Qosify: new package for DSCP marking + cake

No. I am afraid not. There is no Luci GUI interface for the app just yet.

Config guide ?

README

you can check this out

Not from reading the text file or the git repository.

Not able to limit speed. I had to limit down to 4100kbps on SQM because my router crashes if above it.
Router - TL-WR850N v2 22.03.2

Packages

Removed - opkg, ca-bundle, uclient-fetch
Added - luci luci-app-wireguard luci-app-pbr stubby qosify
firmware compiled using firmware selector

My qosify config -

config defaults
	list defaults /etc/qosify/*.conf
	option dscp_prio video
	option dscp_icmp +besteffort
	option dscp_default_udp besteffort
	option prio_max_avg_pkt_len 500

config class besteffort
	option ingress CS0
	option egress CS0

config class bulk
	option ingress LE
	option egress LE

config class video
	option ingress AF41
	option egress AF41

config class voice
	option ingress CS6
	option egress CS6
	option bulk_trigger_pps 100
	option bulk_trigger_timeout 5
	option dscp_bulk CS0

config interface wan
	option name wan
	option disabled 0
	option bandwidth_up 15mbit
	option bandwidth_down 10mbit
	option overhead_type docsis
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4
	option nat 1
	option host_isolate 1
	option autorate_ingress 0
	option ingress_options ""
	option egress_options ""
	option options ""

config interface guest
	option name wan
	option disabled 0
	option bandwidth_up 2mbit
	option bandwidth_down 1mbit
	option overhead_type none
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4
	option nat 1
	option host_isolate 1
	option autorate_ingress 0
	option ingress_options ""
	option egress_options ""
	option options ""

config device wandev
	option disabled 1
	option name wan
	option bandwidth 100mbit

How are class and priority configured ?
What does each class do? And how does it define priority? What is the order? voice>video>bulk>besteffort
What does these options do ? -

  1. option ingress CS6
  2. option egress CS6
  3. option bulk_trigger_pps 100
  4. option bulk_trigger_timeout 5
  5. option dscp_bulk CS0

video class should be AF3

config class video
	option ingress AF41
	option egress AF41
  1. how does dns: work ?
  2. How to verify if it works ?
  3. What is the syntax ?
    What is nflxvideo when netflix uses *.oca.nflxvideo.net address ?
    dns:*nflxvideo* video
  1. tc -s qdisc #(look at the per tin statistics for number of packets and bytes)
  2. Create the traffic you expect to be marked/sorted into a specific cake bin. Preferably only that traffic (or only that traffic in significant portions)
  3. tc -s qdisc #(look at the per tin statistics for number of packets and bytes again)

You want to see that the counter for your targeted cake tin increased between 1) and 3) roughly in the order of traffic you generated in 2).
In addition you can look at packet-captures and see whether you find the expected DSCPs on each packet; this should be easy for ingress traffic, but for egress you will need to capture from the wan interface and will not be able to see the internal IP addresses (at least for NATed IPv4).

DNS is an acronym for Domain Name System. It is like an address book for the internet. Each time, for example, you type google.com into your web browser , your DNS resolver looks up the ip address of your typed url (172.217.169.14) and your web browser takes you to that address. Since google.com is easier to remember than 172.217.169.14, it is an easier way to organise the internet. If you want to go deeper into that rabbit hole, read up about IPv6 addresses.

Qosify will classify any address that includes the term nflxvideo into the desired priority tin. The asterik is known as a wildcard so number of words and or digits in your example can precede or proceed that word. This is useful because providers, such as Netflix, might use the term "nflxvideo", but the rest of the address might be different for example: example.nlfxvideo.net; goodexample.nlfxvideo.com. Both of these addresses, in the example, might be used by Netflix, but because you have used the wildcards (asterik) both addresses will be put in your preferred priority tin.

It might be helpful for you too lookup some of the information that you have asked. Some of it pertains to some basic knowledge of how the internet works and you will probably find an answer quicker.

1 Like
  1. I know what DNS is. but why read bout IPv6?
    I meant doe dns: use rDNS IP to get domain from the IP(which is imperfect) or builds a database of IPs of the given domain ?

  2. How to specify that the give is a domain or domain+tld not subdomain What if a website is nflxvideo.amazon.com ?

tc -s qdis
Where to look exactly ?

How to capture packets ?
Can I do it on router or is there a way to forward a copy of it PC or redirect all traffic in/out on WAN interface to PC that then goes back to router (routerWAN>PC>Router) ?

