Yes and no, for qosify you might be right, but for iptables we should be able to do the DSCP marking inside the LAN part of the network.
So even i write etc
192.168.1.200 CS4
Will not work at all..right?
What about this config?The "logic" is that everything that is above 100 packets per second to fall in "bulk" class because it is not probably real time traffic but something like update download..video download etc.
config defaults
list defaults /etc/qosify/*.conf
option dscp_prio video
option dscp_icmp +besteffort
option dscp_default_udp besteffort
option prio_max_avg_pkt_len 500
option dscp_bulk bulk
config class besteffort
option ingress CS0
option egress CS0
option bulk_trigger_pps 100
option bulk_trigger_timeout 5
option dscp_bulk bulk
config class bulk
option ingress CS1
option egress CS1
config class video
option ingress AF41
option egress AF41
option bulk_trigger_pps 100
option bulk_trigger_timeout 5
option dscp_bulk bulk
config class voice
option ingress CS6
option egress CS6
option bulk_trigger_pps 100
option bulk_trigger_timeout 5
option dscp_bulk bulk
config class gaming
option ingress CS4 ## i has make a class for gaming with CS4
option egress CS4 ## for egress
config interface wan
option name wan
option disabled 0
option bandwidth_up 4844kbit
option bandwidth_down 38693kbit
option overhead_type none
# defaults:
option ingress 1
option egress 1
option mode diffserv4
option nat 1
option host_isolate 1
option autorate_ingress 1
option ingress_options "nowash"
option egress_options ""
option options "overhead 38 ptm rtt 30ms" ##just one ligne
config device wandev
option disabled 1
option name wan
option bandwidth 100mbit
It is right or wrong?
No, it doesn't work for now.
It's fine yes, but the bulk options in "defaults" tier doesn't do anything if you set everything to go to other class. You can remove them.
That's my config by the way, i see that no one uses diffserv8.
config defaults
list defaults /etc/qosify/*.conf
option dscp_icmp +tin2
option dscp_default_tcp tin2
option dscp_default_udp tin2
config class tin0
option ingress LE
option egress LE
config class tin1
option ingress AF11
option egress AF11
config class tin2
option ingress CS0
option egress CS0
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option dscp_bulk tin0
option prio_max_avg_pkt_len 500
option dscp_prio tin3
config class tin3
option ingress CS3
option egress CS3
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option dscp_bulk tin1
option prio_max_avg_pkt_len 500
option dscp_prio tin4
config class tin4
option ingress AF21
option egress AF21
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option dscp_bulk tin2
option prio_max_avg_pkt_len 500
option dscp_prio tin5
config class tin5
option ingress CS2
option egress CS2
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option dscp_bulk tin3
option prio_max_avg_pkt_len 500
option dscp_prio tin6
config class tin6
option ingress EF
option egress EF
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option dscp_bulk tin4
config class tin7
option ingress CS6
option egress CS6
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option dscp_bulk tin5
config device wandev
option disabled 0
option name eth0.1074
option bandwidth_up 600mbit
option bandwidth_down 600mbit
# defaults:
option mode diffserv8
option ingress 1
option egress 1
option nat 1
option host_isolate 1
option autorate_ingress 0
option ingress_options ""
option egress_options "ack-filter"
option options "overhead 42 mpu 64"
I think diffserv8 is broken.It works?
What is for?
And this etc ...
config class tin5
option ingress CS2
option egress CS2
option bulk_trigger_timeout 5
option bulk_trigger_pps 100
option dscp_bulk tin3
option prio_max_avg_pkt_len 500
option dscp_prio tin6
You trigger above 100 packets to fall in bulk tin (tin3) and then you set dscp_prio tin6....it confuses me!!
Tin 0 Tin 1 Tin 2 Tin 3 Tin 4 Tin 5 Tin 6 Tin 7
thresh 600Mbit 525Mbit 459375Kbit 401953Kbit 351708Kbit 307745Kbit 269277Kbit 235617Kbit
target 5ms 5ms 5ms 5ms 5ms 5ms 5ms 5ms
interval 100ms 100ms 100ms 100ms 100ms 100ms 100ms 100ms
pk_delay 61us 4us 40us 40us 14us 66us 245us 10us
av_delay 6us 2us 13us 14us 5us 11us 9us 5us
sp_delay 1us 1us 3us 2us 2us 3us 1us 3us
backlog 0b 0b 0b 0b 0b 0b 0b 0b
pkts 44594374 560256527 3391230 12887820 553229 1117 90536 114877
bytes 42413846375 78628982096 4609674894 4309308394 108023948 461786 12711523 34929670
way_inds 667359 674967 114662 1299514 21413 0 0 0
way_miss 829 6399 6445 1639284 34935 181 827 625
way_cols 0 0 0 2 0 0 0 0
drops 1169 170 18 4 0 0 0 0
marks 0 0 0 0 0 0 0 0
ack_drop 0 0 0 0 0 0 0 0
sp_flows 1 0 1 18 1 3 2 2
bk_flows 0 1 0 0 0 0 0 0
un_flows 0 0 0 0 0 0 0 0
max_len 67616 67778 67792 66788 19778 3438 4870 3020
quantum 1514 1514 1514 1514 1514 1514 1514 1514
My wan interface
So without setting this we have only for upload?Not both directions?
