Iptables script PSN specific

Pieced this together along with some of my own thoughts and is really good for me but now want to get the opinion of others appreciate any ideas, criticism or feedback

/root/dscp.sh

#!/bin/bash -x

IPT="iptables"

#    Latency Sensitive  (CS7, CS6, EF, VA, CS5, CS4)
#	 Streaming Media    (AF4x, AF3x, CS3, AF2x, TOS4, CS2, TOS1)
#	 Best Effort        (CS0, AF1x, TOS2, and those not specified)
#	 Background Traffic (CS1)

$IPT -t mangle -N dscp_mark > /dev/null 2>&1
$IPT -t mangle -F dscp_mark
$IPT -t mangle -A dscp_mark -i wan -j DSCP --set-dscp-class CS0
$IPT -t mangle -A dscp_mark -s 192.168.1.0/24 -j DSCP --set-dscp-class CS0

iptmark(){
    $IPT -t mangle -A dscp_mark "$@"
}

## check if POSTROUTING already exits then jumps to our tables if not, add them
$IPT -t mangle -L POSTROUTING -n | grep dscp_mark || $IPT -t mangle -A POSTROUTING -j dscp_mark

sport1="3658"
sport2="9305:9308"
sport3="3074:3079"
dport1="3478:3479"
dport2="9305:9308"
dport3="1117,1247,3074:3079,3893,7130,7463"

$IPT -t mangle -A PREROUTING -m set --match-set latsens srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS4 ## set dscp tag for our (latsens) ipset
$IPT -t mangle -A PREROUTING -m set --match-set streaming srcip,srcport,dstip,dstport -j DSCP --set-dscp-class AF32 ## set dscp tag for our (streaming) ipset
$IPT -t mangle -A PREROUTING -m set --match-set usrcdn srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS1 ## set dscp tag for our (usrcdn) ipset
$IPT -t mangle -A PREROUTING -p tcp -m set --match-set bulk srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS0 ## set dscp tag for our (bulk) ipset
$IPT -t mangle -A PREROUTING -m set --match-set network srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS3 ## set dscp tag for our (network) ipset
$IPT -t mangle -A PREROUTING -p udp -s 192.168.1.186 ! --dport 443 -m comment --comment "PS4 Pro Device" -j DSCP --set-dscp-class CS4
$IPT -t mangle -A PREROUTING -p udp -m multiport --sports $sport1 -m multiport --dports $dport1,$dport2 -j DSCP --set-dscp-class CS4 -m comment --comment "psn gaming ports"

iptmark -p tcp -m hashlimit --hashlimit-name tcp_high_prio --hashlimit-upto 300/second --hashlimit-burst 150 --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-rate-match --hashlimit-rate-interval 1 -j DSCP --set-dscp-class CS4 -m comment --comment "small tcp connection gets CS4"
iptmark -p udp -m udp -m multiport --sports $sport1,$sport3 -m multiport --dports $dport2,$dport3 -m comment --comment "psn udp cs4" -j DSCP --set-dscp-class CS4
iptmark -p udp -m udp -m multiport --sports $sport2 -m multiport --dports $dport1 -m comment --comment "psn stun udp AF41" -j DSCP --set-dscp-class AF41
iptmark -p udp -m udp -m multiport --sports $sport1,$sport2 -m set ! --match-set latsens srcip,srcport -j DSCP --set-dscp-class CS4 -m comment --comment "psn udp cs4 sports latsens"
iptmark -p udp -m udp -m multiport --dports $dport2,$dport3 -m set ! --match-set latsens dstip,dstport -j DSCP --set-dscp-class CS4 -m comment --comment "psn udp cs4 dports latsens"

iptmark -p udp -m udp -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name udp_low_prio --hashlimit-above 150/second --hashlimit-burst 100 -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for low priority udp"
iptmark -p udp -m connmark ! --mark 0x55 -m connbytes --connbytes 1000: --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS1 -m comment --comment "large udp connection gets CS1"
iptmark -p tcp -m set --match-set bulk srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
iptmark -p tcp -m connbytes --connbytes 9375:187500 --connbytes-dir reply --connbytes-mode bytes -j DSCP --set-dscp-class CS1
iptmark -p tcp -m connbytes --connbytes 187500: --connbytes-dir reply --connbytes-mode bytes -j DSCP --set-dscp-class CS0

ackrate=125

iptmark -p tcp -m tcp --tcp-flags ALL ACK -o wan -m length --length 1:100 -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name ackfilter1 --hashlimit-above "${ackrate}/second" --hashlimit-burst $ackrate --hashlimit-rate-match --hashlimit-rate-interval 1 -m statistic --mode random --probability .5 -j DROP
iptmark -p tcp -m tcp --tcp-flags ALL ACK -o wan -m length --length 1:100 -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name ackfilter2 --hashlimit-above "$((ackrate*2))/second" --hashlimit-burst $ackrate --hashlimit-rate-match --hashlimit-rate-interval 1 -m statistic --mode random --probability .5 -j DROP
iptmark -p tcp -m tcp --tcp-flags ALL ACK -o wan -m length --length 1:100 -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name ackfilter3 --hashlimit-above "$((ackrate*3))/second" --hashlimit-burst $ackrate --hashlimit-rate-match --hashlimit-rate-interval 1 -m statistic --mode random --probability .5 -j DROP
iptmark -p tcp -m tcp --tcp-flags ALL ACK -o wan -m length --length 1:100 -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name ackfilter4 --hashlimit-above "$((ackrate*4))/second" --hashlimit-burst $ackrate --hashlimit-rate-match --hashlimit-rate-interval 1 -m statistic --mode random --probability .5 -j DROP

