Need help regarding SQM

The only issue with this device is that it's a 4MB/32MB device and that isn't really supported anymore. Technically it seems to work for you, but plan to upgrade soon. When you do, consider sticking with the architecture of a wired router and a wifi AP.

If I had anything less than 300/300 Mbps these days I'd probably buy a TP-Link sg108e switch and a RPi 4 as my router.

For more than 300/300 I'd buy an x86 like the Odroid H2 and the switch.

Yes I totally agree on this.

That reminds me of EdgeRouter. Hope they add CAKE option in sqm. Heard OpenWrt firmware also works in it. So I might give it a try on this soon. Also RPi 4 100% it's must.

I have EdgeRouter-X-SFP, CAKE was working until version 1.10.8, but i think it will work with version 2 too.

Yeah, i didn't tried that yet, but the problem is that it's not easy to get back to stock firmware, but i think there's a method now!

good luck and let me know, i liked the stock firmware configuration and DPI, that's why I'm sticking to it.

Sure I'll!
Also @hisham2630 do you know anything about this problem?

iptables v1.6.2: Couldn't load match `hashlimit':No such file or directory

When firewall starts this log shows up:

Warning: Section @zone[1] (wan) cannot resolve device of network 'wan6'
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Rule 'Allow-DHCP-Renew'
   * Rule 'Allow-Ping'
   * Rule 'Allow-IGMP'
   * Rule 'Allow-IPSec-ESP'
   * Rule 'Allow-ISAKMP'
   * Forward 'lan' -> 'wan'
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 nat table
   * Zone 'lan'
   * Zone 'wan'
 * Populating IPv4 mangle table
   * Zone 'lan'
   * Zone 'wan'
 * Set tcp_ecn to off
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
 * Running script '/etc/firewall.user'
iptables v1.6.2: Couldn't load match `hashlimit':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
 * Running script '/usr/share/miniupnpd/firewall.include'

This is the syntax:

iptables -t mangle -A dscp_mark -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 115/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp"

From quick google search I yielded that it has do with iptable.
P.S. yes I've installed both necessary modules.

iptables-mod-hashlimit
kmod-ipt-hashlimit

To see loaded iptable modules I entered:

root@OpenWrt:~# cat /proc/net/ip_tables_matches
time
statistic
state
quota
pkttype
owner
mac
limit
helper
conntrack
conntrack
conntrack
connlimit
connbytes
comment
addrtype
connmark
mark
icmp
tcpmss
recent
recent
multiport
length
iprange
ttl
hashlimit
hashlimit
ecn
tos
dscp
addrtype
set
set
set
set
set
udplite
udp
tcp

hashlimit is loaded so what's the deal here? Any help?

What will happen if you change -A dscp_mark to -A POSTROUTING ?
also try to re install module

In kernel config I changed CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y to CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m. In short I installed that module separately rather within the kernel itself. Now it doesn't say,

iptables v1.6.2: Couldn't load match `hashlimit':No such file or directory

Instead I get this,

root@OpenWrt:~# iptables -t mangle -A POSTROUTING -p udp -m hashlimit --hashlimi
t-name udp_high_prio --hashlimit-above 115/sec --hashlimit-burst 50 --hashlimit-
mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --commen
t "connmark for udp"
iptables: Result not representable.

Also, what is this file /etc/iproute2/rt_dsfield for? I checked on wireshark & DSCP packets are working without this.

i think it's ok.
you can check by watching this rule stats!

this have the hex value for each of DSCP class, i guess it's not needed with newer versions of iptables

I'm sorry but how exactly? How will I know if that rule got a hit count? Will it show up here http://192.168.1.1/cgi-bin/luci/admin/status/iptables. How can I test it?

I can't remember, but i think this is the right place, you will see all of your rules there.

you just need some udp traffic like voip call via whatsapp or online game.

Okay so every custom iptables entry from firewall.user is in http://192.168.1.1/cgi-bin/luci/admin/status/iptables along with traffic except hashlimit one. Tried discord voip call still doesn't show up so no hashlimit isn't working.

Try to reinstall iptables

You mean different snapshot?

re install iptables package, it's like update iptables

Oh I've removed opkg package to accommodate all the other packages to fit in small flash. I'll try different snapshot unless anyone here knows how to specifically update iptable file before building an image.

I wonder if this isn't a memory issue, like the hashlimit module can't load because you don't have enough RAM or some similar thing.

hashlimit is a totally standard thing used by many people so I am guessing this may have something to do with the hardware limitations.

Like I said earlier I've had made all kernel modules built-in. That's why hashlimit wasn't loading. It's not due to low memory

well, now that you've modulized it, it still isn't working right?

Nope on that command it says
iptables: Result not representable.

so I wonder if this means it's running out of memory when it tries to allocate the hashlimit table....

I mean other modules are working flawlessly even tcpdump my guess is it has to do with my current iptable version?