Qosify: new package for DSCP marking + cake

what is your software @hudra you use for verify that thanks

# DNS
tcp:53		CS5
tcp:5353	CS5
udp:53		CS5
udp:5353	CS5

# NTP
udp:123		CS6

# SSH
tcp:22		+CS4

# HTTP/QUIC
tcp:80		+CS3
tcp:443		+CS3
udp:80		+CS3
udp:443		+CS3

#Gaming
udp:3074	+CS5 # call of duty

udp:3659   +CS5 # battlefield 

config defaults
	list defaults /etc/qosify/*.conf
	option dscp_prio CS5
	option dscp_icmp CS6
	option dscp_bulk CS0
	option dscp_default_udp	CS4
	option bulk_trigger_timeout 5
	option bulk_trigger_pps	100
	option prio_max_avg_pkt_len 500
	option interfaces wan

config interface wan
	option name wan
	option disabled 0
	option bandwidth_up 16mbit
	option bandwidth_down 56mbit
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4
	option nat 1
	option host_isolate 1
	option autorate_ingress 1
	option ingress_options ""
	option egress_options ""
	option options "overhead 44"

config device wandev
	option disabled 1
	option name wan
	option bandwidth 56mbit

and in this picture is cod priorisiation possibility to add in qosify ? like that generaly 3074 to 30000-45000 and inverse which source or destination ...

I‘m using ntopng dpi (free version) as a docker container.

@anon78773196 regarding the source/destination port: you should just add the 2035 port. Port matching works like this: For egress traffic, the port is compared against the destination port, for ingress traffic against the source port.

ok thanks if i understand he calcul automaticly if source or destination ?

so

i can add for # call of duty

udp:3074  +CS5

udp:30000:45000 +CS5

and battlefield 

udp:3659  +CS5

udp:10000:30000 +CS5

So it’s always the “remote” port and not the “local” port?

Correct. The local port is usually dynamic due to NAT anyway.

Does it do the right thing for IPv6?

ok i has modified like that

and he work

#COD

udp:3074        +CS5

udp:30000:45000 +CS5

but only ip destination

if i want add ip source i don't know how make maybe in your explication of @dave14305 remote port and port local ?

but with battlefield he work like this

udp:3659        +CS5

udp:10000:30000 +CS5

option dscp_default_udp CS4

Also a port range should use - instead of :

ok thanks i will try

so the line

option dscp_default_udp CS4

i let like this or i delete ?

Any udp not identified by another rule will be marked as CS4. See what happens after you fix the range syntax from udp:10000:30000 +CS5 to udp:10000-30000 CS5 (try with and without the + sign before CS5).

ok so i has changed like this

#COD

udp:3074        CS5

udp:30000-45000 CS5
udp:50000-65000	CS5

#battlefield 

udp:3659        CS5

udp:10000-30000 CS5

and udp game sort like this

ip 2.160 is my console game

Not sure why CS0 is being used, unless the pps is high enough to trigger the bulk rule.

maybe try commenting out this:

#option bulk_trigger_pps	100

no it's a same things

usually i use this like command with iptables

iptables -t mangle -A POSTROUTING -p udp --dst 192.168.2.135 -j DSCP --sport 30000:45000 --dport 3074 --set-dscp-class CS5  
 
iptables -t mangle -A POSTROUTING -p udp --src 192.168.2.135 -j DSCP --sport 3074 --dport 30000:45000 --set-dscp-class CS5

just 2.135 is my console too before

What tool provides this output with DSCP values? What are the column headings? I’m not familiar with it.

i'm use wireshark

the title of colon is dscp value

for add this information i download the packages "tee"

and i write on firewall.user for example

iptables -A POSTROUTING -t mangle -o br-lan ! -s 192.168.2.160 -j TEE --gateway 192myip of PC wired
iptables -A PREROUTING -t mangle -i br-lan ! -d 192.168.2.160 -j TEE --gateway 192.168.my ip of pc wired 

I’m not 100% certain since I don’t use TEE or Wireshark much, but if you’re taking the traffic input on br-lan before it is sent through the wan tc filter with bpf (qosify) you won’t see the modified dscp yet.

The PREROUTING rule captures the original traffic before qosify can modify it. So I think this is just a flaw in the wireshark capture setup.

Others with more experience may correct me if I’m wrong.

I modified the rules like this and it works as before

#COD
udp --dst:192.168.2.160 --sport 30000-45000 --dport 3074 CS5

udp --src:192.168.2.160 --sport 3074 --dport 30000-45000 CS5

##battlefield 

udp --dst 192.168.2.160 --sport 10000-30000 --dport 3659 CS5 
 
udp --src 192.168.2.160 --sport 3659 --dport 10000-30000 CS5

What rules? They’re not quite iptables rules and they’re definitely not qosify rules. If those are in your /etc/qosify/*.conf files then they are being ignored due to invalid formats.

I was reading more of the qosify code and it looks to me like the priority of rules is:

1. IP rules (whether IP or DNS names) without + sign.
2. udp, tcp, or dscp_icmp port rules without + sign.
3. Default tcp or udp DSCP values (dscp_default_udp or dscp_default_tcp)
4. Non-bulk packets smaller than prio_max_avg_pkt_len get the dscp_prio value.
5. Bulk flows with packets per second greater than bulk_trigger_pps get the dscp_bulk value until they fall below that rate for bulk_trigger_timeout seconds(?).
6. Original DSCP from sending application or iptables rules, if set and no defaults set in #3.
7. IP rules (whether IP or DNS names) with + sign (e.g. +CS6).
8. udp, tcp, or dscp_icmp port rules with + sign (e.g. +CS6).

I’m posting this more as a statement of my level of understanding on how the config is interpreted, but glad to be corrected by @nbd and make edits.

Small corrections: The dscp_prio and dscp_bulk marking only happens in cases where there are no ip/port rules. Original DSCP is preserved whenever the final DSCP mark is one with a +