iptmark -p tcp -m tcp --tcp-flags ALL SYN -m length --length 0:500 -j DSCP --set-dscp-class CS4
iptmark -p tcp -m tcp --tcp-flags ALL ACK -m length --length 0:125 -j DSCP --set-dscp-class CS4

iptmark -m dscp ! --dscp  24 -m dscp ! --dscp  18 -m dscp ! --dscp  34 -m dscp ! --dscp  40 -m dscp ! --dscp  48 -m length --length 0:500 -j DSCP --set-dscp-class CS4 -m comment --comment "Flow contol AF32"
iptmark -m dscp ! --dscp  24 -m dscp ! --dscp  18 -m dscp ! --dscp  34 -m dscp ! --dscp  40 -m dscp ! --dscp  48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS4 -m comment --comment "multi purpose connection gets AF32"

iptmark -p udp -m udp -m multiport --dports 53,5300 -m set ! --match-set network dstip,dstport -j DSCP --set-dscp-class CS3 -m comment --comment "dns connection and network ipset gets CS4"

iptmark -p udp -m udp -m multiport --port 123 -j DSCP --set-dscp-class CS5 -m comment --comment "NTP udp"

iptmark -p icmp -j DSCP --set-dscp-class CS5 -m comment --comment "ICMP-pings"

/etc/dnsmasq.conf... I use this to minimize priority to other connections and also to prioritize gaming cdn servers although I do need to clean this up a bit but is a good example I think

##CS4
ipset=/zcure-blr-ps4-east-us.hardsuitlabs.com/latsens

##CS3
ipset=/*.res.spectrum.com/Fortune-3.lan/network
ipset=/service.playstation.net/ps4.np.playstation.net/34-213-59-198-pushcl.np.communication.playstation.net/*.np.communication.playstation.net/sie.com/*.sie.com/network
ipset=/pspro.lan/network
ipset=/*.rockstargames.com/network

##CS1
ipset=/party.rnps.dl.playstation.net/googletagmanager.com/googleusercontent.com/clients4.google.com/*.googleusercontent.com/google.com/fbcdn.net/*.fbcdn.net/akamaihd.net/*.akamaihd.net/whatsapp.net/*.whatsapp.net/whatsapp.com/*.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/*.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn

##CS0
# Youtube is also isolated by my isp
ipset=/g.live.com/googlevideo.com/*.googlevideo.com/rr1---sn-vgqskned.googlevideo.com/rr2---sn-vgqskned.googlevideo.com/rr3---sn-vgqskned.googlevideo.com/rr4---sn-vgqskned.googlevideo.com/bulk
# AmazonVideo
ipset=/s3.ll.dash.row.aiv-cdn.net/aiv-delivery.net/amazonaws.com/bulk
# Facebook
ipset=/fbcdn.net/bulk
# Twitch
ipset=/ttvnw.net/bulk
# VeVo
ipset=/vevo.com/events.cid.samba.tv/bulk
# Spotify
ipset=/audio-fa.scdn.cot/oldtv.lan/streaming
# Deezer
ipset=/deezer.com/bulk
# SoundCloud
ipset=/sndcdn.com/bulk
# last.fm
ipset=/last.fm/bulk
#reddit videos
ipset=/v.redd.it/bulk
#twitch.tv
ipset=/ttvnw.net/par10s27-in-f206.1e100.net/bulk
#Netflix
ipset=/*nflxvideo*/nrdp.prod.ftl.netflix.com/secure.netflix.com/occ-0-132-1239.1.nflxso.net/bulk
ipset=/*.googlevideo.com/bulk
ipset=/*.amazon.com/bulk
ipset=/download.qq.com/bulk
ipset=/*.1drv.*/bulk
ipset=/*.onedrive.*/bulk
ipset=/*.mega.*/bulk
ipset=/*.steamcontent.*/bulk
ipset=/*.tiktok.*/frontier.us.tiktokv.com/*.us.tiktokv.com/Bedroom.lan/Fortune-3.lan/sonytv.lan/lds-ldr-production.tvinteractive.tv/bulk
ipset=/*.ttvnw.*/bulk
ipset=/api.amazonalexa.com/tvmeta-dynamic.tvinteractive.tv/events.cid.samba.tv/service-stitcher.clusters.pluto.tv/siloh-fs.plutotv.net/plutotv.com/k.pluto.tv/siloh.pluto.tv/*.pluto.tv/*.1.oca.nflxvideo.net/ord37s24-in-f8.1e100.net/api-global.netflix.com/*.netflix.com/bulk
# Steam Download
ipset=/steamcontent.com/bulk
# PSN Download
ipset=/gs2.ww.prod.dl.playstation.net/clientsettingscdn.roblox.com/ecsv2.roblox.com/*.roblox.com/.ubisoft.com/bulk
# DropBox
ipset=/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/*dropboxusercontent*/*drive.google*/bulk
# Google Drive
ipset=/drive.google.com/drive-thirdparty.googleusercontent.com/bulk
# Google Docs
ipset=/docs.google.com/docs.googleusercontent.com/bulk
# PlayStore Download
ipset=/gvt1.com/bulk
# WhatsApp Files
ipset=/mmg-fna.whatsapp.net/bulk
# Youtube Upload
ipset=/upload.youtube.com/upload.video.google.com/bulk
# WindowsUpdate
ipset=/windowsupdate.com/update.microsoft.com/bulk

