Error flow id ? on script qos

Installing and Using OpenWrt
1

hello everybody
@xato_coslada @segal_72 for your help

@moeller0 @dlakelan @Barrakketh @ldir

i would like to install this script on my belkin rt3200 i have the command displayed in tc-s d filter show dev wan etc

but I don't know if the script really works
and what does he do precisely in himself

it looks very interesting to me since we can add so many console "thank you barrakketh"

just one thing in the results of the script i have flow id ??? I don't know if this is normal if you can direct me thank you in advance

it's really a great community and I'm proud to be part of it :slight_smile:

Capture d’écran 2021-09-05 à 02.21.15
Capture d’écran 2021-09-05 à 02.21.15712×331 18.4 KB 

#!/bin/sh
# Cero3 Shaper
# A cake shaper and AQM solution that allows several diffserv marking schemes
# for ethernet gateways

# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
#       Copyright (C) 2012-5 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller


#sm: TODO pass in the cake diffserv keyword

. ${SQM_LIB_DIR}/defaults.sh
QDISC=cake

# Default traffic classication is passed in INGRESS_CAKE_OPTS and EGRESS_CAKE_OPTS, defined in defaults.sh now


egress() {
    SILENT=1 $TC qdisc del dev $IFACE root
    $TC qdisc add dev $IFACE root handle cacf: $( get_stab_string ) cake \
        bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}

    # put an action on the egress interface to set DSCP from the stored connmark.
    # this seems counter intuitive but it ensures once the mark is set that all
    # subsequent egress packets have the same stored DSCP avoiding iptables rules
    # to mark every packet, ctinfo does it for us and then CAKE is happy using the
    # DSCP
    $TC filter add dev $IFACE protocol all prio 10 u32 match u32 0 0 action \
	ctinfo dscp 0xfc000000 0x01000000
}


ingress() {

    SILENT=1 $TC qdisc del dev $IFACE handle ffff: ingress
    $TC qdisc add dev $IFACE handle ffff: ingress

    SILENT=1 $TC qdisc del dev $DEV root

    [ "$IGNORE_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS besteffort"
    [ "$ZERO_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS wash"

    $TC qdisc add dev $DEV root handle cace: $( get_stab_string ) cake \
        bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}

    $IP link set dev $DEV up

    # redirect all IP packets arriving in $IFACE to ifb4wan
    # set DSCP from conntrack mark
    $TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
	match u32 0 0 action \
	ctinfo dscp 0xfc000000 0x01000000 \
	mirred egress redirect dev $DEV

    # Configure iptables chain to mark packets
    ipt -t mangle -N QOS_MARK_${IFACE}

    # Change DSCP of relevant hosts/packets
    # and save the DSCP to the connmark using savedscp 
    
    #From sched_cake.c:
    # /*  Further pruned list of traffic classes for four-class system:
    # *
    # *	    Latency Sensitive  (CS7, CS6, EF, VA, CS5, CS4)
    # *	    Streaming Media    (AF4x, AF3x, CS3, AF2x, TOS4, CS2, TOS1)
    # *	    Best Effort        (CS0, AF1x, TOS2, and those not specified)
    # *	    Background Traffic (CS1)
    # *
    # *		Total 4 traffic classes.
    # */
    
    #and for diffserv8:
    # /*	Pruned list of traffic classes for typical applications:
    # *
    # *		Network Control          (CS6, CS7)
    # *		Minimum Latency          (EF, VA, CS5, CS4)
    # *		Interactive Shell        (CS2, TOS1)
    # *		Low Latency Transactions (AF2x, TOS4)
    # *		Video Streaming          (AF4x, AF3x, CS3)
    # *		Bog Standard             (CS0 etc.)
    # *		High Throughput          (AF1x, TOS2)
    # *		Background Traffic       (CS1)
    # *
    # *		Total 8 traffic classes.
    # */
 
    iptables -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.2 -m comment --comment "Testing to see if ctinfo is working" -j DSCP --set-dscp-class AF41
    iptables -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.2 -m comment --comment "Testing to see if ctinfo is working" -j DSCP --set-dscp-class AF41

