How to mark DSCP to ports

I've latest snapshot installed on Raspberry Pi4 with Qosify package.
I'm using Cloudflare WARP+ VPN on my Android and I can easily assign dscp tags to it's ports in 00-defaults.conf file as follows:

udp:2408	gaming 
udp:500		gaming 
udp:1701	gaming 
udp:4500	gaming

It only works on ingress packets because ingress port remains the same. But for egress, ports change every time whenever I restart the VPN like this
192.168.1.101.48891 > 162.159.192.3.2408
after restart
192.168.1.101.45570 > 162.159.192.3.2408
after restart
192.168.1.101.34401 > 162.159.192.3.2408
after restart
192.168.1.101.53842 > 162.159.192.3.2408
after restart
192.168.1.101.60229 > 162.159.192.3.2408
after restart
192.168.1.101.55206 > 162.159.192.3.2408

My question is how to assign DSCP tags to these random source ports based on destination port(2408)?

Qosify works only based on the remote port (2408), not the local port.

Instead qosify, can it work in iptable?

It should already be classifying the ingress traffic from remote port 2408 as “gaming”. Why do you think it isn’t working?

03:40.332587 IP (tos 0x0, ttl 63, id 7393, offset 0, flags [DF], proto UDP (17), length 104)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 76
05:03:40.361451 IP (tos 0x0, ttl 63, id 7394, offset 0, flags [DF], proto UDP (17), length 130)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 102
05:03:40.364354 IP (tos 0x0, ttl 63, id 7395, offset 0, flags [DF], proto UDP (17), length 130)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 102
05:03:40.373311 IP (tos 0x0, ttl 63, id 7396, offset 0, flags [DF], proto UDP (17), length 130)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 102
05:03:40.374423 IP (tos 0x0, ttl 63, id 7397, offset 0, flags [DF], proto UDP (17), length 140)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 112
05:03:40.375728 IP (tos 0x0, ttl 63, id 7398, offset 0, flags [DF], proto UDP (17), length 130)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 102
05:03:40.379699 IP (tos 0x0, ttl 63, id 7399, offset 0, flags [DF], proto UDP (17), length 120)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 92

Because I don't see DSCP marks on egress? Ingress part is working though

You need to capture on the wan interface to see what Qosify has marked on egress.

1 Like

You're right. I see quite the opposite now

root@OpenWrt:~# tcpdump -nni pppoe-wan -v
05:53:38.285138 IP (tos 0x80, ttl 62, id 12813, offset 0, flags [DF], proto UDP (17), length 104)
    100.64.57.241.48891 > 162.159.192.3.2408: UDP, length 76
05:53:38.307357 IP (tos 0x80, ttl 62, id 12815, offset 0, flags [DF], proto UDP (17), length 93)
    100.64.57.241.48891 > 162.159.192.3.2408: UDP, length 65
05:53:38.312566 IP (tos 0x0, ttl 60, id 29062, offset 0, flags [DF], proto UDP (17), length 96)
    162.159.192.3.2408 > 100.64.57.241.48891: UDP, length 68

Now egress is tagged but not ingress. Why is that?

tcpdump on wan sees egress traffic already altered by Qosify, but for ingress it sees the traffic before Qosify acts. Opposite situation using tcpdump on lan.

1 Like