I will get onto this at some point this evening. Is the script likely to reveal any sensitive data?
Will enabling flow offloading improve the performance a bit?
uci set firewall.@defaults.flow_offloading=1
uci commit && reboot
The script collects CPU usage and interface transfer quantity stats. It requires a high res timer so the full version of the "sleep" utility.
We don't yet have a real data analysis scheme going, but having real world data will help us develop it.
While I would not call AQM/QoS-management "crap", I fully agree that if one's link has no bufferbloat issues and performs as desired than nothing needsto be done. Personally I have not been lucky enough in the last 8 years though ;).
Bufferbloat is also an issue that mainly rears its ugly head once your traffic (transiently) exceeds your available bandwidth, so without heavy users like family members or file-sharing applications running in the background you might simply never exceed your 250/50 (long enough) to notice/care. As stated above in that case doing nothing sounds like a very pragmatic approach
Have a look your self, we aimed to keep the scripts human-readable (or rather we aim, I believe this not necessarily the final script) and we tried to keep things pretty basic to minimize the risk to leak sensitive data. That said, obviously CPU usage is a potential signaling pathway to exfiltrate data from a machine, but for that to be relevant sqm-script (or rather the kernel modules it exercises) would already need to be backdoored. And at that point it the horse has long left the barn/stable...
I want to add we also need coreutils-date as that will report time in nano seconds, busybox time's resolution is simply not good enough for our purpose. (Micro-spikes in CPU-usage can certainly make a shaper unhappy, while not showing up if one uses to long an sampling period for the instrumentation).
We should add checks in that script for the required sleep + date and then output a message if they're not installed. I'll put a comment in my current git version to do that properly. Hopefully I can get some time towards the end of next week to improve things and do some basic analysis now that I have JSON output.
Got the output for you.. it's too big for Pastebin.. any suggestions on where to host?
If you can zip it and drop it in this google drive folder that'd be great: https://drive.google.com/drive/folders/1v_S3oFhLEIq49ShKMxjZkgvBQK8IP9ko?usp=sharing
It will be open for write until I see the file appear, and then will be read only.
OK - it's done, thanks.
awesome, thanks for donating some real world data. Follow the results of our efforts in the other thread, things making slow progress, eventually we'll request people to donate a bunch of data once we're ready to go
i would also like to think it can, but does it work with sqm?
also looks like it still needs some work in general
would you care to measure?
It was a suggestion to the topic starter
Yes software flow offload doesn't bypass qdiscs, so it should help
So I managed to get hold of a small form factor X86 box (4th gen Intel i5 with 4GB Ram) for free and I'm planning to try it out as a SQM shaper with OpenWRT - I still need the WRT3200ACM to act as AP however.
I was planning to offload all firewall/vpn/SQM/ddns/adblock etc duties to the x86 box and just have the WRT3200ACM do Wireless.
However I can't decide whether to leave LAN routing/DHCP duties on the WRT3200ACM and just create a point to point layer 3 connection between the router and the x86 box (this should make keeping my guest WiFi networks isolated easier), or whether to have all routing done on the x86 box and just have the AP as a dumb device.
Do you have any recommendations on this?
on that from me!
I put all my SSIDs on a separate VLAN and deal with policy enforcement at the router.
That's what I would do. Use vlans to isolate guest etc. Maybe get a managed switch. I really like my zyxel web managed one. Tp links are acceptable in current version.
Is it possible to use the switch in the WRT3200ACM as the managed switch under OpenWRT? Or is it not capable of managing a layer 2 device?
So with a bit of work I can have a LAN VLAN with the regular SSIDs and 4 network ports, a Guest VLAN for the Guest SSID and then a trunk port up to the x86 box. Essentially using the WRT3200ACM as a managed switch with an AP attached internally.
Yes, it's pretty easy to set up the WRT3200 as a managed switch, if the 4 ports are enough for your purposes. Otherwise, you can break-out more VLAN capable ports with a dedicated managed switch.