Like web, voip, and prevent/punish large downloads?
Ty

	option threaded_client_min_bytes '10000'

From my understanding is, This rule tells the router, anything over 1MB will be class af13 for downloads.

I have the following you can add

	option name 'Apple FaceTime Incoming'
	option proto 'udp'
	list src_port '16384-16387'
	list src_port '16393-16402'
	option class 'af41'
	option counter '1'

config rule
	option name 'Apple FaceTime Outgoing'
	option proto 'udp'
	list dest_port '16384-16387'
	list dest_port '16393-16402'
	option class 'af41'
	option counter '1'

config rule
	option name 'WiFi Calling VoWiFi'
	option proto 'udp'
	option dest_port '500'
	option dest_port '4500'
	option class 'ef'
	option counter '1'

hello everybody , I would like some help to configure my dscp classify because when i install and active dscp classify my upload slowdown to 11 MB

Not a DSCP classify expert, but I guess the following pieces of information might help:

  1. the output of tc -s qdisc
  2. a screenshot of the final results of: https://speed.cloudflare.com
  3. the output of tc -s qdisc taken immediate after the speedtest finished (and before taking the screenshot)

And I guess the DSCP classify configuration files...