Help me update my HFSC shaper scripts for fw4/nftables

So there's no longer a physical settings option, it is now in network > interfaces > devices. I've created a device called lanveth and set it's type to virtual ethernet. Is there anything else I need to fill in?

image903×639 19.3 KB

image961×246 11.6 KB

Going back to interfaces I have this from the previous step

image984×93 6.19 KB

Here I selected lanveth

image910×670 45.8 KB

image997×112 7.14 KB

A few errors after I ran the script but it did load as per normal and rules appeared in nftables dscptag section. Lost all internet access and no packets registered as going through the new interface

sh SimpleHFSCgamerscript.sh
14: lanveth@veth0: <NO-CARRIER,BROADCAST,MULTICAST,UP,M-DOWN> mtu 1500 qdisc noqueue state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether 4a:ef:7b:71:76:e5 brd ff:ff:ff:ff:ff:ff
Cannot find device "lanbrport"
Cannot find device "lanbrport"
Error: ipv4: FIB table does not exist.
Flush terminated

tc -s qdisc

root@OpenWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 10477025 bytes 30993 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 1518 drop_overlimit 0 new_flow_count 11 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc hfsc 1: dev wan root refcnt 2 default 13
 Sent 145671 bytes 1003 pkt (dropped 2, overlimits 699 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 800b: dev wan parent 1:12 limit 10240p flows 1024 quantum 3000 target 4ms interval 101ms memory_limit 375000b ecn drop_batch 64
 Sent 26437 bytes 236 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 146 drop_overlimit 0 new_flow_count 224 ecn_mark 0
  new_flows_len 1 old_flows_len 0
qdisc fq_codel 800d: dev wan parent 1:14 limit 10240p flows 1024 quantum 3000 target 4ms interval 101ms memory_limit 375000b ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc pfifo 10: dev wan parent 1:11 limit 138p
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 800c: dev wan parent 1:13 limit 10240p flows 1024 quantum 3000 target 4ms interval 101ms memory_limit 375000b ecn drop_batch 64
 Sent 119144 bytes 766 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 1334 drop_overlimit 0 new_flow_count 524 ecn_mark 0
  new_flows_len 1 old_flows_len 15
qdisc fq_codel 800e: dev wan parent 1:15 limit 10240p flows 1024 quantum 3000 target 4ms interval 101ms memory_limit 375000b ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc noqueue 0: dev lan1 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan2 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan3 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan4 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev br-lan root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 0: dev ifb0 root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc hfsc 1: dev lanveth root refcnt 2 default 13
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 800f: dev lanveth parent 1:12 limit 10240p flows 1024 quantum 3000 target 4ms interval 100ms memory_limit 2500000b ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 8011: dev lanveth parent 1:14 limit 10240p flows 1024 quantum 3000 target 4ms interval 100ms memory_limit 2500000b ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc pfifo 10: dev lanveth parent 1:11 limit 897p
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 8010: dev lanveth parent 1:13 limit 10240p flows 1024 quantum 3000 target 4ms interval 100ms memory_limit 2500000b ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 8012: dev lanveth parent 1:15 limit 10240p flows 1024 quantum 3000 target 4ms interval 100ms memory_limit 2500000b ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
root@OpenWrt:~#

Reboot brought the internet back thankfully, glad I didn't have to factory reset this time Also the dscptag rules are still in firewall

i think the script missed like this no need bandwidht recude for bufferbloat because i has a fiber optic now

but if i put 0 my connexion doesn't work too i would like only priorise the dscp by ip of my console

Maybe it will work if we didn't select veth? What would we have to do to run it without veth? unbridge all the lan ports from br-lan so it becomes eth0.1 and eth0.2 like the edgerouter?

Juste put vethdown no and IS work

hi daniel

GAMEUP and GAMEDOWN seems not work manually anyone has test ?

is possible to make gameup and gamedown for script elan cake qos script ?

thanks

no, cake has a fixed prioritization scheme. you can't create separate bins and give specific speeds. If you want specific speeds HFSC is still your best bet.

I haven't tested the script in a while, but anyone who has please let us know if there's issues with the script not working.

working fine here, still using no issues

@dlakelan - can we add the below?

    workdir=$(pwd)
    echo "You do not have the DSCP tagging script, downloading from github"
	**mkdir /usr/share/nftables.d/ruleset-post/**
    cd /usr/share/nftables.d/ruleset-post/
    wget https://raw.githubusercontent.com/dlakelan/routerperf/master/dscptag.nft
    cd $workdir

helps with first time setup of the script, Thanks

for fw3 it works fine but for fw4 i couldn't get it to work

Hi What IS thé problème thé gameup et gamedown. ??doesn't work

it's been a while since i used it but what i remember is that my internet cuts off when i launch it
and when i check my firewall rules the page was empty.
but im using it now on 21.02.7 and it works great

#!/bin/sh

## "atm" for old-school DSL or change to "DOCSIS" for cable modem, or "other" for everything else

LINKTYPE="ethernet"

WAN=pppoe-wan # change this to your WAN device name
UPRATE=90000 #change this to your kbps upload speed
LAN=br-lan
DOWNRATE=850000 #change this to about 80% of your download speed (in kbps)

## how many kbps of UDP upload and download do you need for your games
## across all gaming machines? 

GAMEUP=$((UPRATE*15/100+400))
GAMEDOWN=$((DOWNRATE*15/100+400))

## set this to "pfifo" or if you want to differentiate between game
## packets into 3 different classes you can use either "drr" or "qfq"
## be aware not all machines will have drr or qfq available

gameqdisc="pfifo"

GAMINGIP="192.168.1.216" ## change this



cat <<EOF

This script prioritizes the UDP packets from / to a set of gaming
machines into a real-time HFSC queue with guaranteed total bandwidth 

Based on your settings:

Game upload guarantee = $GAMEUP kbps
Game download guarantee = $GAMEDOWN kbps

Download direction only works if you install this on a *wired* router
and there is a separate AP wired into your network, because otherwise
there are multiple parallel queues for traffic to leave your router
heading to the LAN.

