How to mark DSCP to ports

AlanDias17 · September 22, 2022, 11:55pm

I've latest snapshot installed on Raspberry Pi4 with Qosify package.
I'm using Cloudflare WARP+ VPN on my Android and I can easily assign dscp tags to it's ports in 00-defaults.conf file as follows:

udp:2408	gaming 
udp:500		gaming 
udp:1701	gaming 
udp:4500	gaming

It only works on ingress packets because ingress port remains the same. But for egress, ports change every time whenever I restart the VPN like this
192.168.1.101.48891 > 162.159.192.3.2408
after restart
192.168.1.101.45570 > 162.159.192.3.2408
after restart
192.168.1.101.34401 > 162.159.192.3.2408
after restart
192.168.1.101.53842 > 162.159.192.3.2408
after restart
192.168.1.101.60229 > 162.159.192.3.2408
after restart
192.168.1.101.55206 > 162.159.192.3.2408

My question is how to assign DSCP tags to these random source ports based on destination port(2408)?

dave14305 · September 23, 2022, 12:04am

Qosify works only based on the remote port (2408), not the local port.

AlanDias17 · September 23, 2022, 12:04am

Instead qosify, can it work in iptable?

dave14305 · September 23, 2022, 12:10am

It should already be classifying the ingress traffic from remote port 2408 as “gaming”. Why do you think it isn’t working?

AlanDias17 · September 23, 2022, 12:14am

03:40.332587 IP (tos 0x0, ttl 63, id 7393, offset 0, flags [DF], proto UDP (17), length 104)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 76
05:03:40.361451 IP (tos 0x0, ttl 63, id 7394, offset 0, flags [DF], proto UDP (17), length 130)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 102
05:03:40.364354 IP (tos 0x0, ttl 63, id 7395, offset 0, flags [DF], proto UDP (17), length 130)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 102
05:03:40.373311 IP (tos 0x0, ttl 63, id 7396, offset 0, flags [DF], proto UDP (17), length 130)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 102
05:03:40.374423 IP (tos 0x0, ttl 63, id 7397, offset 0, flags [DF], proto UDP (17), length 140)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 112
05:03:40.375728 IP (tos 0x0, ttl 63, id 7398, offset 0, flags [DF], proto UDP (17), length 130)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 102
05:03:40.379699 IP (tos 0x0, ttl 63, id 7399, offset 0, flags [DF], proto UDP (17), length 120)
    192.168.1.101.56448 > 162.159.192.3.2408: UDP, length 92

Because I don't see DSCP marks on egress? Ingress part is working though

dave14305 · September 23, 2022, 12:16am

You need to capture on the wan interface to see what Qosify has marked on egress.

AlanDias17 · September 23, 2022, 12:27am

You're right. I see quite the opposite now

root@OpenWrt:~# tcpdump -nni pppoe-wan -v
05:53:38.285138 IP (tos 0x80, ttl 62, id 12813, offset 0, flags [DF], proto UDP (17), length 104)
    100.64.57.241.48891 > 162.159.192.3.2408: UDP, length 76
05:53:38.307357 IP (tos 0x80, ttl 62, id 12815, offset 0, flags [DF], proto UDP (17), length 93)
    100.64.57.241.48891 > 162.159.192.3.2408: UDP, length 65
05:53:38.312566 IP (tos 0x0, ttl 60, id 29062, offset 0, flags [DF], proto UDP (17), length 96)
    162.159.192.3.2408 > 100.64.57.241.48891: UDP, length 68

Now egress is tagged but not ingress. Why is that?

dave14305 · September 23, 2022, 12:29am

tcpdump on wan sees egress traffic already altered by Qosify, but for ingress it sees the traffic before Qosify acts. Opposite situation using tcpdump on lan.

system · October 3, 2022, 12:29am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.