Also added /etc/iproute2/rt_dsfields

# Differentiated field values
# These include the DSCP and unused bits
0x0     default
CS0	000000	0	[RFC2474]
CS1	001000	8	[RFC2474]
CS2	010000	16	[RFC2474]
CS3	011000	24	[RFC2474]
CS4	100000	32	[RFC2474]
CS5	101000	40	[RFC2474]
CS6	110000	48	[RFC2474]
CS7	111000	56	[RFC2474]
AF11	001010	10	[RFC2597]
AF12	001100	12	[RFC2597]
AF13	001110	14	[RFC2597]
AF21	010010	18	[RFC2597]
AF22	010100	20	[RFC2597]
AF23	010110	22	[RFC2597]
AF31	011010	26	[RFC2597]
AF32	011100	28	[RFC2597]
AF33	011110	30	[RFC2597]
AF41	100010	34	[RFC2597]
AF42	100100	36	[RFC2597]
AF43	100110	38	[RFC2597]
EF	101110	46	[RFC3246]
VOICE-ADMIT	101100	44

Firewall pics... kids pissed me off so made all streaming bulk for now also put everyone else on guest_network to limit priority and use of upnp...

image1662×573 32.6 KB

image1657×611 33.4 KB

image1616×881 52.6 KB

image1638×886 56.7 KB

image1647×555 29 KB

also 5ms dns with adguardhome...

image632×675 31.1 KB

Your ISP honors marked packets?

I don't know how to know for sure but it must..

You'd be surprised...

What the hell is this?

I just post my usual prioritization remark:
The way prioritization wiorks is that for every packet that gets treated preferentially (with lower delay) other packet(s) will need to be treated worse than average. This generally will work well if there are only few packets in higher priority classes and enough packets in BestEffort (and Bulk) that can be "moved out of the way" of the higher priority packets. Put differently if you try to put all packets in the same priority tin, this is equivalent to not use prioritization at all.

From looking at the rule set, I see a lot of elaborate rules and sets, but I have no intuition whether the total traffic in tins higher than BestEffort is an acceptable fraction of th whole or not.

Im at work so cant do any tests at the moment but what do you need to see?

All I know is I've tested a lot of scripts and tried many different things this is the best connection I've ever had.. will you please elaborate because if it doesn't do anything then I'm crazy if I disable it and play any game on the PlayStation Network I'm not happy.. if I have it enabled I kill everything that walks the Earth

hi,

usually ISP's do not give a f.ck what you set as egress DSCP as they manage their own network as they want so they usually ignore. just imagine if they would honor millions of different end user configurations ...

if your experience is that it is better with this config for you then be happy. whole traffic control is an endless journey with millions of uncontrolled variables you may not even know about so playing with iptables / sqm scripts / qosify etc ... treat it as a game: you may win at the end. or feel like winning

anyhow, it is your router, your PS, your internet - most probably this is the best configuration for you! use it.

Sure, the ISP will not configure their side of the link to follow your marks. Not unless you pay them something extra in the form of a business connection with guaranteed throughput and tight SLAs.
Why? Because it is extra trouble for them for no reason at all.
So no, they are not going to waste resources to read the marks and to respect your classification, they'll just reset any classification, forward your packets in the same sequence they got them, and try to be fair among you and the other subscribers of the residential package.

Well that makes sense then because I do have business internet LMAO also I've been a contractor before for many isps like Spectrum in Comcast Time Warner not that I know how they handle the packets but i doI know everything back to the fiber node or used to...

root@OpenWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc mq 0: dev eth0 root
 Sent 4478 bytes 31 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 parent :8 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev eth0 parent :7 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev eth0 parent :6 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev eth0 parent :5 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev eth0 parent :4 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev eth0 parent :3 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev eth0 parent :2 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev eth0 parent :1 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 4478 bytes 31 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc mq 0: dev eth1 root
 Sent 1810654115 bytes 13583840 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 0: dev eth1 parent :8 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15220Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev eth1 parent :7 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15220Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev eth1 parent :6 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15220Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev eth1 parent :5 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15220Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev eth1 parent :4 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15220Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev eth1 parent :3 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15220Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev eth1 parent :2 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15220Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev eth1 parent :1 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 1810654115 bytes 13583840 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 621760b of 15220Kb
 capacity estimate: 0bit
 min/max network layer size:           50 /    1494
 min/max overhead-adjusted size:       50 /    1494
 average network hdr offset:           22

