Well, we really should be looking at two simultaneous packet traces, one on br-lan and one on your wan interface. What we want to see is how/if the same packet looks on both sides... so the challenge is to figure out which external packets correspond to which internal packets. Also add tc -s qdisc output from begiining and end of the captures (to see which priority classes show increasing traffic)
What we expect is: what ever DSCP on the wan side appears should not matter (e.g. determine the number of packets in the priority tins) what atters should be how this packets is re-marked (which should be visible in br-lan unless you configured cake with the wash keyword).
1 Like
Try inspecting the inbound traffic with:
tcpdump -i br-lan -nvv dst net 192.168.1.0/24 and ! host 192.168.1.1
The last part avoids your local DNS and SSH traffic from clogging the output.
IPv6 would have to be done in a similar way using your own prefixes.
i get this tcpdump: eth0: That device doesn't support monitor mode
Sorry, iPad auto correct capitalized the i. Fixed above.
im not sure what do i have to set for 192.168.1.0/24 and host 192.168.1.1
my ip6 adress of my pc or the router ?
You can run:
. /lib/functions/network.sh
network_get_prefixes6 prefix wan6
echo $prefix
tcpdump -i br-lan -nvv dst net $prefix
qdisc cake 1: dev pppoe-wan root refcnt 2 bandwidth 6Mbit diffserv3 dual-srchost nat wash ack-filter split-gso rtt 100ms noatm overhead 34 mpu 68
Sent 3485621 bytes 4180 pkt (dropped 19, overlimits 3910 requeues 0)
backlog 0b 0p requeues 0
memory used: 54Kb of 4Mb
capacity estimate: 6Mbit
min/max network layer size: 40 / 1492
min/max overhead-adjusted size: 74 / 1526
average network hdr offset: 0
Bulk Best Effort Voice
thresh 375Kbit 6Mbit 1500Kbit
target 48.4ms 5ms 12.1ms
interval 143ms 100ms 107ms
pk_delay 0us 12.2ms 55us
av_delay 0us 8.52ms 1us
sp_delay 0us 767us 1us
backlog 0b 0b 0b
pkts 0 4193 6
bytes 0 3511074 1121
way_inds 0 16 0
way_miss 0 293 5
way_cols 0 0 0
drops 0 18 0
marks 0 0 0
ack_drop 0 1 0
sp_flows 0 2 1
bk_flows 0 1 0
un_flows 0 0 0
max_len 0 17126 413
quantum 300 300 300
qdisc ingress ffff: dev pppoe-wan parent ffff:fff1 ----------------
Sent 3347775 bytes 5041 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc cake 1: dev ifb-pppoe-wan root refcnt 2 bandwidth 22Mbit diffserv3 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 34 mpu 68
Sent 3338829 bytes 5034 pkt (dropped 7, overlimits 5160 requeues 0)
backlog 0b 0p requeues 0
memory used: 89280b of 4Mb
capacity estimate: 22Mbit
min/max network layer size: 35 / 1492
min/max overhead-adjusted size: 69 / 1526
average network hdr offset: 0
Bulk Best Effort Voice
thresh 1375Kbit 22Mbit 5500Kbit
target 13.2ms 5ms 5ms
interval 108ms 100ms 100ms
pk_delay 0us 151us 14us
av_delay 0us 27us 0us
sp_delay 0us 10us 0us
backlog 0b 0b 0b
pkts 0 5037 4
bytes 0 3347302 473
way_inds 0 18 0
way_miss 0 327 4
way_cols 0 0 0
drops 0 7 0
marks 0 0 0
ack_drop 0 0 0
sp_flows 0 1 0
bk_flows 0 1 0
un_flows 0 0 0
max_len 0 1492 257
quantum 300 671 300
this is after i saw many 0x80 ip6 marks on ingress so i think its working.
Can´t get it to work
root@OpenWrt:~# /lib/functions/network
-ash: /lib/functions/network: not found
root@OpenWrt:~# network_get_prefixes6 prefix wan6
-ash: network_get_prefixes6: not found
root@OpenWrt:~# echo $prefix
root@OpenWrt:~# tcpdump -i br-lan -nvv dst net $prefix
I need to stop typing on an iPad. Fixed above. Donât forget the dot on the first line.
TOS 0x80 -> CS4, but in diffserv3 this will end up in BestEffort anyway (as would CS0), so this really does not tell us much about what happened, no?