# Template for small packets (test)
    ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.2.160 -m multiport --dports 80,443 -m connbytes --connbytes-dir both --connbytes-mode avgpkt --connbytes 0:1200 -m comment --comment "dopamtestps5" -j DSCP --set-dscp-class ${GAMING_CLASS}
#   
    GAMING_CLASS=CS5 #was CS3
    ipt -t mangle -A QOS_MARK_${IFACE} -m set --match-set gameset dst -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -m comment --comment "Match bulk traffic" -m set --match-set bulkset dst -j DSCP --set-dscp-class CS1
    #Mike Wii U
    #ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.3 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    #ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.3 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    #Hayden Wii U
    #ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.4 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    #ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.4 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    #dopam PS5
    ipt -t mangle -A QOS_MARK_${IFACE} -m comment --comment "DSCP for Dopam-IT_1987" -p tcp -s 192.168.2.160 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.2.160 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    #Elijah Switch
    #ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.152 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    #ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.152 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
    
    ipt -A QOS_MARK_${IFACE} -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000
    # Send unmarked connections to the marking chain
    # top 6 bits are DSCP, LSB is DSCP is valid flag
    ipt -t mangle -A PREROUTING  -i $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}
    ipt -t mangle -A POSTROUTING -o $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}

    #you could just send every packet to the marking chain and update the stored DSCP for every packet
    #which should work for dynamic type marking but at a cpu cost
}

sqm_prepare_script() {
    do_modules
    verify_qdisc $QDISC "cake" || return 1
}

Chain QOS_MARK_wan (2 references)
 pkts bytes target     prot opt in     out     source               destination 
14392 4155K DSCP       tcp  --  *      *       192.168.2.160        0.0.0.0/0            /* Testing to see if ctinfo is working */ DSCP set 0x20
  853 50157 DSCP       udp  --  *      *       192.168.2.160        0.0.0.0/0            /* Testing to see if ctinfo is working */ DSCP set 0x20
    0     0 DSCP       tcp  --  *      *       192.168.1.2          0.0.0.0/0            /* Testing to see if ctinfo is working */ DSCP set 0x22
    0     0 DSCP       udp  --  *      *       192.168.1.2          0.0.0.0/0            /* Testing to see if ctinfo is working */ DSCP set 0x22
  498  145K DSCP       tcp  --  *      *       192.168.2.160        0.0.0.0/0            /* DSCP for Dopam-IT_1987 */ multiport dports 1024:65535 DSCP set 0x28
  440 25872 DSCP       udp  --  *      *       192.168.2.160        0.0.0.0/0            multiport dports 1024:65535 DSCP set 0x28
root@OpenWrt:~# tc -s -d filter show dev wan
filter parent cacf: protocol all pref 10 u32 chain 0
filter parent cacf: protocol all pref 10 u32 chain 0 fh 800: ht divisor 1
filter parent cacf: protocol all pref 10 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw
  match 00000000/00000000 at 0
        action order 1: ctinfo zone 0 pipe
         index 1 ref 1 bind 1 dscp 0xfc000000 0x01000000 installed 2748 sec used 0 sec firstused 2748 sec DSCP set 0 error 0 CPMARK set 0
        Action statistics:
        Sent 51374669 bytes 143982 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0

root@OpenWrt:~# tc -s -d filter show dev wan egress
filter parent ffff: protocol all pref 10 u32 chain 0
filter parent ffff: protocol all pref 10 u32 chain 0 fh 800: ht divisor 1
filter parent ffff: protocol all pref 10 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 terminal flowid ??? not_in_hw
  match 00000000/00000000 at 0
        action order 1: ctinfo zone 0 pipe
         index 2 ref 1 bind 1 dscp 0xfc000000 0x01000000 installed 2759 sec used 0 sec firstused 2758 sec DSCP set 0 error 0 CPMARK set 0
        Action statistics:
        Sent 182355837 bytes 185048 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0

        action order 2: mirred (Egress Redirect to device ifb4wan) stolen
        index 1 ref 1 bind 1 installed 2759 sec used 0 sec firstused 2758 sec
        Action statistics:
        Sent 182355837 bytes 185048 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0
2

This is normal.

2 Likes
3

I discovered a 'matchall' target that I would have thought is more efficient than using u32 to match everything, so the egress tc invocation for equivalent functionality would be:

$TC filter add dev $IFACE matchall action \ ctinfo dscp 0xfc000000 0x01000000

Similarly the ingress invocation

$TC filter add dev $IFACE parent ffff: matchall action \ ctinfo dscp 0xfc000000 0x01000000 \ mirred egress redirect dev $DEV

I'd like to think a few CPU cycles might be saved but have not tested/proved!

1 Like
4

ok thank you for your clarification, if I understand correctly I do not touch anything it works well as I configured it?