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us         70us          4us
  av_delay          0us         10us          2us
  sp_delay          0us          1us          1us
  backlog            0b           0b           0b
  pkts                0     13583371          469
  bytes               0   1810630653        23462
  way_inds            0      1906643            0
  way_miss            0        40187            2
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            4            1
  bk_flows            0            1            0
  un_flows            0            0            0
  max_len             0         1494           62
  quantum          1514         1514         1514

qdisc noqueue 0: dev lan4 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan3 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan2 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan1 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 8006: dev wan root refcnt 2 bandwidth 35Mbit diffserv4 dual-srchost nat wash ack-filter split-gso rtt 100ms noatm overhead 22 mpu 64
 Sent 1701978873 bytes 13583811 pkt (dropped 5576, overlimits 1980737 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 647488b of 4Mb
 capacity estimate: 35Mbit
 min/max network layer size:           28 /    1472
 min/max overhead-adjusted size:       64 /    1494
 average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh       2187Kbit       35Mbit    17500Kbit     8750Kbit
  target         8.15ms          5ms          5ms          5ms
  interval        103ms        100ms        100ms        100ms
  pk_delay       3.08ms       2.92ms         97us         52us
  av_delay        632us        526us          8us          4us
  sp_delay          9us         16us          4us          2us
  backlog            0b           0b           0b           0b
  pkts            85164       124889      5353476      8025858
  bytes       121662160    164971341    743416688    672544703
  way_inds           15            0       213032       536124
  way_miss         1800          525         2586        37328
  way_cols            0            0            0            0
  drops             109           24            2           32
  marks               0            0            0            0
  ack_drop            0            0            0         5409
  sp_flows            1            1            1            4
  bk_flows            0            0            0            1
  un_flows            0            0            0            0
  max_len          1486         1486         1392         1486
  quantum           300         1068          534          300

qdisc clsact ffff: dev wan parent ffff:fff1
 Sent 42476371943 bytes 48737701 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 0: dev ifb-dns root refcnt 2 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 1008776 bytes 3908 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 2240b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:           66 /     387
 min/max overhead-adjusted size:       66 /     387
 average network hdr offset:           14

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          7us          0us
  av_delay          0us          3us          0us
  sp_delay          0us          2us          0us
  backlog            0b           0b           0b
  pkts                0         3908            0
  bytes               0      1008776            0
  way_inds            0            0            0
  way_miss            0           33            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            1            0
  un_flows            0            0            0
  max_len             0          387            0
  quantum          1514         1514         1514

qdisc noqueue 0: dev br-lan root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev br-guest root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc mq 0: dev wlan0 root
 Sent 8025667623 bytes 6057487 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 0: dev wlan0 parent :4 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev wlan0 parent :3 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 7934145353 bytes 5521863 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 67200b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:           20 /    1514
 min/max overhead-adjusted size:       20 /    1514
 average network hdr offset:           14

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          4us          4us          9us
  av_delay          2us          2us          2us
  sp_delay          1us          1us          1us
  backlog            0b           0b           0b
  pkts           667363      4852287         2213
  bytes       969644720   6964384927       115706
  way_inds          788        15120            0
  way_miss        12108         6393            5
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            1            0            1
  bk_flows            0            1            0
  un_flows            0            0            0
  max_len         45420        33308          352
  quantum          1514         1514         1514

qdisc cake 0: dev wlan0 parent :2 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 91522270 bytes 535624 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 10176b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:           50 /    1514
 min/max overhead-adjusted size:       50 /    1514
 average network hdr offset:           14

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          6us          0us
  av_delay          0us          3us          0us
  sp_delay          0us          2us          0us
  backlog            0b           0b           0b
  pkts                0       535624            0
  bytes               0     91522270            0
  way_inds            0        15338            0
  way_miss            0        25351            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            1            0
  bk_flows            0            1            0
  un_flows            0            0            0
  max_len             0         6414            0
  quantum          1514         1514         1514

qdisc cake 0: dev wlan0 parent :1 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc mq 0: dev wlan1 root
 Sent 902882676 bytes 700936 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 0: dev wlan1 parent :4 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev wlan1 parent :3 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 896021573 bytes 664972 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 4288b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:           20 /    1486
 min/max overhead-adjusted size:       20 /    1486
 average network hdr offset:           14

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          4us          6us        117us
  av_delay          3us          2us          5us
  sp_delay          1us          2us          2us
  backlog            0b           0b           0b
  pkts            15879       646389         2704
  bytes        22848327    873036918       136328
  way_inds            3            8            0
  way_miss         1227         1600            5
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            1
  bk_flows            0            1            0
  un_flows            0            0            0
  max_len          1486         1486          352
  quantum          1514         1514         1514

qdisc cake 0: dev wlan1 parent :2 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 6861103 bytes 35964 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 4480b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:           54 /    1514
 min/max overhead-adjusted size:       54 /    1514
 average network hdr offset:           14

