Qosify: new package for DSCP marking + cake

Hudra · 2021-11-12T18:18:02.422Z

I’ve been trying to get qosify to work for the last 2 days.. without any success. It would be nice if you could provide a more detailed instruction on how to run it.

For example, I don’t actually know if I should run it with sqm enabled or if it replaces sqm and I should disable it and how to actually run it? It never made any difference for me in tagging packets or reducing bandwidth.

For testing I tried to tag 8.8.8.8 with CS7 and pinged it but no packets are tagged.

Here is my config:

# DNS
tcp:53		CS5
tcp:5353	CS5
udp:53		CS5
udp:5353	CS5

# NTP
udp:123		CS6

# SSH
tcp:22		+CS4

# HTTP/QUIC
tcp:80		+CS3
tcp:443		+CS3
udp:80		+CS3
udp:443		+CS3

#Gaming
udp:3074	+CS5

#Pingtest
8.8.8.8		+CS7

config defaults
	list defaults /etc/qosify/*.conf
	option dscp_prio CS5
	option dscp_icmp CS6
	option dscp_bulk CS0
	option dscp_default_udp	CS4
	option bulk_trigger_timeout 5
	option bulk_trigger_pps	100
	option prio_max_avg_pkt_len 500
	option interfaces eth1

config interface wan
	option name wan
	option disabled 0
	option bandwidth_up 24mbit
	option bandwidth_down 80mbit
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4
	option nat 1
	option host_isolate 1
	option autorate_ingress 1
	option ingress_options ""
	option egress_options ""
	option options "22"

config device wandev
	option disabled 1
	option name wan
	option bandwidth 80mbit

dave14305 · 2021-11-12T18:34:40.011Z

+CS7 means to only mark it if it is marked with zero, but the default icmp is set to CS6. Take the + away and make it just CS7 and see if it works.

Also, your “22” in options is missing the overhead word in the quotes. option options "overhead 22"

Hudra · 2021-11-12T19:12:41.150Z

Damn, thank you! Seems like it's working now

image1208×222 15.9 KB

One thing i also noticed: when changing settings in the config you always have to restart the service for changes to apply.

anon78773196 · 2021-11-12T20:49:10.475Z

dave14305:

+CS7 signifie de ne le marquer que s'il est marqué avec zéro, mais l'icmp par défaut est défini sur CS6. Retirez le + et faites-en juste CS7 et voyez si cela fonctionne.

what is your software @hudra you use for verify that thanks

# DNS
tcp:53		CS5
tcp:5353	CS5
udp:53		CS5
udp:5353	CS5

# NTP
udp:123		CS6

# SSH
tcp:22		+CS4

# HTTP/QUIC
tcp:80		+CS3
tcp:443		+CS3
udp:80		+CS3
udp:443		+CS3

#Gaming
udp:3074	+CS5 # call of duty

udp:3659   +CS5 # battlefield

config defaults
	list defaults /etc/qosify/*.conf
	option dscp_prio CS5
	option dscp_icmp CS6
	option dscp_bulk CS0
	option dscp_default_udp	CS4
	option bulk_trigger_timeout 5
	option bulk_trigger_pps	100
	option prio_max_avg_pkt_len 500
	option interfaces wan

config interface wan
	option name wan
	option disabled 0
	option bandwidth_up 16mbit
	option bandwidth_down 56mbit
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4
	option nat 1
	option host_isolate 1
	option autorate_ingress 1
	option ingress_options ""
	option egress_options ""
	option options "overhead 44"

config device wandev
	option disabled 1
	option name wan
	option bandwidth 56mbit

and in this picture is cod priorisiation possibility to add in qosify ? like that generaly 3074 to 30000-45000 and inverse which source or destination ...
Capture d’écran 2021-11-12 à 21.47.08

Hudra · 2021-11-12T21:38:25.873Z

anon78773196:

what is your software @hudra you use for verify that thanks

I‘m using ntopng dpi (free version) as a docker container.

nbd · 2021-11-12T21:39:41.734Z

@anon78773196 regarding the source/destination port: you should just add the 2035 port. Port matching works like this: For egress traffic, the port is compared against the destination port, for ingress traffic against the source port.

