81 
Fri Aug 23 17:39:02 2024 daemon.err uhttpd[9451]: [info] luci: accepted login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:39:06 2024 daemon.err uhttpd[9451]: [info] luci: failed login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:39:08 2024 daemon.err uhttpd[9451]: [info] luci: failed login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:39:09 2024 daemon.err uhttpd[9451]: [info] luci: failed login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:39:11 2024 daemon.err uhttpd[9451]: [info] luci: failed login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:40:40 2024 daemon.err uhttpd[9451]: [info] luci: accepted login on /admin/network/qosmate/connections for root from 192.168.1.100

i don't recall if i've ever touched rpcd config but here is the config:

root@OpenWrt-23.05.4-sda3:~# cat /etc/config/rpcd
config rpcd
        option socket /var/run/ubus/ubus.sock
        option timeout 30

config login
        option username 'root'
        option password '$p$root'
        list read '*'
        list write '*'
82

Hi Hudra! Like Failsafe, I use DSCP Classify but I like the idea of switching to something destined to be an official package. Not sure that's ever going to happen for DSCP Classify. :frowning:

As far as 'more sophisticated logic for handling established connections' I believe the magic is related to using the conntrack table to restore whatever the upstream QOS value was used when starting a flow. I think this is simple to do if the full dnsmasq package is used? Is this possible QOSMate could support this?

There were a couple other niceties that DSCP Classify had. One, you could negate the port match. On my PC I want my game to get higher QOS but not web surfing, so I could use !80, !443 to do so.

The other is dynamic classification

image
image1291×483 51 KB

This is useful when a prioritized device like an Xbox starts updating games or a PC user starts downloading something that isn't real time traffic.

Thank again for all your hard work.

1 Like
83

Sorry, I think I'm running out of ideas... Can you show me your luci and uhttpd config:

cat /etc/config/luci

cat /etc/config/uhttpd

Is there anything else you can think of that you have configured, which isn't part of the default OpenWRT settings and could potentially be causing these errors?

A few things that come to mind, in case you haven't tried them yet...

  • Reboot the device, if you haven't done that already
  • Reinstall the firmware update (23.05.4)
  • Switch to a snapshot version
  • Check the console output using the browser's developer tools
  • Clear the browser cache
  • Try using a different browser
84

Qosmate already uses ctinfo to restore conntrack information in a way that's quite similar to dscpclassify. For more information, please refer to the README on the GitHub repository. Also, using dnsmasq-full is not required for this.

If you had read the README (or at least tried it), you would have found that Qosmate already supports negating ports. There's even an example in the README showing how to do it.

Alternatively, you can achieve the same effect using the auto-setup feature and then entering your gaming IP.

Qosmate doesn't offer the same dynamic classification as dscpclassify, but there are some options in the advanced settings to more or less automatically downgrade or upgrade traffic that exceeds certain thresholds.

Additionally, when you prioritize your gaming console's UDP traffic to use the highest priority class/tin, any background downloads (which typically use TCP) should automatically fall into the default tin. This should prevent them from interfering with your gaming traffic, regardless of the root qdisc you are using, so actually no need to set up additional rules.

You're welcome!

4 Likes
85

I have a question. If I enter my IP 192.168.0.100, the ports should appear in CS5. But I noticed that they appear in CS0. I'm leaving a screenshot to see if I can explain myself better.
Or if I search in CS5, I get other IPs.

1
1963×607 85.4 KB

2
2997×160 25.5 KB

86

thanks for the effort trying to resolve, i'll try on virtual owrt too, to see if my current bare metal installation and/or hw have a glitch or something else is causing this on - probably only - my end.

1 Like
87

i have a different kind of question.

this is virtualized owrt

please check this connections list

image
image720×871 48.3 KB

and qosmate config

config global 'global'
        option enabled '1'

config settings 'settings'
        option WAN 'eth0'
        option DOWNRATE '900000'
        option UPRATE '900000'
        option ROOT_QDISC 'cake'

config advanced 'advanced'
        option PRESERVE_CONFIG_FILES '1'
        option WASHDSCPUP '1'
        option WASHDSCPDOWN '1'
        option BWMAXRATIO '20'
        option UDP_RATE_LIMIT_ENABLED '0'
        option TCP_UPGRADE_ENABLED '1'

config hfsc 'hfsc'
        option LINKTYPE 'ethernet'
        option OH '44'
        option gameqdisc 'pfifo'
        option nongameqdisc 'fq_codel'
        option nongameqdiscoptions 'besteffort ack-filter'
        option MAXDEL '24'
        option PFIFOMIN '5'
        option PACKETSIZE '450'
        option netemdelayms '30'
        option netemjitterms '7'
        option netemdist 'normal'
        option pktlossp 'none'