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us         20us          0us
  av_delay          0us          4us          0us
  sp_delay          0us          2us          0us
  backlog            0b           0b           0b
  pkts                0        35964            0
  bytes               0      6861103            0
  way_inds            0           83            0
  way_miss            0         4445            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            4            0
  bk_flows            0            1            0
  un_flows            0            0            0
  max_len             0         2871            0
  quantum          1514         1514         1514

qdisc cake 0: dev wlan1 parent :1 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 0b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:        65535 /       0
 min/max overhead-adjusted size:    65535 /       0
 average network hdr offset:            0

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          0us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0            0
  bytes               0            0            0
  way_inds            0            0            0
  way_miss            0            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            0
  un_flows            0            0            0
  max_len             0            0            0
  quantum          1514         1514         1514

qdisc cake 8007: dev ifb-wan root refcnt 2 bandwidth 150Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 22 mpu 64
 Sent 42131382295 bytes 35141294 pkt (dropped 3164, overlimits 29011158 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 3022964b of 7500000b
 capacity estimate: 150Mbit
 min/max network layer size:           46 /    1500
 min/max overhead-adjusted size:       68 /    1522
 average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh       9375Kbit      150Mbit       75Mbit    37500Kbit
  target            5ms          5ms          5ms          5ms
  interval        100ms        100ms        100ms        100ms
  pk_delay          0us        961us          5us         97us
  av_delay          0us        256us          0us          6us
  sp_delay          0us         13us          0us          2us
  backlog            0b           0b           0b           0b
  pkts                0     35143459            4          995
  bytes               0  42135741630          240        61189
  way_inds            0      1657117            0            0
  way_miss            0        39525            4            2
  way_cols            0            0            0            0
  drops               0         3164            0            0
  marks               0            0            0            0
  ack_drop            0            0            0            0
  sp_flows            0            5            1            1
  bk_flows            0            1            0            0
  un_flows            0            0            0            0
  max_len             0        66870           60          307
  quantum           300         1514         1514         1144

qdisc clsact ffff: dev ifb-wan parent ffff:fff1
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc mq 0: dev wlan1-1 root
 Sent 33195018707 bytes 27441204 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 0: dev wlan1-1 parent :4 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 200833246 bytes 139312 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 4288b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:          515 /    1486
 min/max overhead-adjusted size:      515 /    1486
 average network hdr offset:           14

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          4us          0us          0us
  av_delay          2us          0us          0us
  sp_delay          1us          0us          0us
  backlog            0b           0b           0b
  pkts           139312            0            0
  bytes       200833246            0            0
  way_inds           75            0            0
  way_miss         3717            0            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            1            0            0
  un_flows            0            0            0
  max_len          1486            0            0
  quantum          1514         1514         1514

qdisc cake 0: dev wlan1-1 parent :3 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 32175313580 bytes 21934041 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 4288b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:           20 /    1502
 min/max overhead-adjusted size:       20 /    1502
 average network hdr offset:           14

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          3us          8us
  av_delay          0us          2us          4us
  sp_delay          0us          1us          3us
  backlog            0b           0b           0b
  pkts                0     21928649         5392
  bytes               0  32175075998       237582
  way_inds            0       163634            0
  way_miss            0         1540            6
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            1
  bk_flows            0            1            0
  un_flows            0            0            0
  max_len             0         1502          352
  quantum          1514         1514         1514

qdisc cake 0: dev wlan1-1 parent :2 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 818857175 bytes 5367808 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 4288b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:           50 /    1486
 min/max overhead-adjusted size:       50 /    1486
 average network hdr offset:           14

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          5us          0us
  av_delay          0us          3us          0us
  sp_delay          0us          2us          0us
  backlog            0b           0b           0b
  pkts                0      5367808            0
  bytes               0    818857175            0
  way_inds            0       993508            0
  way_miss            0        18236            0
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            3            0
  bk_flows            0            1            0
  un_flows            0            0            0
  max_len             0         1486            0
  quantum          1514         1514         1514

qdisc cake 0: dev wlan1-1 parent :1 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 14706 bytes 43 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 1216b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:          342 /     342
 min/max overhead-adjusted size:      342 /     342
 average network hdr offset:            2

                   Bulk  Best Effort        Voice
  thresh           0bit         0bit         0bit
  target            5ms          5ms          5ms
  interval        100ms        100ms        100ms
  pk_delay          0us          0us          7us
  av_delay          0us          0us          0us
  sp_delay          0us          0us          0us
  backlog            0b           0b           0b
  pkts                0            0           43
  bytes               0            0        14706
  way_inds            0            0            0
  way_miss            0            0            5
  way_cols            0            0            0
  drops               0            0            0
  marks               0            0            0
  ack_drop            0            0            0
  sp_flows            0            0            0
  bk_flows            0            0            1
  un_flows            0            0            0
  max_len             0            0          342
  quantum          1514         1514         1514

root@OpenWrt:~# ^C
root@OpenWrt:~#

Havent played much on network since last reboot but it does flow through voice...

