Help me update my HFSC shaper scripts for fw4/nftables

yes i has exactly make that in modern 2 and 3 and doesn't work

me too in the past work but now no

I'm pretty sure your bandwidth isn't 50 Gigabits per second... so it's probably some measurement problem in the game.

Hi, I am trying to reinstall this script but I have a problem, I am on my x86 machine with the latest official version and every time I want to load the script I get disconnected and without access to the machine. Does anyone know if anything has been updated that causes this problem? Previously on my other routers I had no problem loading this script nor the previous one based on iptables. Thanks

Just a guess… Do you have docker installed?

No, I use a clean install only the necessary packages. It is curious that it only happens to me with this script.

I was asking because docker enables bridge firewalling and this could interfere with the veth setup in this script…

Did you follow the instructions on the GitHub repository and also made sure you are on the right branch? The right branch is „nftables“ not „master“

Yes, I am using nftables, I seem to remember that I have configured this script before on another device. I don't understand what could be happening now but I just run the script and I'm offline.

Can you post the script with the settings you’re having issues?

Also post the output of:

ubus call system board; 
uci export network; uci export firewall;

Please make sure to redact sensitive information

Ok, as soon as I can I will send you a picture with the configuration.

Tried this too. i get disconnected also.

Zia

Hi, my configuration is basic I simply add pppoe-wan to my wan interface and br-lan to my lan interface.

In the dscptag.nft file I just add my wan interface which is pppoe-wan.

Once I load the script or reboot the router it stops working and I can't access it.

It is very strange since I have had this script working on another occasion with another router and an older version.

Are you using veth, or have you tried using veth? Also do you have the appropriate packages installed including the hfsc qdisc etc?

Hi, I also tried with veth and there is no way, every time I want to load the script I have to install again from factory because I can not enter with 192.168.1.1

The packages I install are the ones indicated in the forum.

I haven’t used the script in a while, but I wanted to know if I could get it to work and the first thing I noticed was that the readme in the nftables branch is a bit misleading. In the beginning of the readme the link points to the dscptag.sh of the (iptables) master branch and also the file should be placed under /usr/share/nftables.d/ruleset-post/ and not /etc

With the following steps I could get it to work on a openwrt vm.

  1. Log into your OpenWrt router and make sure the following packages are installed:
  • kmod-sched
  • ip-full
  • kmod-veth
  • tc
  1. Download all relevant files to the right folders:
wget -O /etc/SimpleHFSCgamerscript.sh https://raw.githubusercontent.com/dlakelan/routerperf/nftables/SimpleHFSCgamerscript.sh && chmod a+x /etc/SimpleHFSCgamerscript.sh

wget -O /etc/hotplug.d/iface/13-SimpleHFSCGamerScriptHotplug https://raw.githubusercontent.com/dlakelan/routerperf/nftables/13-SimpleHFSCGamerScriptHotplug

mkdir -p /usr/share/nftables.d/ruleset-post/ && wget -O /usr/share/nftables.d/ruleset-post/dscptag.nft https://raw.githubusercontent.com/dlakelan/routerperf/nftables/dscptag.nft
  1. Edit edit SimpleHFSCgamerscript.sh under:
/etc/SimpleHFSCgamerscript.sh

to set your WAN and LAN interfaces, your network speeds, and the speed you reserve for your game (GAMEUP and GAMEDOWN)

  1. edit the dscptag.nft script under:
/usr/share/nftables.d/ruleset-post/dscptag.nft

to include your gaming boxes in the set of ips that is prioritized for UDP:
if you want to use netem also grab the files in tc-dists folder and place in /usr/lib/tc on your router

  1. In LUCI add a new interface called veth
    • Add new interface
    • Name: veth
    • Protocol: Unmanaged
    • Device: lanveth
    • In the custom field just type “lanveth” and hit enter


    • Create Interface
    • Firewall settings: assign firewall-zone = LAN
    • Save & Apply

  2. Run the script

/etc/SimpleHFSCgamerscript.sh

I will give it another try as soon as I get home but I have to say that this is how I do it and I always get the same thing. I will try to use with a virtual machine in proxmox.

define realtime4 = {192.168.1.2} # example, just add all your game console here

Do you add the extra ip in the same line .i have 2 pc and ps5?
Sry for the noob question

Also if you want go back to defualt you just delete all files folders?

Zia

Generally, maybe an easy to use install/unistall script for the first use would help new users? Something like this:

Summary

install.sh

#!/bin/sh

echo "Starting the installation process..."

# Checking and installing required packages
REQUIRED_PACKAGES="kmod-sched ip-full kmod-veth tc"
for pkg in $REQUIRED_PACKAGES; do
    if ! opkg list-installed | grep -q "^$pkg "; then
        echo "Installing $pkg..."
        opkg update && opkg install "$pkg"
    fi
done

echo "Downloading and setting up scripts..."