Based on your link total bandwidth, the **minimum** amount of jitter
you should expect in your network is about:

UP = $(((1500*8)*3/UPRATE)) ms

DOWN = $(((1500*8)*3/DOWNRATE)) ms

In order to get lower minimum jitter you must upgrade the speed of
your link, no queuing system can help.

Please note for your display rate that:

at 30Hz, one on screen frame lasts:   33.3 ms
at 60Hz, one on screen frame lasts:   16.6 ms
at 144Hz, one on screen frame lasts:   6.9 ms

This means the typical gamer is sensitive to as little as on the order
of 5ms of jitter. To get 5ms minimum jitter you should have bandwidth
in each direction of at least:

$((1500*8*3/5)) kbps

The queue system can ONLY control bandwidth and jitter in the link
between your router and the VERY FIRST device in the ISP
network. Typically you will have 5 to 10 devices between your router
and your gaming server, any of those can have variable delay and ruin
your gaming, and there is NOTHING that your router can do about it.

EOF




setqdisc () {
DEV=$1
RATE=$2
OH=38
MTU=1500
highrate=$((RATE*90/100))
lowrate=$((RATE*10/100))
gamerate=$3
useqdisc=$4


tc qdisc del dev "$DEV" root

case $LINKTOP in
    "atm")
	tc qdisc replace dev "$DEV" handle 1: root stab mtu 2047 tsize 512 mpu 68 overhead ${OH} linklayer atm hfsc default 3
	;;
    "DOCSIS")
	tc qdisc replace dev $DEV stab overhead ${OH} linklayer ethernet handle 1: root hfsc default 3
	;;
    *)
	tc qdisc replace dev $DEV stab overhead ${OH} linklayer ethernet handle 1: root hfsc default 3
	;;
esac
     



#limit the link overall:
tc class add dev "$DEV" parent 1: classid 1:1 hfsc ls m2 "${RATE}kbit" ul m2 "${RATE}kbit"

# high prio class
tc class add dev "$DEV" parent 1:1 classid 1:2 hfsc rt m1 "${highrate}kbit" d 80ms m2 "${gamerate}kbit"

# other prio class
tc class add dev "$DEV" parent 1:1 classid 1:3 hfsc ls m1 "${lowrate}kbit" d 80ms m2 "${highrate}kbit"


## set this to "drr" or "qfq" to differentiate between different game
## packets, or use "pfifo" to treat all game packets equally

REDMIN=$((gamerate*30/8)) #30 ms of data
REDMAX=$((gamerate*200/8)) #200ms of data

case $useqdisc in
    "pfifo")
	PFIFOLEN=$((1 + 20*RATE/(MTU*8))) # at least 1 packet, plus 10ms worth of additional packets
	tc qdisc add dev "$DEV" parent 1:2 handle 10: pfifo limit $PFIFOLEN
	## send game packets to 10:, they're all treated the same
	;;
	"sfq")
	tc qdisc add dev "$DEV" parent 1:2 handle 10: sfq perturb 5
	;;
	
esac
    echo "adding fq_codel qdisc for non-game traffic"
    tc qdisc add dev "$DEV" parent 1:3 handle 3: fq_codel


}


setqdisc $WAN $UPRATE $GAMEUP $gameqdisc

## uncomment this to do the download direction via output of LAN
setqdisc $LAN $DOWNRATE $GAMEDOWN $gameqdisc

## we want to classify packets, so use these rules

cat <<EOF

We are going to add classification rules via iptables to the
POSTROUTING chain. You should actually read and ensure that these
rules make sense in your firewall before running this script. 

Continue? (type y or n and then RETURN/ENTER)
EOF

read -r cont

if [ "$cont" = "y" ]; then

	service firewall restart

    nft flush chain inet fw4 mangle_postrouting
    nft add rule inet fw4 mangle_postrouting meta priority set 1:3 counter # default everything to 1:3,  the "non-game" qdisc
    if [ "$gameqdisc" = "$gameqdisc" ]; then
    
    
    nft add rule inet fw4 mangle_postrouting ip protocol udp ip saddr ${GAMINGIP} counter meta priority set 1:2
	
	nft add rule inet fw4 mangle_postrouting ip protocol udp ip daddr ${GAMINGIP} counter meta priority set 1:2
	
	
	
else
	echo "YOU MUST PLACE CLASSIFIERS FOR YOUR GAME TRAFFIC HERE"
	echo "SEND TRAFFIC TO 2:1 (high) or 2:2 (medium) or 3:3 (normal)"
    fi
else
    cat <<EOF
Check the rules and come back when you're ready.
EOF
fi

echo "DONE!"

tc -s qdisc

Try this very basic Script for FW4, works well.

with the same dependencies ??
thnx i'll look into it