Even with kids online 4 different devices at the momoent 1 on ps and phone and 2 watching videos on youtube or netfix still gets good bufferbloat too...

After looking at my firewall and rules after a day of heavy use by my kids updated the amount of packets to prioritize 300/sec tcp was too much and added a conmark for udp high priority which seems to be a good add...

#!/bin/bash -x

IPT="iptables"

#    Latency Sensitive  (CS7, CS6, EF, VA, CS5, CS4)
#	 Streaming Media    (AF4x, AF3x, CS3, AF2x, TOS4, CS2, TOS1)
#	 Best Effort        (CS0, AF1x, TOS2, and those not specified)
#	 Background Traffic (CS1)

$IPT -t mangle -N dscp_mark > /dev/null 2>&1
$IPT -t mangle -F dscp_mark
$IPT -t mangle -A dscp_mark -i wan -j DSCP --set-dscp-class CS0
$IPT -t mangle -A dscp_mark -s 192.168.1.0/24 -j DSCP --set-dscp-class CS0

iptmark(){
    $IPT -t mangle -A dscp_mark "$@"
}

## check if POSTROUTING already exits then jumps to our tables if not, add them
$IPT -t mangle -L POSTROUTING -n | grep dscp_mark || $IPT -t mangle -A POSTROUTING -j dscp_mark

sport1="3658"
sport2="9305:9308"
sport3="3074:3079"
dport1="3478:3479"
dport2="9305:9308"
dport3="1117,1247,3074:3079,3893,7130,7463"

$IPT -t mangle -A PREROUTING -m set --match-set latsens srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS4 ## set dscp tag for our (latsens) ipset
$IPT -t mangle -A PREROUTING -m set --match-set streaming srcip,srcport,dstip,dstport -j DSCP --set-dscp-class AF32 ## set dscp tag for our (streaming) ipset
$IPT -t mangle -A PREROUTING -m set --match-set usrcdn srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS1 ## set dscp tag for our (usrcdn) ipset
$IPT -t mangle -A PREROUTING -p tcp -m set --match-set bulk srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS0 ## set dscp tag for our (bulk) ipset
$IPT -t mangle -A PREROUTING -m set --match-set network srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS3 ## set dscp tag for our (network) ipset
$IPT -t mangle -A PREROUTING -p udp -s 192.168.1.186 ! --dport 443 -m comment --comment "PS4 Pro Device" -j DSCP --set-dscp-class CS4
$IPT -t mangle -A PREROUTING -p udp -m multiport --sports $sport1 -m multiport --dports $dport1,$dport2 -j DSCP --set-dscp-class CS4 -m comment --comment "psn gaming ports"

iptmark -p tcp -m hashlimit --hashlimit-name tcp_high_prio --hashlimit-upto 200/second --hashlimit-burst 150 --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-rate-match --hashlimit-rate-interval 1 -j DSCP --set-dscp-class CS4 -m comment --comment "small tcp connection gets CS4"
iptmark -p udp -m udp -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name udp_high_prio --hashlimit-upto 125/second --hashlimit-burst 100 -j CONNMARK --set-mark 0x25 -m comment --comment "connmark for high priority udp"
iptmark -p udp -m connmark ! --mark 0x25 -m connbytes --connbytes :1000 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS4 -m comment --comment "small udp connection gets CS4"
iptmark -p udp -m udp -m multiport --sports $sport1,$sport3 -m multiport --dports $dport2,$dport3 -m comment --comment "psn udp cs4" -j DSCP --set-dscp-class CS4
iptmark -p udp -m udp -m multiport --sports $sport2 -m multiport --dports $dport1 -m comment --comment "psn stun udp AF41" -j DSCP --set-dscp-class AF41
iptmark -p udp -m udp -m multiport --sports $sport1,$sport2 -m set ! --match-set latsens srcip,srcport -j DSCP --set-dscp-class CS4 -m comment --comment "psn udp cs4 sports latsens"
iptmark -p udp -m udp -m multiport --dports $dport2,$dport3 -m set ! --match-set latsens dstip,dstport -j DSCP --set-dscp-class CS4 -m comment --comment "psn udp cs4 dports latsens"

iptmark -p udp -m udp -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name udp_low_prio --hashlimit-above 125/second --hashlimit-burst 100 -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for low priority udp"
iptmark -p udp -m connmark ! --mark 0x55 -m connbytes --connbytes 1000: --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS1 -m comment --comment "large udp connection gets CS1"
iptmark -p tcp -m set --match-set bulk srcip,srcport,dstip,dstport -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
iptmark -p tcp -m connbytes --connbytes 9375:187500 --connbytes-dir reply --connbytes-mode bytes -j DSCP --set-dscp-class CS1
iptmark -p tcp -m connbytes --connbytes 187500: --connbytes-dir reply --connbytes-mode bytes -j DSCP --set-dscp-class CS0