anon78773196 · 2021-11-12T21:57:09.605Z

ok thanks if i understand he calcul automaticly if source or destination ?

so

i can add for # call of duty

udp:3074  +CS5

udp:30000:45000 +CS5

and battlefield 

udp:3659  +CS5

udp:10000:30000 +CS5

dave14305 · 2021-11-12T21:58:33.330Z

So it’s always the “remote” port and not the “local” port?

nbd · 2021-11-12T22:00:36.170Z

Correct. The local port is usually dynamic due to NAT anyway.

dlakelan · 2021-11-12T22:25:36.594Z

Does it do the right thing for IPv6?

anon78773196 · 2021-11-12T23:43:13.668Z

ok i has modified like that

and he work

#COD

udp:3074        +CS5

udp:30000:45000 +CS5

Capture d’écran 2021-11-12 à 23.50.27

but only ip destination

if i want add ip source i don't know how make maybe in your explication of @dave14305 remote port and port local ?

but with battlefield he work like this

udp:3659        +CS5

udp:10000:30000 +CS5

dave14305 · 2021-11-12T23:56:15.466Z

anon78773196:

why CS4 sometimes ?

option dscp_default_udp CS4

Also a port range should use - instead of :

anon78773196 · 2021-11-13T00:01:05.179Z

ok thanks i will try

so the line

option dscp_default_udp CS4

i let like this or i delete ?

dave14305 · 2021-11-13T00:04:21.838Z

Any udp not identified by another rule will be marked as CS4. See what happens after you fix the range syntax from udp:10000:30000 +CS5 to udp:10000-30000 CS5 (try with and without the + sign before CS5).

anon78773196 · 2021-11-13T00:09:45.260Z

ok so i has changed like this


#COD

udp:3074        CS5

udp:30000-45000 CS5
udp:50000-65000	CS5

#battlefield 

udp:3659        CS5

udp:10000-30000 CS5

Capture d’écran 2021-11-13 à 01.09.27

and udp game sort like this

Capture d’écran 2021-11-13 à 01.12.00

ip 2.160 is my console game

dave14305 · 2021-11-13T00:26:04.909Z

anon78773196:

option bulk_trigger_pps 100

Not sure why CS0 is being used, unless the pps is high enough to trigger the bulk rule.

maybe try commenting out this:

#option bulk_trigger_pps	100

anon78773196 · 2021-11-13T00:42:35.577Z

no it's a same things

Capture d’écran 2021-11-13 à 01.42.21

usually i use this like command with iptables

iptables -t mangle -A POSTROUTING -p udp --dst 192.168.2.135 -j DSCP --sport 30000:45000 --dport 3074 --set-dscp-class CS5  
 
iptables -t mangle -A POSTROUTING -p udp --src 192.168.2.135 -j DSCP --sport 3074 --dport 30000:45000 --set-dscp-class CS5

just 2.135 is my console too before

dave14305 · 2021-11-13T00:49:03.365Z

What tool provides this output with DSCP values? What are the column headings? I’m not familiar with it.

anon78773196 · 2021-11-13T00:50:28.088Z

i'm use wireshark

the title of colon is dscp value

Capture d’écran 2021-11-13 à 01.51.43

for add this information i download the packages "tee"

and i write on firewall.user for example

iptables -A POSTROUTING -t mangle -o br-lan ! -s 192.168.2.160 -j TEE --gateway 192myip of PC wired
iptables -A PREROUTING -t mangle -i br-lan ! -d 192.168.2.160 -j TEE --gateway 192.168.my ip of pc wired

dave14305 · 2021-11-13T01:41:10.882Z

I’m not 100% certain since I don’t use TEE or Wireshark much, but if you’re taking the traffic input on br-lan before it is sent through the wan tc filter with bpf (qosify) you won’t see the modified dscp yet.

The PREROUTING rule captures the original traffic before qosify can modify it. So I think this is just a flaw in the wireshark capture setup.

Others with more experience may correct me if I’m wrong.