Help on DSCP marking

thomas24 · April 22, 2024, 11:00pm

I've installed SQM and what I'm trying to do is classify manually the packets by marking them with DSCP marks. I want to priorize some ports with DSCP marking for an online game.

But something seems to be wrong in my config because the outbound packets are not marked as Wireshark shows:

Only the inbound packets are marked as CS7...

I'm using basic firewall traffic rules to mark them, do I need other way to mark them properly?

My custom rules for these ports:

## This is the rule that doesn't work, I can't mark the packets 
that outgoes from my IP LAN to the destination port of the game 
server

config rule
        option name 'Battlefield 3659'
        option family 'ipv4'
        list proto 'udp'
        option src_port '3659'
        option target 'DSCP'
        option set_dscp 'CS7'
        option dest 'wan'
        option src 'lan'
        list src_ip '192.168.1.3'

## This rule works, I can receive the packets from 
the game server to my PC marked as CS7

config rule
        option name 'Battlefield 25200'
        list proto 'udp'
        option src 'wan'
        option src_port '25200'
        option dest 'lan'
        option dest_port '3659'
        option target 'DSCP'
        option set_dscp 'CS7'
        list dest_ip '192.168.1.3'

Here is my SQM config:

config queue 'eth1'
        option enabled '1'
        option interface 'eth1'
        option download '839680'
        option upload '839680'
        option qdisc 'cake'
        option script 'piece_of_cake.qos'
        option linklayer 'ethernet'
        option debug_logging '0'
        option verbosity '5'
        option overhead '44'
        option linklayer_advanced '1'
        option tcMTU '2047'
        option tcTSIZE '128'
        option tcMPU '84'
        option linklayer_adaptation_mechanism 'default'
        option qdisc_advanced '1'
        option squash_dscp '0'
        option squash_ingress '0'
        option ingress_ecn 'ECN'
        option egress_ecn 'NOECN'

Be patient with me please, I started learning about SQM and DSCP a few days ago.

dave14305 · April 22, 2024, 11:07pm

Where are you capturing the Wireshark data? I speculate you’re capturing on the LAN interface before the firewall is re-marking the outbound packets.

thomas24 · April 22, 2024, 11:09pm

Yeah, you are right that's what I'm actually doing.

Should I capture them from a different way?

dave14305 · April 22, 2024, 11:14pm

You can capture on the WAN interface to confirm the outbound marks. But the other issue is your Inbound rule is ineffective because the firewall gets the inbound packet AFTER SQM has already classified and prioritized it. It looks good in a capture, but doesn’t influence SQM at all.

dave14305 · April 22, 2024, 11:23pm

The easiest way forward is to mark only outbound packets and use a script like cake-qos-simple to re-mark the related inbound packets.

moeller0 · April 23, 2024, 10:20am

Note if your game runs on Windows you might be able to set DSCPs directly on windows, but that still only affects packets from your gaming computer to the servers.

Quick note, some ISPs will only re-mark packets but some will drop CS7/CS6 packets directly, so maybe do not let these marls escape into your ISP's network (using cake's wash option) or pick a less problematic DSCP, like EF (which still lands in cake's highest priority tin).

thomas24 · April 23, 2024, 10:25pm

I have installed the script and it only works with the destination port of the game server. It only marks the packets of the game server port 25200 (inbound packets).

I still have the same problem, the 3659 client port (outbound packets) of my computer can't be marked with the specific DSCP value with this script, so I get CS0 DSCP with the 3659 source port to 25200 destination port.

I've read this:

By the way, with this approach you can set DSCPs in the router or in LAN clients (for upload), and then these will get automatically applied on download too.

The way this works is that any DSCP in an upload packet is stored to conntrack, and then that stored DSCP is also set on the download packet for the same connection (restored from conntrack).

For example this can be done in Windows like this:

GitHub

GitHub - lynxthecat/cake-qos-simple: Set up cake with DSCPs

Set up cake with DSCPs. Contribute to lynxthecat/cake-qos-simple development by creating an account on GitHub.