ackrate=125

iptmark -p tcp -m tcp --tcp-flags ALL ACK -o wan -m length --length 1:100 -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name ackfilter1 --hashlimit-above "${ackrate}/second" --hashlimit-burst $ackrate --hashlimit-rate-match --hashlimit-rate-interval 1 -m statistic --mode random --probability .5 -j DROP
iptmark -p tcp -m tcp --tcp-flags ALL ACK -o wan -m length --length 1:100 -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name ackfilter2 --hashlimit-above "$((ackrate*2))/second" --hashlimit-burst $ackrate --hashlimit-rate-match --hashlimit-rate-interval 1 -m statistic --mode random --probability .5 -j DROP
iptmark -p tcp -m tcp --tcp-flags ALL ACK -o wan -m length --length 1:100 -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name ackfilter3 --hashlimit-above "$((ackrate*3))/second" --hashlimit-burst $ackrate --hashlimit-rate-match --hashlimit-rate-interval 1 -m statistic --mode random --probability .5 -j DROP
iptmark -p tcp -m tcp --tcp-flags ALL ACK -o wan -m length --length 1:100 -m hashlimit --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-name ackfilter4 --hashlimit-above "$((ackrate*4))/second" --hashlimit-burst $ackrate --hashlimit-rate-match --hashlimit-rate-interval 1 -m statistic --mode random --probability .5 -j DROP

iptmark -p tcp -m tcp --tcp-flags ALL SYN -m length --length 0:500 -j DSCP --set-dscp-class CS4
iptmark -p tcp -m tcp --tcp-flags ALL ACK -m length --length 0:125 -j DSCP --set-dscp-class CS4

iptmark -m dscp ! --dscp  24 -m dscp ! --dscp  18 -m dscp ! --dscp  34 -m dscp ! --dscp  40 -m dscp ! --dscp  48 -m length --length 0:500 -j DSCP --set-dscp-class CS4 -m comment --comment "Flow contol AF32"
iptmark -m dscp ! --dscp  24 -m dscp ! --dscp  18 -m dscp ! --dscp  34 -m dscp ! --dscp  40 -m dscp ! --dscp  48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS4 -m comment --comment "multi purpose connection gets AF32"

iptmark -p udp -m udp -m multiport --dports 53,5300 -m set ! --match-set network dstip,dstport -j DSCP --set-dscp-class CS3 -m comment --comment "dns connection and network ipset gets CS4"

iptmark -p udp -m udp -m multiport --port 123 -j DSCP --set-dscp-class CS5 -m comment --comment "NTP udp"

iptmark -p icmp -j DSCP --set-dscp-class CS5 -m comment --comment "ICMP-pings"

Updated my script

image1698×245 12.3 KB

The more that i think about it might as well make a rule for tcp low priority something like so:

iptmark -p tcp -m hashlimit --hashlimit-name tcp_low_prio --hashlimit-above 200/second --hashlimit-burst 150 --hashlimit-mode srcip,srcport,dstip,dstport --hashlimit-rate-match --hashlimit-rate-interval 1 -j DSCP --set-dscp-class CS1 -m comment --comment "big tcp connection gets CS1"

I've been following...but if this is only specific to PSN (the PlayStation Network, correct?), why are you lookin into the OpenWrt?

(Maybe I missed that?)

You could modify the script for anything you want to prioritize but I have it set up to prioritize PlayStation games over video and streaming or anything that my kids do online so if i decide to play my game I want to make sure that I have the packets prioritized to me and from me the best i can...

By golly, that are a lot of cake instances (I count 14) not sure what router hardware you use, but that can sap a lot of CPU cycles... then again only two are set to actually traffic shape, so the others are mostly replacements for the default fq_codel qdisc. Not sure they actually do all that much for WiFi.

Looking at the stats for ifb-wan I see only very little traffic in non-Best Effort tins, making me think that the ingress classification does not work as intended (the few packets in the Video and Voice tins likely are marked packets leaking in from your ISP*). The typical problem is that iptables based rules will only run after an ifb on the true wan interface is done handling the packets. The solutions to that issue are typically:
a) use qosify on wan which uses eBPF to mark incoming packets before cake gets hold of them (but currently can not remark based on internal IP addresses, and IIRC does not allow rules based on IP-address:port tuples.
b) use a redirection of ingress traffic though a veth pair (which will move the ingress traffic into the iptables domain thereby allowing the iptables rules to work)
c) instantiate the ingress shaper on br-lan (or the physical interface connecting the CPU with the LAN-switch) which will also move this into iptables domain (this however will not traffic shape packet to WiFi, so is only a robust solution for wired-only routers)
d) use @ldir's elegant connmark action, that basically copies the egress DSCP to incoming packets of the same connection, allowing you to use iptables for complicated egress rules and have the same marking "magically" appear on the reverse traffic.

*) For example my ISP O2/Telefonica will send a few ICMP packets marked CS6, and the ISP's VoIP packets are acceptably marked as well.

The tc -s qdisc output you posted later shows how much traffic accumulated in the different priority tins, while it does not show the exact distribution I wold say on egress:

You have too much data in Video and Voice for my taste, but the low number of drops seems to indicate that you rarely see congestion, so the traffic mix in the different tins likely is okay.

Again this indicates that your ingress prioritization is not working as intended, almost no traffic anywhere else than Best Effort....