1 Like
i get the same error with the dot
root@OpenWrt:~# . /lib/functions/network.sh
root@OpenWrt:~# network_get_prefixes6 prefix wan6
root@OpenWrt:~# echo $prefix
root@OpenWrt:~# tcpdump -i br-lan -nvv dst net $prefix
tcpdump: can't parse filter expression: syntax error
root@OpenWrt:~#
so i guess my solution is to just use the script with diffserv3 instead of diffserv4
With pppoe, your WAN interface might be wan_6 or WAN_6, instead of wan6.
thats what i get:
. /lib/functions/network.sh
network_get_prefixes6 prefix wan_6
echo $prefix
tcpdump -i br-lan -nvv dst net $prefix
03:43:36.471535 IP6 (hlim 60, next-header UDP (17) payload length: 790) 2a00:1450:4001:831::200a.443 > 2001:a62:1464:f500:f0f6:b810:3cf:d7f7.53658: [udp sum ok] UDP, length 782
03:43:36.471842 IP6 (hlim 60, next-header UDP (17) payload length: 204) 2a00:1450:4001:831::200a.443 > 2001:a62:1464:f500:f0f6:b810:3cf:d7f7.53658: [udp sum ok] UDP, length 196
03:43:36.482587 IP6 (hlim 60, next-header UDP (17) payload length: 134) 2a00:1450:4001:831::200a.443 > 2001:a62:1464:f500:f0f6:b810:3cf:d7f7.53658: [udp sum ok] UDP, length 126
03:43:36.485295 IP6 (hlim 60, next-header UDP (17) payload length: 37) 2a00:1450:4001:831::200a.443 > 2001:a62:1464:f500:f0f6:b810:3cf:d7f7.53658: [udp sum ok] UDP, length 29
03:43:36.501872 IP6 (hlim 60, next-header UDP (17) payload length: 1234) 2a00:1450:4001:831::200a.443 > 2001:a62:1464:f500:f0f6:b810:3cf:d7f7.53658: [udp sum ok] UDP, length 1226
03:43:36.502311 IP6 (hlim 60, next-header UDP (17) payload length: 1238) 2a00:1450:4001:831::200a.443 > 2001:a62:1464:f500:f0f6:b810:3cf:d7f7.53658: [udp sum ok] UDP, length 1230
03:43:36.502760 IP6 (hlim 60, next-header UDP (17) payload length: 1238) 2a00:1450:4001:831::200a.443 > 2001:a62:1464:f500:f0f6:b810:3cf:d7f7.53658: [udp sum ok] UDP, length 1230
Does the script use cakes default settings here if i delete keywords? @Lynx
vi /etc/init.d/cake-qos-simple
cake_ul_options="diffserv4 triple-isolate nat wash ack-filter noatm overhead 0"
cake_dl_options="diffserv4 triple-isolate nat nowash ingress no-ack-filter noatm overhead 0"
And is it correct to delete the br-guest and the xx,yy or should i just don´t touch it? @Lynx
vi /usr/share/nftables.d/ruleset-post/cake-qos-simple.nft
# local interfaces
define IFACE_NAMES = {
br-lan,
br-guest
}
# local MAC addresses to set to bulk (e.g. IoT devices)
#define BULK_MACS = {
# XX,
# YY
#}
Sorry for the late response - there have been many updates pushed to the cake-qos-simple repository. You might like to check out the latest code and let us know how you get on. Though I should indicate that I'm no longer sure that scrubbing ECN bits is a good idea.
I tryed it a couple of times this morning but it didn´t work. Egress marking worked but not the other direction while looking at tcpdump -i br-lan -vv. There was no traffic in the high priority tins in service cake-qos-simple download and service cake-qos-simple upload even tho my br-lan egress traffic showed the outgoing dscps.
After deleting the mac adress i got a syntax error or something like that. I tryed to generate a new config file with service cake-qos-simple gen_config but it just saves a nother file gen_config_1 so it doesn´t overwrite the "old" one i broke while deleting the mac.
And if i try to monitor tcpdump -i ifb-pppoe-wan -vv i see wierd blocks of numbers and no usefull information at least for me but even if it looked like it didn´t work, it felt smooth. Maybe my isp doen´t like ecn idk or it is working but i can´t monitor it right.
The idea is that you amend the config, then generate using gen_nft_rules the corresponding nft file for those rules. You don't need to delete the single bulk MAC. Just leave it there.
Have you checked that you have all the dependencies?
yes i set up cake and i also created the registry key in windows.
Output tc -s filter show dev wan and tc -s filter show dev ifb-wan?
These commands were not in the README.md what do they do or show ? I flashed my device, can´t test atm.
Does the marking work on your end ?