No, i don't remember why i used device option instead of interface, i think it didn't work with interface option, so i swapped to the other one.
And this i am confused!
You defaults config?To see the logic and maybe understand why this.
If you set a class in default then dscp_prio and bulk doesn't get triggered from default as you are referring to other class. Instead they have to be set in the class you refer to.
hi i has thinked like this
i do'nt know if i just
config defaults
list defaults /etc/qosify/*.conf
option dscp_icmp +besteffort
option dscp_default_udp besteffort
config class besteffort
option ingress CS0
option egress CS0
config class bulk
option ingress LE
option egress LE
option dscp_bulk LE
option bulk_trigger_pps 100
option bulk_trigger_timeout 5
config class video
option ingress AF41
option egress AF41
config class voice
option ingress CS6
option egress CS6
option bulk_trigger_pps 100
option bulk_trigger_timeout 5
option dscp_bulk CS0
config class gaming
option ingress CS4 ## i has make a class for gaming with CS4
option egress CS4 ## for egress
option dscp_prio CS4
option prio_max_avg_pkt_len 512
Again, you are wrong. Intead of setting a class in defaults as:
option dscp_prio video
Do set a dscp mark like:
option dscp_prio AF41
And both prio and bulk will work. If you set a class then all the settings from that class will be taken. It's and expected behavior as the developer said when I asked that, and it's how it should work.
Will more functions be added soon, like prioritize by ip and ports?
Do you mean IP/port on the WAN side, or the LAN side?
At some point, I will probably write a separate classifier module for LAN classification. It needs to be attached to LAN interfaces
I think both are very useful. For example i would like to priorize some IPs but only on the ports I want.
Same happens to LAN, I would like to depriorize some ports from my download center.
Do you have any specific examples where this is needed on the WAN side? I'm asking because I'm reluctant to add this feature because of extra CPU cycle cost
I don't know how hard would be to implement that feature, it was just a sugestion. I assumed that if you implement it in the LAN side it would be simple to implement it in WAN side. I don't know how much will this increase CPU usage but if it doesn't take too much effort to implement it, I think it doesn't hurt to have the option for those who want to use it.
For example, for DoH i use cloudflare DNS but i use other services from cloudflare, so maybe this services have the same IP as the IP of the DNS. One of this services is something like a vpn tunnel, and i don't want that traffic to be mixed with the DSCP tag of the DNS. So i would like to only priorize port 443 for the cloudflare IP.
Maybe you have a VPS and you want to priorize traffic between you and the VPS, but not all types of traffic.
It's just that i don't really like to priorize ports without specify IPs because there could be unexpected coincidences on some ports.
Given that ports > ~1000 are not reserved, indiscriminately up-prioritizing all UDP-packets with src-port X can have undesired side effects, that should be better contained if that up-prioritizing is restricted to UDP packets from port X sent to internal host a.b.c.d. But that information would need to be available before the ingress cake instance acted based on the DSCPs.... cake itself, as you certainly know, peeks into the conntrack tables to at least get the internal IP addresses for its advanced isolation modes, but that might be harder to access from bpf code?
That only the ports specified in this IP address can be prioritized with the DSCP mark or exclude these ports from being prioritized with a !
, but all other ports in this IP address are prioritized with in the DSCP mark.
# Game consoles and TorrentBox (Example of prioritizing all ports)
lan:192.168.5.20/30 CS4
lan:192.168.5.20/30 CS4
lan:192.168.5.10 LE
lan:192.168.5.10 LE
# Game consoles (Example of only prioritizing these ports)
lan:192.168.5.20/30 tcp:3074-3076 CS4
lan:192.168.5.20/30 udp:3074-3076,500,3544,4500,3659 CS4
# Game consoles (Example of excluding these ports from prioritization)
lan:192.168.5.20/30 tcp:!80,443 CS4
lan:192.168.5.20/30 udp:!80,443 CS4