You are running a router firewall on your AP so, it would probably be expected to screw things up.
We need a different design entirely for an AP, one that mainly just does tagging on bridges maybe. I think it's out of scope for the moment, let's get a working router firewall.
Sorry, I should start from the beginning, I just set it as AP so my family can get access to wifi meanwhile..(The firewall is deactivated if its make sense)
I have the same behavior with the wan.20 and pppoe session in the openwrt router with nftables..
aha, ok, the wan comes in tagged on wan.20 and then on top of that you're running a pppoe session?
Can you show the config at the top of the nftables script where you define the wan, lan etc.
Yes!
Moved back to Openwrt as main router. So its like you said, vlan 20 with pppoe session:
The config is:
define wan = wan.20
define lan = br-lan
#define guest = eth0.10 # or remove these if you don't use guest or iot networks
#define iot = eth0.5 ## but be sure to also remove the reference to them below
I had additional issue: (I removed those lines, not sure if should do so, so I moved them back, the problem is that they prevent the loading of the script with the router restart)
root@OpenWrt:~# nft -f /etc/nftables.conf
/etc/nftables.conf:88:16-20: Error: unknown identifier 'guest'
iifname {$guest,$iot} oifname $lan drop ## guests can't connect to LAN
^^^^^
/etc/nftables.conf:89:21-25: Error: unknown identifier 'guest'
iifname {$lan,$guest,$iot} oifname $wan accept ## allow inside to forward to WAN
^^^^^
thanks. It worked. I can't alway test new code because this is mine main router. But if you have more code to test, Im willing to do that if i have time. (also routerperf)
@di_Niko , since you are running pppoe, I believe that your actual wan device is probably pppoe-wan or something similar. But we may need some rules to allow pppoe to establish over the wan.20 device.
Let's start with figuring out what your name of the pppoe device is and then add it as a set:
define wan = {wan.20, pppoe-wan}
See if that works. Also it might work if it's just pppoe-wan, not a set.
Oh also, in the lines where you have trouble , just remove the line matching iifname {$guest,$iot} and change the other line to just say iifname $lan
@Brillie Gg you are found
Thanks, now it works, I leaved those lines like:
iifname lo accept
iifname {$lan} oifname $wan accept ## allow inside to forward to WAN
And replaced wan with pppoe-wan and it def. works as expected.
Additionally I tested as AP with only wan and it also works!
Does this line should be placed in startup? Or applying in terminal its enough?
echo "nf_nat" >> /etc/modules
Perfect!
Just once in terminal!
different test
CS5 in udp work great
i have make a download dslreports before game
my line is very stable
I have no problems and have open nat in my ps5, looking your last piece of code, looks like you haven't replaced the ip?
type inet_service : ipv4_addr
elements = {3074 : Your ps5 ip }
no it's a start but my actual cofnig is
elements = {1935 : 192.168.2.160, 3480 : 192.168.2.160, 3074 : 192.168.2.160, 3075 : 192.168.2.160, 3076 : 192.168.2.160, 3077 : 192.168.2.160, 3478 : 192.168.2.160, 3479 : 192.168.2.160, 9308 : 192.168.2.160, 3659 : 192.168.2.160 } #
So it seems the tagging is happening. How is the tin usage in cake diffserv4 on wan and on LAN
root@OpenWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 10240p flows 1024 quantum 1518 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
Sent 909081873 bytes 1193062 pkt (dropped 0, overlimits 0 requeues 4)
backlog 0b 0p requeues 4
maxpacket 1518 drop_overlimit 0 new_flow_count 19 ecn_mark 0
new_flows_len 0 old_flows_len 0
qdisc noqueue 0: dev lan1 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan2 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan3 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev lan4 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc cake 8011: dev wan root refcnt 2 bandwidth 16Mbit diffserv4 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms noatm overhead 44
Sent 352762679 bytes 596393 pkt (dropped 2352, overlimits 446439 requeues 0)
backlog 0b 0p requeues 0
memory used: 345984b of 4Mb
capacity estimate: 16Mbit
min/max network layer size: 28 / 1490
min/max overhead-adjusted size: 72 / 1534
average network hdr offset: 14
Bulk Best Effort Video Voice
thresh 1Mbit 16Mbit 8Mbit 4Mbit
target 18.2ms 5ms 5ms 5ms
interval 113ms 100ms 100ms 100ms
pk_delay 30.5ms 611us 249us 346us
av_delay 29.4ms 88us 4us 160us
sp_delay 1.26ms 3us 4us 4us
backlog 0b 0b 0b 0b
pkts 73441 330889 17 194398
bytes 108946007 212940062 2694 34400233
way_inds 0 1483 0 32914
way_miss 2 7743 7 3527
way_cols 0 0 0 0
drops 162 2189 0 1
marks 0 0 0 0
ack_drop 0 0 0 0
sp_flows 0 1 1 0
bk_flows 0 1 0 0
un_flows 0 0 0 0
max_len 10388 15040 476 1314
quantum 300 488 300 300
qdisc cake 800b: dev br-lan root refcnt 2 bandwidth 56Mbit diffserv4 triple-isolate nonat nowash no-ack-filter split-gso rtt 100ms noatm overhead 44