config cake 'cake'
        option COMMON_LINK_PRESETS 'ethernet'
        option PRIORITY_QUEUE_INGRESS 'diffserv4'
        option PRIORITY_QUEUE_EGRESS 'diffserv4'
        option HOST_ISOLATION '1'
        option NAT_INGRESS '1'
        option NAT_EGRESS '1'
        option ACK_FILTER_EGRESS 'auto'
        option AUTORATE_INGRESS '0'

config rule
        option name 'SSH_out'
        option proto 'tcp'
        list src_port '22'
        option class 'cs5'
        option counter '1'
        option enabled '1'

config rule
        option name 'SSH_In'
        option proto 'tcp'
        list dest_port '22'
        option class 'cs5'
        option counter '1'
        option enabled '1'

config rule
        option name 'HTTP_2'
        list dest_port '80'
        list dest_port '443'
        option class 'cs2'
        option counter '1'
        option enabled '1'
        list src_ip '10.0.0.0/24'

and my network config

config interface 'lan'
        option proto 'static'
        option ipaddr '10.0.0.1'
        option netmask '255.255.255.0'
        option device 'br-lan'
        option delegate '0'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'

root@OpenWrt-23.05.4-sda2:~# ip -o -4 a show dev eth0
2: eth0    inet 192.168.100.131/24 brd 192.168.100.255 scope global eth0\       valid_lft forever preferred_lft forever

so question 1)
where CS6 is coming from? according to qosmate config WASH is enabled for both ingress and egress.

question 2)
i have a lan client with 10.0.0.165 address, i'd assume the given ruleset HTTP_2 would mark all HTTP traffic from my client with CS2 but strangely i don't see HTTP related traffic in Connection list but as you can see everything is shown as from wan ip. is this as designed?

88

Dear, sorry for disturbing you, maybe a stupid question.
I have two wan.
One is wan and one is tun0

Can I setup this package for two wan?

So, some devices routing via wan and i need to prioritize some of them.

Then also some clients needs to be prioritize via tun0.

Thanks

89

In the previous test version of the new connections tab, I encountered several fundamental issues. One of them: In conntrack (wich is what im using for getting connection information), both directions of a connection are included, and in certain situations, I mistakenly swapped the source and destination IPs and ports. This should work better in the current version.

Additionally, the connection values (Bytes, Packets, AVG PPS, etc.) previously only considered incoming traffic values. To better differentiate and represent these values, they are now displayed separately for both incoming and outgoing traffic.

Interpretation of Connection Directions:

The direction of connections is now interpreted consistently, regardless of whether they are LAN-to-WAN, WAN-to-LAN, or local connections:

  • The first direction recorded in conntrack is always considered the "original" direction.
  • "Source" in the UI always corresponds to the first source IP/Port in the conntrack entry.
  • "Destination" in the UI always corresponds to the first destination IP/Port in the conntrack entry.
  • "Out" (Outgoing) refers to data flowing from the source to the destination.
  • "In" (Incoming) refers to data flowing from the destination to the source.

After the installation please clear your browser cache and restart the browser...

Please install the new version of the connections tab and try again. Also for testing DSCP markings please disable Wash DSCP Egress and Wash DSCP Ingress.
@NeMe_FuUuRyyyyY Be aware, your last screenshot may show your public IP address.

@grrr2

Updating to the newest connections.js should hopefully resolve this issue

Do you have a network switch? These often assign some CS6 or CS7 DSCPs out of the box. It’s possible that one of these might have sneaked into the conntrack.

If you're using CAKE, it simply uses the CAKE wash function without additional firewall washing rules. It’s possible that some LAN device might be assigning DSCPs, or maybe even your hypervisor. Could you perhaps use tcpdump to check where the packets marked with CS6 are coming from?

Originally, qosmate also used additional firewall washing rules with CAKE to remove DSCP markings before and after the nftables rules. However, I have discarded this functionality (at least when using CAKE) to allow DSCPs to be assigned directly on LAN devices and have those markings written into conntrack. I wanted to avoid offering a general wash function alongside a specific one just for CAKE, as this might have been confusing for many users.

However, if it becomes necessary, I can reconsider and come up with a solution.

@pesa1234

Technically, you probably still only have a single physical WAN port. You should apply qosmate to this port. This should cover overall traffic shaping, including VPN traffic. Maybe I'm wrong here but packets sent through your VPN tunnel may not be as easy to mark with DSCPs, as the tunnel appears as a single connection and is encrypted. This means that CAKE or HFSC cannot automatically look inside to read the DSCP values.