So it seems that the only way to mark source ports of my computer (outbound packets) is configuring Windows QoS as @Lynx and @moeller0 said...

That's true, I tried addying a policy in Windows QoS and yes, it marks now the outbound packets of my computer. So everything is marked correctly...

But the real question...is there a way to mark the packets that I send to the game server (outbound packets) without using Windows local policies?

dave14305 · April 23, 2024, 10:39pm

Using the firewall rule, and run your tcpdump capture on the router wan port. Are you using tcpdump on the router to capture packets? You should be if you want to see the outbound marks. If you're only capturing with Wireshark on the game machine, you won't see what the router is marking for outbound.

thomas24 · April 23, 2024, 10:53pm

I was obtaining the same result with my previous firewall rule.

This is what I obtain with tcpdump:

root@OpenWrt:~# tcpdump -i eth1 -vv

tcpdump: listening on eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:46:19.238585 IP (tos 0x0, ttl 63, id 2832, offset 0, flags [none], proto UDP (17), length 72)
    185.103.205.108.3659 > eade.xlgames.pro.25200: [udp sum ok] UDP, length 44

CS0 with the 3659 client port of my computer

root@OpenWrt:~# tcpdump -i ifb-eth1 -vv

tcpdump: listening on ifb-eth1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:43:43.893001 IP (tos 0x80, ttl 119, id 21046, offset 0, flags [none], proto UDP (17), length 452)
    eade.xlgames.pro.25200 > 185.103.205.108.3659: [udp sum ok] UDP, length 424

CS4 with the 25200 server port

dave14305 · April 23, 2024, 11:06pm

Can you provide the output of tc qdisc please? I wonder if CAKE is washing packets on egress?

thomas24 · April 23, 2024, 11:15pm

root@OpenWrt:~# tc qdisc

qdisc noqueue 0: dev lo root refcnt 2
qdisc mq 0: dev eth0 root
qdisc fq_codel 0: dev eth0 parent :4 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth0 parent :3 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth0 parent :2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth0 parent :1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc cake 1: dev eth1 root refcnt 5 bandwidth 800Mbit diffserv4 triple-isolate nat wash ack-filter split-gso rtt 100ms noatm overhead 0
qdisc ingress ffff: dev eth1 parent ffff:fff1 ----------------
qdisc mq 0: dev eth2 root
qdisc fq_codel 0: dev eth2 parent :4 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth2 parent :3 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth2 parent :2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth2 parent :1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc mq 0: dev eth3 root
qdisc fq_codel 0: dev eth3 parent :4 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth3 parent :3 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth3 parent :2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc fq_codel 0: dev eth3 parent :1 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 32Mb ecn drop_batch 64
qdisc noqueue 0: dev br-lan root refcnt 2
qdisc cake 8024: dev ifb4eth1 root refcnt 2 bandwidth 839680Kbit besteffort triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms noatm overhead 44 mpu 84
qdisc cake 1: dev ifb-eth1 root refcnt 2 bandwidth 800Mbit diffserv4 triple-isolate nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 0

Note: I'm only using CAKE in the WAN interface (eth1)

I don't know why I have 2 different queues established...

dave14305 · April 23, 2024, 11:19pm

So, yes, CAKE is washing the packets with CS0 after "tinning" them. You can be assured it's working on the outbound traffic if your inbound traffic is showing up as CS4. The script is saving the CS4 on the outbound packet, and applying it to the inbound reply packets. Magic.

If you want to be able to see it in tcpdump, update the script config file to add nowash to the cake_ul_options.

Likely you didn't stop and disable sqm before installing cake-qos-simple.

thomas24 · April 23, 2024, 11:35pm

That really worked!

Likely you didn't stop and disable sqm before installing cake-qos-simple.

That's something I didn't know, it was my first time installing/using a script

dave14305 · April 23, 2024, 11:36pm

We all learn it the hard way the first time.

Lynx · April 24, 2024, 5:32am

@thomas24 you can also inspect the tinning in respect of download and upload by running ‘service cake-qos-simple download’ and ‘service cake-qos-simple upload’.

system · May 4, 2024, 5:35am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.