Sent 551344748 bytes 595718 pkt (dropped 595, overlimits 514257 requeues 0)
backlog 0b 0p requeues 0
memory used: 827872b of 4Mb
capacity estimate: 56Mbit
min/max network layer size: 28 / 1500
min/max overhead-adjusted size: 72 / 1544
average network hdr offset: 14
Bulk Best Effort Video Voice
thresh 3500Kbit 56Mbit 28Mbit 14Mbit
target 5.19ms 5ms 5ms 5ms
interval 100ms 100ms 100ms 100ms
pk_delay 129us 2.08ms 133us 40us
av_delay 5us 827us 16us 3us
sp_delay 4us 2us 3us 2us
backlog 0b 0b 0b 0b
pkts 134522 378848 426 82517
bytes 145329133 375314547 74350 31520150
way_inds 0 8356 0 60
way_miss 3 7807 5 286
way_cols 0 0 0 0
drops 1 594 0 0
marks 0 0 0 0
ack_drop 0 0 0 0
sp_flows 1 1 1 0
bk_flows 0 1 0 0
un_flows 0 0 0 0
max_len 24224 21196 690 1330
quantum 300 1514 854 427
root@OpenWrt:~#
Working pretty good so far. Played a game of Cod Warzone and tagged every udp 3074 packet with cs7 just to see if it is working and everything seems fine:
root@OpenWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 10240p flows 1024 quantum 1522 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
Sent 178211397 bytes 192566 pkt (dropped 2, overlimits 0 requeues 55)
backlog 0b 0p requeues 55
maxpacket 1514 drop_overlimit 0 new_flow_count 269 ecn_mark 0
new_flows_len 0 old_flows_len 0
qdisc cake 8017: dev eth1 root refcnt 2 bandwidth 24500Kbit diffserv4 dual-srchost nat nowash no-ack-filter split-gso rtt 100ms noatm overhead 22 mpu 64
Sent 13080702 bytes 69852 pkt (dropped 2, overlimits 3990 requeues 0)
backlog 0b 0p requeues 0
memory used: 43050b of 4Mb
capacity estimate: 24500Kbit
min/max network layer size: 28 / 1490
min/max overhead-adjusted size: 64 / 1512
average network hdr offset: 14
Bulk Best Effort Video Voice
thresh 1531Kbit 24500Kbit 12250Kbit 6125Kbit
target 11.9ms 5ms 5ms 5ms
interval 107ms 100ms 100ms 100ms
pk_delay 0us 1.4ms 16us 30us
av_delay 0us 93us 0us 6us
sp_delay 0us 5us 0us 4us
backlog 0b 0b 0b 0b
pkts 0 6089 10 63755
bytes 0 1764463 1906 11317321
way_inds 0 14 0 30
way_miss 0 704 4 77
way_cols 0 0 0 0
drops 0 2 0 0
marks 0 0 0 0
ack_drop 0 0 0 0
sp_flows 0 1 0 0
bk_flows 0 1 0 0
un_flows 0 0 0 0
max_len 0 1504 476 1306
quantum 300 747 373 300
qdisc cake 800e: dev br-lan root refcnt 2 bandwidth 90Mbit diffserv3 dual-dsthost nonat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 22 mpu 64
Sent 178214395 bytes 192568 pkt (dropped 46, overlimits 133476 requeues 0)
backlog 0b 0p requeues 0
memory used: 1148460b of 4500000b
capacity estimate: 90Mbit
min/max network layer size: 28 / 1500
min/max overhead-adjusted size: 64 / 1522
average network hdr offset: 14
Bulk Best Effort Voice
thresh 5625Kbit 90Mbit 22500Kbit
target 5ms 5ms 5ms
interval 100ms 100ms 100ms
pk_delay 1.11ms 1.03ms 351us
av_delay 667us 63us 16us
sp_delay 26us 4us 8us
backlog 0b 0b 0b
pkts 5498 167057 20059
bytes 7814880 161761688 8706809
way_inds 0 424 97
way_miss 1 2208 60
way_cols 0 0 0
drops 1 45 0
marks 0 0 0
ack_drop 0 0 0
sp_flows 0 6 1
bk_flows 0 1 0
un_flows 0 0 0
max_len 7570 20916 14940
quantum 300 1514 686
@Hudra you are tagged how because
The mine is cs5 3074 -- 40005and you is reverse you understand 40005 3074 cs7 ?
What interface did you capture?
i capture with wan
like this
tcpdump -i wan -w /tmp/capturesqmcakenftables.pcap
and you ?
i dont know how to use tee with nftables to capture it may not matter,
you play in wifi i guess
i has add the port cod like that
at the end of the the script
define gameports = {3074,3659,9308,30000-45000} ## or whatever....
udp dport $gameports ip dscp set cs5
udp dport $gameports ip6 dscp set cs5
udp sport $gameports ip dscp set cs5
udp sport $gameports ip6 dscp set cs5```I captured br-lan.. this is the reason why it looks different…
No I never play over wifi
ok you captured with the same command i did then? except that you put br-lan like that for example? tcpdump -i br-lan -w /tmp/capturesqmcakenftableslan.pcap
and why is using CS7 higher priority than CS5 ???
my config SQM is like that 
config queue 'eth1'
option qdisc 'cake'
option interface 'wan'
option debug_logging '0'
option verbosity '5'
option linklayer 'ethernet'
option overhead '44'
option enabled '1'
option download '0'
option script 'layer_cake.qos'
option qdisc_advanced '1'
option squash_dscp '1'
option squash_ingress '1'
option ingress_ecn 'ECN'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option eqdisc_opts 'diffserv4'
option upload '16000'
config queue
option enabled '1'
option interface 'br-lan'
option download '0'
option upload '56000'
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option script 'layer_cake.qos'
option linklayer 'ethernet'
option overhead '44'
option qdisc_advanced '1'
option squash_dscp '1'
option squash_ingress '1'
option ingress_ecn 'ECN'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option eqdisc_opts 'diffserv4'
CS7 is bad after my expeirence you should be try CS5 your gameplay will be better i think
you confirm @dlakelan