hey all,
tried to install qos because i need it so much, especially limiting by MAC address. anyway i think it works but not fully. As you can see in the image below theres upload cap which is really fine but what wrong with download lol, isnt it supposed to be capped as same speed as upload.
edit: installed pkgs is nft-qos+luci-app-nftqos
thanks.
Ah yes, any alternatives would be cool tbh
Can you explain what kind of limiting you need? Specifically do you need to throttle some MACs down hard or are you just concerned that some hosts do not hog all the capacity? For the latter cake with per-internal-IP isolation might already be good enough (either completely or as a starting point while you research more optimal solutions).
Suupose im running small business selling wifi to neighbors using litebeam 5ac with pre configured router included [ writing down the router MAC addresses in exel table with customer name ] and i want to block and unblock only using MAC address. Qos over nftables i think it will do the job perfectly but i guess it has bug currently. Also im open for any other methods ( by MAC only ).
I'm not sure where the bug is; In nft-qos that uses a table of the inet family to limit the speed by MAC addresses or in nftables, that allows to create a rule in such a table using destination MAC address as match (not possible in iptables).
As a workaround, you could create a custom table of the bridge family (for download limit only).
An example here.
Ah, okay depending on your offer tying this to a mac makes some sense.
But consider looking at LibreQoS for a WISP use case... sure needs a bit better hardware than a cheap all in one router on your side, but allows better per customer shaping...
In terms of hardware i got the best i believe, im running openwrt on banana pi r4. I will condider looking at LiberQoS soon
When i tick " limit by mac address " and i write down the mac address it wont limit the speed idk if i did anything wrong
I know it doesn't work.
When I said I don't know where the bug is, I meant I don't know who to blame. nft-qos should not use such type of table for bidirectional limiting by MAC and on the other hand nftables should not allow creating a rule that will not work.
HI, morning
i gave these topic a look and i think it will work for me but im still confused how im gonna limit and how to write rules. rn im only having my pc connected how i can limit its upload ?
Well, I found the bug in nft-qos. It uses an old syntax when checking for the presence of a bridge device.
Here's the quick and dirty fix:
Open /lib/nft-qos/core.sh and on line 9 change NFT_QOS_HAS_BRIDGE= to NFT_QOS_HAS_BRIDGE=y.
Verify that kmod-nft-bridge is installed.
opkg update; opkg install kmod-nft-bridge
Now rate limiting by MAC should work in both directions.
Hopefully you have made a pull request to fix it for everyone who uses that package.
hi did i do it wrong ? this is first 9 lines of /lib/nft-qos/core.sh ,,,
#!/bin/sh
#
# Copyright (C) 2018 rosysong@rosinson.com
#
# for uci_validate_section()
. /lib/functions/procd.sh
NFT_QOS_HAS_BRIDGE=y
NFT_QOS_INET_FAMILY=ip
NFT_QOS_SCRIPT_TEXT=
NFT_QOS_SCRIPT_FILE=/tmp/qos.nft
seems like it didnt work cuz i only selected 50mbps
50 MBytes = ~ 420 Mbps so it looks like it is working.
As already stated, 50 MB/s is a huge limit and it also seems that the upload speed is limited by your ISP.
Better do a more meaningful test. Set the limits like this
and if the result is much different from
post the result of
opkg list-installed | grep kmod-nft-bridge
IFS=$'\n'; for table in $(nft list tables | grep nft-qos) ; do nft list $table; done
nice job man, this is so cool. i think its fixed now and works really really fine
see this results
as i set the upload to 5mbps and download is 100mbps.
happy it works, thanks
yeah it was my fault, i still dont understand these numbers yet
The difference between bit and byte is confusing. It is very easy to confuse the two.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
