DSCP for SQM settings

Nothing new under the sun I just wanted to share my settings.

You can use diffserv4 or diffserv8

Paste in Network -> Firewall -> Custom Rules

iptables -t mangle -N dscp_mark
ip6tables -t mangle -N dscp_mark

iptables -t mangle -F dscp_mark
ip6tables -t mangle -F dscp_mark

iptables -t mangle -A FORWARD -j dscp_mark
ip6tables -t mangle -A FORWARD -j dscp_mark


## Shorten
ipt (){
    iptables -t mangle -A dscp_mark "$@"
    ip6tables -t mangle -A dscp_mark "$@"
}


## AF41
ipt -j DSCP --set-dscp-class AF41 -m comment --comment "Set DSCP AF41 as Default"


## CS1
# Use any of these ports, from "6881" to "6999" on your BitTorrent Clients and only use the "uTP" protocol.
ipt -p tcp -m multiport --ports 6881:6999 -j DSCP --set-dscp-class CS1 -m comment --comment "BitTorrent Clients in CS1 (TCP)"
ipt -p udp -m multiport --ports 6881:6999 -j DSCP --set-dscp-class CS1 -m comment --comment "BitTorrent Clients in CS1 (UDP)"


## CS0
ipt -p tcp -m multiport --ports 80,591,8008,8080,443 -j DSCP --set-dscp-class CS0 -m comment --comment "HTTP, HTTPS and QUIC in CS0 (TCP)"
ipt -p udp -m multiport --ports 80,591,8008,8080,443 -j DSCP --set-dscp-class CS0 -m comment --comment "HTTP, HTTPS and QUIC in CS0 (UDP)"


## CS5
ipt -p icmp -j DSCP --set-dscp-class CS5 -m comment --comment "ICMP in CS5 (Pings)"

ipt -p tcp -m multiport --ports 53,5353,123 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS and NTP in CS5 (TCP)"
ipt -p udp -m multiport --ports 53,5353,123 -j DSCP --set-dscp-class CS5 -m comment --comment "DNS and NTP in CS5 (UDP)"


## CS6
# Give high priority to Consoles, these 4 iptables rules will cover all ports (except 80,591,8008,8080,443) in the IP addresses "192.168.1.8" to "192.168.1.11". (Use those 4 IP addresses on the Consoles)
iptables -t mangle -A dscp_mark -s 192.168.1.8/30 -p tcp -m multiport ! --ports 80,591,8008,8080,443 -j DSCP --set-dscp-class CS6 -m comment --comment "Consoles in CS6 (TCP)"
iptables -t mangle -A dscp_mark -d 192.168.1.8/30 -p tcp -m multiport ! --ports 80,591,8008,8080,443 -j DSCP --set-dscp-class CS6 -m comment --comment "Consoles in CS6 (TCP)"
iptables -t mangle -A dscp_mark -s 192.168.1.8/30 -p udp -m multiport ! --ports 80,591,8008,8080,443 -j DSCP --set-dscp-class CS6 -m comment --comment "Consoles in CS6 (UDP)"
iptables -t mangle -A dscp_mark -d 192.168.1.8/30 -p udp -m multiport ! --ports 80,591,8008,8080,443 -j DSCP --set-dscp-class CS6 -m comment --comment "Consoles in CS6 (UDP)"

# Add a # in the above iptables and remove the # of these and TEST.
# Give high priority to Consoles, these 2 iptables rules will cover all ports (except 80,591,8008,8080,443) in the IP addresses "192.168.1.8" to "192.168.1.11". (Use those 4 IP addresses on the Consoles)
#iptables -t mangle -A dscp_mark -m conntrack --ctorigsrc 192.168.1.8/30 -p tcp -m multiport ! --ports 80,591,8008,8080,443 -j DSCP --set-dscp-class CS6 -m comment --comment "Consoles in CS6 (TCP)"
#iptables -t mangle -A dscp_mark -m conntrack --ctorigsrc 192.168.1.8/30 -p udp -m multiport ! --ports 80,591,8008,8080,443 -j DSCP --set-dscp-class CS6 -m comment --comment "Consoles in CS6 (UDP)"

ipt -p udp -m multiport --ports 3478,4379,4380,27000:27100 -j DSCP --set-dscp-class CS6 -m comment --comment "Steam in CS6 (UDP)"

ipt -p udp -m multiport --dports 5000:5500 -j DSCP --set-dscp-class CS6 -m comment --comment "League of Legends in CS6 (UDP)"

Information:

1380×2580

800×1560

809×2110

1055×807

Source:

• General Discussion about QOS/SQM
• Using DSCP for QoS
• QoS and nftables ... some findings to share
• Ultimate SQM settings: Layer_cake + DSCP marks (New Script!)
• Ultimate SQM settings: Layer_cake + DSCP marks

• List of TCP and UDP port numbers - Wikipedia
• SG TCP/IP Ports Database

I don't think the forum is a place for sharing particular relegious beliefs. I suggest that you edit the subject line.

DSCP tagging with SQM works fine with the egress/upload side (via simple iptable rules) but the problem is that it won't work with the ingress/download side without using rather complex methods (e.g. veth or nftables).
My hope is that this will change is the future so inexperienced users like me can make DSCP tagging work with the ingress side in a simple way. I was reading a little bit in the "QoS and nftables" thread but it doesn't seem to be easy to implement this in OpenWRT.