Hi,
I've made a new package for OpenWrt called qosify, which implements many features also found in this script. Instead of using iptables and ipset, it implements classification as a single configurable eBPF module. It supports port based rules and DNS hostname wildcard/regex matching for classification.
You can find some details about it in this readme: https://git.openwrt.org/?p=project/qosify.git;a=blob;f=README
The package is in OpenWrt master (EDIT: and in 22.03.0 and newer releases)
thanks for your work
for the moment i has configurate like this
config defaults
list defaults /etc/qosify/*.conf
option dscp_prio CS5
option dscp_icmp CS6
option dscp_bulk CS0
option dscp_default_udp CS4
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option prio_max_avg_pkt_len 500
config interface wan
option name wan
option disabled 0
option bandwidth_up 16mbit
option bandwidth_down 56mbit
# defaults:
option ingress 1
option egress 1
option mode diffserv4
option nat 1
option host_isolate 1
option autorate_ingress 1
option ingress_options ""
option egress_options ""
option options ""
config device wandev
option disabled 1
option name wan
option bandwidth 100mbit
maybe open the new thread for configurate qosify
Working nicely so far, but took a little bit to read between the lines of the README.
I made some changes to the defaults. I changed dscp_bulk
from CS0
to CS1
, and I added dscp_default_tcp CS0
(since my ISP marks all my ingress traffic as CS1). I also added docsis
to the options
parameter to account for my desired overhead.
I added a 01-dns.conf
file in /etc/qosify
with all my former dnsmasq ipset configs. Is it required to put a wildcard on a domain if you want all sub-domains included (e.g. googlevideo.com
or *.googlevideo.com
)?
It's not obvious, but you can dump your config with ubus call qosify dump
Very cool so far! Thanks @nbd
/etc/qosify/01-dns.conf
# Bulk
dns:*.backblaze.com CS1
dns:*.backblazeb2.com CS1
dns:*.ms-acdc.office.com CS1
dns:*.windowsupdate.com CS1
dns:*.update.microsoft.com CS1
dns:*.onedrive.com CS1
dns:*.1drv.ms CS1
dns:*.1drv.com CS1
dns:*.sharepoint.com CS1
# Video
dns:*.googlevideo.com AF41
dns:*.nflxvideo.net AF41
dns:*.aiv-cdn.net AF41
dns:*.r.cloudfront.net AF41
dns:*.aiv-delivery.net AF41
dns:*.mediaplatform.com AF41
dns:*.uplynk.com AF41
# Voice
dns:*.zoom.us CS6
dns:*.skype.com CS6
/etc/qosify/00-defaults.conf
# DNS
tcp:53 CS5
udp:53 CS5
# NTP
udp:123 CS6
# SSH
tcp:22 +CS4
# HTTP/QUIC
#tcp:80 +CS3
#tcp:443 +CS3
udp:80 CS0
udp:443 CS0
# Facetime
udp:3478-3497 +CS6
udp:16384-16387 +CS6
udp:16393-16402 +CS6
# Zoom
udp:8801-8810 +CS6
Cool ,
You have add option overhead how
Option overhead "docsis" ?
Put docsis
inside the quotes.
option options "docsis"
I have a many iptables for my connexion with src et dst ip src port and dest port how make add in qosify ?
The way I interpret the docs and code, it is based on one criterion only (ip or port, but not both together). So iptables rules are probably needed still for those more complex requirements.
I could be wrong, or maybe AND support can come later.
I'm on vdsl2 i think add ethernet but usually i use 44 overhead where place overhead number
Then i ipdated the last snapshot and package qosify is missed now how recupair the package ? Thanks
Just use overhead 44
instead of docsis
like I did.
One difference between qosify’s dns:
approach versus using dnsmasq with ipsets is that you need to know the underlying A record name for any CNAMEs you want to capture traffic for.
In dnsmasq, you could put skype.com
into a voice ipset and not worry about the real A records. With qosify, since it only sees the final dns_result
through ubus, you have to know that skype.com
might actually be l-0007.dc-msedge.net
, and that’s what you’d have to account for in the qosify map file.