I installed this to check it out and forgot to config it im pretty sure that is when all the cake instances started.... Yea i agree was alot of packets in voice and vid went down now that i adjusted the amount of udp and tcp packets per second to prioritize... Even if im not getting ingress marks per say it performs like a big dog!!! Im sure ill figure it out eventually just a sef taught oldschool BEE!!! Thanks for your explanation

Well forgot to mention am running qosify too...

image1877×896 118 KB

configed netdata too

root@OpenWrt:~# qosify-status
===== interface wan: active =====
egress status:
qdisc cake 8006: root refcnt 2 bandwidth 35Mbit diffserv4 dual-srchost nat wash ack-filter split-gso rtt 100ms noatm overhead 22 mpu 64
 Sent 75885433 bytes 191932 pkt (dropped 131, overlimits 92897 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 664640b of 4Mb
 capacity estimate: 35Mbit
 min/max network layer size:           28 /    1472
 min/max overhead-adjusted size:       64 /    1494
 average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh       2187Kbit       35Mbit    17500Kbit     8750Kbit
  target         8.15ms          5ms          5ms          5ms
  interval        103ms        100ms        100ms        100ms
  pk_delay       5.22ms          9ms          6us         10us
  av_delay       2.72ms       3.64ms          2us          5us
  sp_delay          6us          8us          2us          3us
  backlog            0b           0b           0b           0b
  pkts            36035         7166        72512        76350
  bytes        52523265     10377357      5887642      7283233
  way_inds            0            0            0          117
  way_miss           61           24           49          543
  way_cols            0            0            0            0
  drops             116            5            0            5
  marks               0            0            0            0
  ack_drop            0            0            0            5
  sp_flows            1            1            1            4
  bk_flows            0            0            0            0
  un_flows            0            0            0            0
  max_len          1486         1486         1392         1486
  quantum           300         1068          534          300


ingress status:
qdisc cake 8007: root refcnt 2 bandwidth 150Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 22 mpu 64
 Sent 560347741 bytes 439824 pkt (dropped 355, overlimits 551627 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 2205496b of 7500000b
 capacity estimate: 150Mbit
 min/max network layer size:           46 /    1500
 min/max overhead-adjusted size:       68 /    1522
 average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh       9375Kbit      150Mbit       75Mbit    37500Kbit
  target            5ms          5ms          5ms          5ms
  interval        100ms        100ms        100ms        100ms
  pk_delay          0us       1.64ms          0us          5us
  av_delay          0us        800us          0us          0us
  sp_delay          0us          5us          0us          0us
  backlog            0b           0b           0b           0b
  pkts                0       440170            0            9
  bytes               0    560867257            0          540
  way_inds            0          384            0            0
  way_miss            0          575            0            1
  way_cols            0            0            0            0
  drops               0          355            0            0
  marks               0            0            0            0
  ack_drop            0            0            0            0
  sp_flows            0            4            0            0
  bk_flows            0            1            0            0
  un_flows            0            0            0            0
  max_len             0        63898            0           60
  quantum           300         1514         1514         1144

why doesnt cake 8007 show in tc -s qdisc but 8006 does?

qdisc cake 8006: dev wan root refcnt 2 bandwidth 35Mbit diffserv4 dual-srchost nat wash ack-filter split-gso rtt 100ms noatm overhead 22 mpu 64
 Sent 77374075 bytes 208249 pkt (dropped 131, overlimits 93066 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 664640b of 4Mb
 capacity estimate: 35Mbit
 min/max network layer size:           28 /    1472
 min/max overhead-adjusted size:       64 /    1494
 average network hdr offset:           14

                   Bulk  Best Effort        Video        Voice
  thresh       2187Kbit       35Mbit    17500Kbit     8750Kbit
  target         8.15ms          5ms          5ms          5ms
  interval        103ms        100ms        100ms        100ms
  pk_delay       4.31ms       7.12ms          6us         19us
  av_delay       2.25ms       2.93ms          2us          5us
  sp_delay          8us         28us          2us          2us
  backlog            0b           0b           0b           0b
  pkts            36084         7229        83568        81499
  bytes        52574261     10461580      6763551      7760747
  way_inds            0            0            0          117
  way_miss           63           24           49          573
  way_cols            0            0            0            0
  drops             116            5            0            5
  marks               0            0            0            0
  ack_drop            0            0            0            5
  sp_flows            1            1            1            4
  bk_flows            0            0            0            1
  un_flows            0            0            0            0
  max_len          1486         1486         1392         1486
  quantum           300         1068          534          300

qdisc clsact ffff: dev wan parent ffff:fff1
 Sent 670481408 bytes 682806 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 0: dev ifb-dns root refcnt 2 bandwidth unlimited diffserv3 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms raw overhead 0
 Sent 5277 bytes 51 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 2240b of 15140Kb
 capacity estimate: 0bit
 min/max network layer size:           84 /     209
 min/max overhead-adjusted size:       84 /     209
 average network hdr offset:            3

hello, could you share your scripts (qosify, firewall, ), as well as the rules you use, since I also have serious latency problems when I'm on the PS5 and at the same time they use netflix, youtube etc