IPv4 uses ‘A’ records to store IP addresses where IPv6 uses ‘AAAA’ records to store IPv6 addresses. ‘AAAA’ records, or quad-A records as they’re sometimes called, are functionally equivalent to ‘A’ records and are written in the same basic way. Reverse DNS records for IPv6 use PTR records just like in IPv4, but the trailing domain ‘in-addr.arpa’ for IPv4 has been changed to ‘ip6.arpa’ for IPv6. For PTR records the IPv6 address is still written in reverse nibble format just like in IPv4, only this time it’s much longer.

Something is lost in translation here. Hope someone here can help.

As far as I know this snoops your router's DNS requests to build its set of IP addresses for each wildcard. And yes that is imperfect as in a word with CDNs multiple wildly different service might be served from the same IP address, but mostly it works well enough as far as I can tell.

It is tc -s qdisc, the last c is kind of important. To run this commend you need to log into your router via SSH (see here).

tcpdump, but keep in mind that packet captures can get fairly large quickly, so storing these on a router typically is a bad idea unless you added some storage (flash disk or harddisk) and write the capture only to that (opkg update; opkg install tcpdump, see here).

Well if you log into to your router vis ssh and issue tc -s qdisc on the command prompt what output do you get? "not working" is a bit too generic to allow any kind of diagnosis.

Earlier I was getting a table with 4 columns and some line since I have change the config. Now I get this which completely different -

qdisc noqueue 0: dev lo root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 115681090 bytes 172858 pkt (dropped 11, overlimits 0 requeues 379)
 backlog 0b 0p requeues 379
  maxpacket 1434 drop_overlimit 0 new_flow_count 1090 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev ifb-dns root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc noqueue 0: dev br-lan root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev eth0.1 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev eth0.2 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev WireGuard root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev wlan0 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0```

Yes, this shows that you do not have any active cake instance, but the tc command itself was working just fine. Now, the next question is why was there no cake instance?

Qosify is not working when using my config classes

Removed #ADDED BY ME (see below) configs classes and just kept the default configs
Ping @nbd - Can't use my config classes

@moeller0 - Working now

Config Classes
config defaults
	list defaults /etc/qosify/*.conf
	option dscp_prio video
	option dscp_icmp +besteffort
	option dscp_default_udp besteffort
	option prio_max_avg_pkt_len 500

#CLASSES
#Pre-Configured
#config class besteffort
#	option ingress CS0
#	option egress CS0
#config class bulk
#	option ingress LE
#	option egress LE
#config class video
#	option ingress AF41
#	option egress AF41
#config class voice
#	option ingress CS6
#	option egress CS6
#	option bulk_trigger_pps 100
#	option bulk_trigger_timeout 5
#	option dscp_bulk CS0

#ADDED BY ME
config class networkcontrol
	option ingress CS6
	option egress CS6
	option bulk_trigger_pps 100
	option bulk_trigger_timeout 5
	option dscp_bulk CS0
config class telephony
	option ingress EF
	option egress EF
config class browsing
	option ingress CS4
	option egress CS4
config class videocall
	option ingress AF41
	option egress AF41
config class video
	option ingress AF32
	option egress AF32
config class scavenger
	option ingress CS1
	option egress CS1
config class loweffort
	option ingress LE
	option egress LE
config class besteffort
	option ingress BE
	option egress BE

#Interfaces
config interface wan
	option name wan
	option disabled 0
	option bandwidth_up 15mbit
	option bandwidth_down 90mbit
	option overhead_type "docsis"
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4
	option nat 1
	option host_isolate 1
	option autorate_ingress 0
	option ingress_options ""
	option egress_options ""
	option options ""

config interface guest
	option name guest
	option disabled 0
	option bandwidth_up 4mbit
	option bandwidth_down 4mbit
	option overhead_type none
	# defaults:
	option ingress 1
	option egress 1
	option mode diffserv4
	option nat 1
	option host_isolate 1
	option autorate_ingress 0
	option ingress_options ""
	option egress_options ""
	option options ""

#config device wandev
#	option disabled 1
#	option name wan
#	option bandwidth 100mbit
Config QoS Ports
# DNS
tcp:53		networkcontrol
udp:53		networkcontrol
tcp:853		networkcontrol
udp:853		networkcontrol
# NTP
udp:123		networkcontrol

#VoWiFi
udp:500		telephony
udp:4500 	telephony
tcp:143 	telephony

# SSH
tcp:22		+videocall
#tcp:22		+video

# HTTPS/QUIC
tcp:443		+browsing
#tcp:443	+besteffort

#Websites
dns:*spotify*	+browsing
##Communication
dns:*3gppnetwork.org*	telephony
dns:*matrix.org*	messaging
#VideoSocialMedia
dns:*googlevideo*	video
dns:*nflxvideo*		video
dns:*facebook*		video
dns:*instagram*		video
dns:*whatsapp* 		video