Not a showstopper, but you might not be able to just reformat your dnsmasq ipset options into qosify dns:
options.
I just pushed a fix for the qosify build failure, next snapshot build should work again.
Regarding the CNAME issue: I think I need to update the dnsmasq ubus patch so that it generates events for both if the CNAME is different from the A record name.
Questions:
-
Does qosify allow to define combinations of ip addresses and ports for its marking rules?
-
Does that marking also work on ingress, that is will the re-marking happen before an qdisc on an IFB will see the packets?
-
If yes to 2) above, can marking rules employ "internal" IP addresses, that is, does this look into conntrack and friends to get the mapping between addresses/ports in the pre-NAT and the post-NAT world?
I had a look at the description of qosify, but did not see these answered (but I might have overlooked it).
Thanks!
@dave14305,
Regarding your changes to the bulk class, I'm planning on implementing support for dscp value aliases and for splitting tags between ingress and egress. The alias syntax in uci will look something like this:
config alias bulk
option egress CS1
option ingress LE
config alias video
option value AF41
config alias voice
option value CS6
and in /etc/qosify/*.conf you could then use bulk
, video
or voice
instead of CS1
etc.
The main reason for this is the fact that the wireless qos_map_set will only put LE traffic into the bulk WMM class, and it would be a bit annoying if you have to change the wireless settings just for accomodating specific ISP DSCP preferences.
- Not supported currently. Is it important?
- qosify is added as a classify rule under the cake qdisc on ifb. This means it gets to re-mark packets before cake takes a look at the dscp values.
- rules currently can't employ internal IP addresses. This is something that I may look into in the future.
Not really important but nice to have. Ports, especially above 1024 are really not guaranteed to be application specific, so nothing guarantees that portS NNNNN-MMMMM packets arriving at ingress are truely those gamaing packets a user wanted to prioretize for her gaming machine, and not, to make up a bad example, from a swarm of torrent peers.
But that sort of requires either 3) above or some way to collect all gaming sender IPs via ipset analogon....
excellent work
yes the idea is that for example for a specific ip we can assign a port or a specific port range like this
for example
iptables -t mangle -A POSTROUTING -p udp --dst 192.168.2.135 -j DSCP --sport 2053 --dport 50000: 65535 --set-dscp-class CS5
iptables -t mangle -A POSTROUTING -p udp --src 192.168.2.135 -j DSCP --sport 50000: 65535 --dport 2053 --set-dscp-class CS5
thanks
Hey @nbd
I’ve been trying to get qosify to work for the last 2 days.. without any success. It would be nice if you could provide a more detailed instruction on how to run it.
For example, I don’t actually know if I should run it with sqm enabled or if it replaces sqm and I should disable it and how to actually run it? It never made any difference for me in tagging packets or reducing bandwidth.
For testing I tried to tag 8.8.8.8 with CS7 and pinged it but no packets are tagged.
Here is my config:
# DNS
tcp:53 CS5
tcp:5353 CS5
udp:53 CS5
udp:5353 CS5
# NTP
udp:123 CS6
# SSH
tcp:22 +CS4
# HTTP/QUIC
tcp:80 +CS3
tcp:443 +CS3
udp:80 +CS3
udp:443 +CS3
#Gaming
udp:3074 +CS5
#Pingtest
8.8.8.8 +CS7
config defaults
list defaults /etc/qosify/*.conf
option dscp_prio CS5
option dscp_icmp CS6
option dscp_bulk CS0
option dscp_default_udp CS4
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option prio_max_avg_pkt_len 500
option interfaces eth1
config interface wan
option name wan
option disabled 0
option bandwidth_up 24mbit
option bandwidth_down 80mbit
# defaults:
option ingress 1
option egress 1
option mode diffserv4
option nat 1
option host_isolate 1
option autorate_ingress 1
option ingress_options ""
option egress_options ""
option options "22"
config device wandev
option disabled 1
option name wan
option bandwidth 80mbit
+CS7 means to only mark it if it is marked with zero, but the default icmp is set to CS6. Take the + away and make it just CS7 and see if it works.
Also, your “22” in options is missing the overhead word in the quotes. option options "overhead 22"