I have been playing around with this today and wanted to share what I have learned...
But first a BIG thank you to @nbd for creating this tool, @elan for sharing his awesome config, @moeller0 for all his advice and to everyone else for sharing their experience.
This thread is awesome.
A few things I have learned...
How to set this up...
- Install the qosify package
- Edit
/etc/config/qosify- Edit the
config interface wansection- Set the
nameoption to the name of your wan interface. Most like it's already correctly set towan - Set the
disabledoption to0 - Set your bandwidth in the
bandwidth_upandbandwidth_downoptions - Set the
overhead_typeoption- You can use elan's awesome post as a reference
- If you don't know what this option does read the openwrt wiki's section on layer adaption
- You are probably going to want to keep all the other options the same
- Set the
- You can delete the
config device wandevsection - You can adjust the DSCP class aliases if you want
- Edit the
- Edit
/etc/qosify/00-defaults.conf- This is where you actually define the priority of traffic
- For example, if you wanted to prioritize a game, you would add the ports to here
- In the default config you have four tins into which you can put traffic
- To better understand this read the bottom part
traffic classificationof wiki sectionmore hints
- Disable other SQM packages
- For example, the commonly used
luci-app-sqm - Make sure to also disable any other SQM or QoS scripts you have tried.
- Make sure to also clear any firewall DSCP prioritization rules the scripts or your may have added. Otherwise you might see unexpected results.
- For example, the commonly used
- Start/Restart qosify with
service qosify restart && qosify-status - Test if it's working
- Run
qosify-status - Generate some traffic
- Run
qosify-statusagain - Look at the
bytescolumn to see in which tin the traffic ends up - For more in-depth debugging, sniff the traffic as described below
- Run
Hopefully this will help newcomers who were as confused by this as me.
How to verify DSCP markings by sniffing them
There isn't a single interface that has both the download and upload traffic with DSCP marks, but you can work around it by verifying both separately.
Sniffing download / ingress traffic
Simply use wireshark on your local computer's wifi or ethernet interface.
Important: Make sure cake isn't configured to wash ingress traffic, otherwise the DSCP marks will be removed.
Sniffing upload / egress
This is a little more complicated. You could for example run tcpdump on the router directly, but I found the easiest way is to use Wireshark's SSH remote capture: sshdump feature.
Wireshark will connect over SSH to your openwrt router and capture packages from there.
Just set it to use the wan interface on your router.
Important: Again, it's important to make sure you are not washing the egress DSCP markings, otherwise you won't see them.
option ingress_options "wash" # <-- Make sure `wash` this is NOT set
option egress_options "wash" # <-- Make sure `wash` this is NOT set
My experience with the dns: option
How it (probably) works
I found this option a little finicky in my testing. Sometimes it worked and sometimes it didn't.
It probably works by subscribing to DNS requests and then applying the DSCP markings to the resolved IP addresses.
So if your computer already resolved and cached the IP address of a hostname before QoSify was started, then QoSify may not "see" the DNS request and won't know that an IP belongs to it.
So, in my testing, destination ports have been more reliable for me. But perhaps it's not a problem if you run the service for a while and are not looking for results instantly.
Forcing it to recognize a domain
You can force it to work by flushing your computer's DNS cache and then querying the DNS server for the host.
On macOS you can do it with:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
host thedomain.com
Gotcha: The domain in your config has to match the one the application uses
This may seem obvious, but it really tripped me up.
My plex server has two domains. I use my own domain to access other services on the same server, but the plex service was configured to use the domain provided by my hosting provider.
The marking didn't work when I was using my own domain, since plex was resolving the one from my hosting provider.
Another gotcha: CNAME records
Check out [this response by dave14305](Qosify: new package for DSCP marking + cake - #1127 by dave14305).
Regarding your DNS findings, you also need to be aware of the
dns_c:syntax used for CNAMEs. Mostly, QoSify is watching A or AAAA responses for matching, but if the domain is actually a CNAME, you might want to try adding adns_c:entry for the domain.
How to match both the domain and subdomains
QoSify uses fnmatch() for the matching, which allows you to use ? to match ANY ONE character and * to match a sequence of ANY characters.
But if you want to match a domain and all it's subdomains, you need to create two entries like this:
# Boosteroid (Game streaming service like GeForce Now)
dns:cloud.boosteroid.com video_gaming
dns:*.cloud.boosteroid.com video_gaming
Elan's Configs
I am quite impressed by @elan's config.
When it works, it's really amazing... For example...
- Started a steam download, which immediately used entire bandwidth
- Started a 60gb 4k bluray remux stream on plex
- The steam download immediately backed off from around 11mb/s to 2-3mb/s
- Once plex had buffered enough, the steam download increased again to 4-5mb/s
- Then I started boosteroid, a game streaming service similar to GoForce Now and Stadia
- The streaming service worked perfectly and my ping didn't increase
But unfortunately there were some instances where it didn't work and the config actually made things worse.
For example, I did the same experiment, but with GeForce Now. Somehow the port rule didn't work.
But the unmarked_traffic -> bulk did work and so the GeForce stream was put into the same and lowest tin as the steam download... leading to a very bad experience.
I'll play around with it and see how it goes.