#Downloading
dns:*play.google.com*	loweffort
## Microsoft
dns:*update.microsoft* 	besteffort
dns:*windowsupdate* 	besteffort
dns:*windows* 		besteffort
dns:*microsoft* 	besteffort

root@OpenWrt:~# tc -s qdisc
qdisc noqueue 0: dev lo root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 276039195 bytes 1655709 pkt (dropped 0, overlimits 0 requeues 1389)
 backlog 0b 0p requeues 1389
  maxpacket 1494 drop_overlimit 0 new_flow_count 1519 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc noqueue 0: dev br-lan root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev eth0.1 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc cake 8001: dev eth0.2 root refcnt 2 bandwidth 15Mbit diffserv4 dual-srchost nat nowash no-ack-filter split-gso rtt 100ms noatm overhead 18 mpu 64
 Sent 2554 bytes 18 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 4288b of 4Mb
 capacity estimate: 15Mbit
 min/max network layer size:           40 /     204
 min/max overhead-adjusted size:       64 /     222
 average network hdr offset:            1

                   Bulk  Best Effort        Video        Voice
  thresh      937496bit       15Mbit     7500Kbit     3750Kbit
  target         19.4ms          5ms          5ms          5ms
  interval        114ms        100ms        100ms        100ms
  pk_delay          0us         32us          0us          0us
  av_delay          0us          2us          0us          0us
  sp_delay          0us          2us          0us          0us
  backlog            0b           0b           0b           0b
  pkts                0           18            0            0
  bytes               0         2554            0            0
  way_inds            0            0            0            0
  way_miss            0            5            0            0
  way_cols            0            0            0            0
  drops               0            0            0            0
  marks               0            0            0            0
  ack_drop            0            0            0            0
  sp_flows            0            0            0            0
  bk_flows            0            1            0            0
  un_flows            0            0            0            0
  max_len             0          218            0            0
  quantum           300          457          300          300

qdisc clsact ffff: dev eth0.2 parent ffff:fff1
 Sent 4583 bytes 35 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev wlan0 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc noqueue 0: dev WireGuard root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 0: dev ifb-dns root refcnt 2 limit 10240p flows 1024 quantum 1514 target 5ms interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
  new_flows_len 0 old_flows_len 0
qdisc cake 8002: dev ifb-eth0.2 root refcnt 2 bandwidth 90Mbit diffserv4 dual-dsthost nat nowash ingress no-ack-filter split-gso rtt 100ms noatm overhead 18 mpu 64
 Sent 1616 bytes 12 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
 memory used: 2080b of 4500000b
 capacity estimate: 90Mbit
 min/max network layer size:           52 /     156
 min/max overhead-adjusted size:       70 /     174
 average network hdr offset:            1

                   Bulk  Best Effort        Video        Voice
  thresh       5625Kbit       90Mbit       45Mbit    22500Kbit
  target            5ms          5ms          5ms          5ms
  interval        100ms        100ms        100ms        100ms
  pk_delay          0us         33us          0us          0us
  av_delay          0us          1us          0us          0us
  sp_delay          0us          1us          0us          0us
  backlog            0b           0b           0b           0b
  pkts                0           12            0            0
  bytes               0         1616            0            0
  way_inds            0            0            0            0
  way_miss            0            2            0            0
  way_cols            0            0            0            0
  drops               0            0            0            0
  marks               0            0            0            0
  ack_drop            0            0            0            0
  sp_flows            0            1            0            0
  bk_flows            0            0            0            0
  un_flows            0            0            0            0
  max_len             0          170            0            0
  quantum           300         1514         1373          686

qdisc clsact ffff: dev ifb-eth0.2 parent ffff:fff1
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0
1 Like

I have never used qosify myself, so have no idea whether multiple interface sections are supported at all. (if in doubt you can use sqm-scripts/luci-app-sqm to configure your guest interface with a cake shaper).

I would guess that this is not optional assuming that qosify wants to find a "device" for the wan "interface" section, but again, never used qosify* so I might be completely wrong here.

*) Turns out my own needs for prioritization are minimal to not existing, so I never bothered testing this, as my router is still on OpenWrt 21-based TurrisOS; I really do not want to trade in the automatic updates from a source I happen to trust just to be able to "play" with qosify.