@Lynx has a lot of knowledge on this topic and has already created several discussions about it. If you want to learn more, just use the search function or check out this link:

5 Likes
90

Good day pesa. Can you please add these dependencies for QosMate on the builds you are releasing on your Github? I don't have a good PC to build firmwares lol. Thanks man!

kmod-sched
ip-full
kmod-veth
tc-full
kmod-netem
kmod-sched-ctinfo
kmod-ifb
kmod-sched-cake
conntrack
1 Like
91

In case you are interested in trying the connections tab you should also include.

luci-lib-jsonc 
lua

Note that conntrack isn't actually required.

1 Like
92

I'd like to introduce a new feature in QoSmate: the "Custom Rules" tab. This feature aims to provide more flexibility for users who need advanced traffic control options.

The Custom Rules tab includes:

  1. Direct nftables rule input: Users can enter custom nftables rules through the QoSmate interface.
  2. Basic validation: The tab checks custom rules for syntax errors, showing results in the UI.
  3. Example rules: To help users understand the feature's potential use.

Reminder:
If you have validated any rules, you still need to save and apply them for the changes to take effect.

Technical details:

  • QoSmate uses a separate nftables table (qosmate_custom) for these custom rules.
  • A wrapper allows writing chain and rule definitions without repeatedly specifying the table.
  • This feature is similar to the custom firewall rules in older OpenWrt versions.

The tab is designed for users familiar with nftables syntax. While it offers more control, it also requires careful use to avoid unintended effects. I strongly advise against copying or using rules without a clear understanding of their function and potential impact on your network.

However, for those interested, this feature theoretically allows for easy integration of rules from other sources, such as Elan's script. But as always, proceed with caution and ensure you understand the rules you're implementing.

Here is a screenshot of the ui:

image
image1099×1166 42.9 KB

Connections

Since I haven't received much feedback from the testers who tried out the new connections tab, I'm assuming that the feature is at least being used and is fundamentally working. Therefore, I will include it in the official release so that it will be available through the regular update.

How to update:

Since my update function is quite simple, and to ensure that all new Luci tabs are downloaded, at least one-time, when transitioning from old versions to this version, both a regular update and an additional forced update are necessary. Simply enter this command in the cmd and answer both questions in the interactive part with "y".

service qosmate update && sleep 5 && QOSMATE_FORCE=1 /etc/init.d/qosmate update

I'm keen to hear your feedback and learn how you'll use this new functionality.

Note: In the current custom rules implementation DSCP's are not yet written automatically into the conntrack like when entering "normal" rules. This could probably be easily achieved by using the following command at the end of the chain:

ct mark set ip dscp or 128 counter
ct mark set ip6 dscp or 128 counter

If desired, I could implement a feature to ensure that DSCP is written into the conntrack by default or at least offer an option to do so.

9 Likes
93

This is Fantastic, Keep up the Great Work :+1:

2 Likes
94

A big thank you to you, Hudra. I'm now using your script along with my Geofilter DOPAM script. The game is going very well, and I'm thrilled. Congratulations!

cod suisse
cod suisse1120×273 14.8 KB

(upload://7GoZJBCjzESBY6VNyjYy1IYSYkV.png)

dscp FORUM OPENWRT
dscp FORUM OPENWRT952×350 18.2 KB

geofilter netduma 4
geofilter netduma 3

I tested a few BO6 games, and the game seems very responsive.

1 Like
95

@Hudra - Update process works really well, also loving the Custom Rules having a play with that now :slight_smile:

2 Likes
96

Did you mean 127 here? To get a bitmask of 1111111?

97

or 128 sets the conditional bit that ctinfo will inspect to know if DSCP is stored in conntrack.

2 Likes
98

Nice Gameplay. Do you know if BO6 multiplayer servers are hosted by players or are we talking about proper dedicated servers?

99

Thank you, no dedicated server for COD. Unfortunately, Qosmate worked but not for long in my case. The Cake QoS script from Élan makes the connection much more stable, especially in the long term.

100

As far as I know, Call of Duty has exclusively used dedicated servers in recent years and hasn't relied on listen servers or pure P2P connections for a long time. Therefore, it's likely the same for the Black Ops 6 beta. Also I have not noticed any host migrations in the beta which would indicate we are on p2p.

However, the BO6 servers are unfortunately not in great condition at the moment. I've noticed this myself, and there's a lot of talk about it online as well. But it's important to remember that this is a beta version. The developers are testing various things, and it's expected that connections might not work perfectly yet.

Elan's script just uses Cake (which can also be used with QosMate) along with some custom heuristic nftables rules, which you could theoretically use with QosMate as well (new custom rules tab). So there shouldn't be any difference. There are no secret magic rules or procedures in Elan's script...

4 Likes