# Download and set execution permissions for the scripts
wget -O /etc/SimpleHFSCgamerscript.sh https://raw.githubusercontent.com/dlakelan/routerperf/nftables/SimpleHFSCgamerscript.sh && chmod a+x /etc/SimpleHFSCgamerscript.sh
wget -O /etc/hotplug.d/iface/13-SimpleHFSCGamerScriptHotplug https://raw.githubusercontent.com/dlakelan/routerperf/nftables/13-SimpleHFSCGamerScriptHotplug
mkdir -p /usr/share/nftables.d/ruleset-post/ && wget -O /usr/share/nftables.d/ruleset-post/dscptag.nft https://raw.githubusercontent.com/dlakelan/routerperf/nftables/dscptag.nft

echo "Configuring veth interface..."

# Configure the veth interface
uci set network.veth=interface
uci set network.veth.proto='none'
uci set network.veth.ifname='lanveth'
uci set network.veth.device='lanveth'
uci commit network

echo "Checking for LAN firewall zone and adding veth interface if it exists..."

LAN_ZONE_NAME=$(uci show firewall | grep -E "firewall.@zone\[.*\].name='lan'" | cut -d'.' -f2)
if [ ! -z "$LAN_ZONE_NAME" ]; then
    uci add_list firewall.$LAN_ZONE_NAME.network='veth'
    uci commit firewall
    /etc/init.d/firewall reload
    echo "veth interface added to LAN firewall zone."
else
    echo "LAN firewall zone does not exist, skipping addition."
fi

echo "Reloading network service..."
/etc/init.d/network reload

echo "Installation completed successfully!"

uninstall.sh

#!/bin/sh

echo "Starting the uninstallation process..."

echo "Removing specific scripts..."

# Remove the specific script and its configuration
rm -f /etc/SimpleHFSCgamerscript.sh
rm -f /etc/hotplug.d/iface/13-SimpleHFSCGamerScriptHotplug
rm -f /usr/share/nftables.d/ruleset-post/dscptag.nft

echo "Removing veth interface configuration..."

# Remove the veth interface configuration
uci delete network.veth
uci commit network

echo "Checking for LAN firewall zone to remove veth interface..."

LAN_ZONE_NAME=$(uci show firewall | grep -E "firewall.@zone\[.*\].name='lan'" | cut -d'.' -f2)
if [ ! -z "$LAN_ZONE_NAME" ]; then
    uci del_list firewall.$LAN_ZONE_NAME.network='veth'
    uci commit firewall
    /etc/init.d/firewall reload
    echo "veth interface removed from LAN firewall zone."
else
    echo "LAN firewall zone does not exist, skipping removal."
fi

echo "Reloading network service..."
/etc/init.d/network reload

echo "Uninstallation completed successfully!"

Here is how you can use it:

Download the Installation Script: Once logged into your router, enter the following command to download the installation script to the root directory:

cd /root
wget https://raw.githubusercontent.com/dlakelan/routerperf/master/install.sh && chmod +x install.sh

Run the Installation Script: Execute the script by typing:

./install.sh

The script will automatically handle the installation process, including downloading necessary files, setting up the veth interface, and adding it to the LAN firewall zone.

Uninstallation Guide

If you wish to revert the changes made by the installation script, follow these steps:

  1. Download the Uninstallation Script: Use the following command to download the uninstallation script to the root directory:
cd /root
wget https://raw.githubusercontent.com/dlakelan/routerperf/master/uninstall.sh && chmod +x uninstall.sh

Run the Uninstallation Script: Execute the script by typing:

./uninstall.sh

The script will remove the configurations applied during the installation, including removing the veth interface from the network and firewall configurations.

After installing you will still have to edit the files according to your needs…

  1. Edit edit SimpleHFSCgamerscript.sh under:
/etc/SimpleHFSCgamerscript.sh

to set your WAN and LAN interfaces, your network speeds, and the speed you reserve for your game (GAMEUP and GAMEDOWN)

  1. edit the dscptag.nft script under:
/usr/share/nftables.d/ruleset-post/dscptag.nft
  1. Run the script
/etc/SimpleHFSCgamerscript.sh

yes, just comma seperated like this:

define realtime4 = {192.168.109.1, 192.168.109.2} # example, just add all your game console here

just delete the files manually and reboot or use my uninstall script

Blockquote

thank you very much, appreciate your help
will give a try

Zia

Thanks for your install and uninstall scripts. I've added them to the repo and put a description with a link to your post for those who want to use them.

I've also merged nftables branch to master so that by default that's what people see. Few people should be using the old iptables version.

1 Like