Fri Aug 23 17:39:02 2024 daemon.err uhttpd[9451]: [info] luci: accepted login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:39:06 2024 daemon.err uhttpd[9451]: [info] luci: failed login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:39:08 2024 daemon.err uhttpd[9451]: [info] luci: failed login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:39:09 2024 daemon.err uhttpd[9451]: [info] luci: failed login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:39:11 2024 daemon.err uhttpd[9451]: [info] luci: failed login on /admin/network/qosmate/connections for root from 192.168.1.100
Fri Aug 23 17:40:40 2024 daemon.err uhttpd[9451]: [info] luci: accepted login on /admin/network/qosmate/connections for root from 192.168.1.100
i don't recall if i've ever touched rpcd config but here is the config:
Hi Hudra! Like Failsafe, I use DSCP Classify but I like the idea of switching to something destined to be an official package. Not sure that's ever going to happen for DSCP Classify.
As far as 'more sophisticated logic for handling established connections' I believe the magic is related to using the conntrack table to restore whatever the upstream QOS value was used when starting a flow. I think this is simple to do if the full dnsmasq package is used? Is this possible QOSMate could support this?
There were a couple other niceties that DSCP Classify had. One, you could negate the port match. On my PC I want my game to get higher QOS but not web surfing, so I could use !80, !443 to do so.
Sorry, I think I'm running out of ideas... Can you show me your luci and uhttpd config:
cat /etc/config/luci
cat /etc/config/uhttpd
Is there anything else you can think of that you have configured, which isn't part of the default OpenWRT settings and could potentially be causing these errors?
A few things that come to mind, in case you haven't tried them yet...
Reboot the device, if you haven't done that already
Reinstall the firmware update (23.05.4)
Switch to a snapshot version
Check the console output using the browser's developer tools
Qosmate already uses ctinfo to restore conntrack information in a way that's quite similar to dscpclassify. For more information, please refer to the README on the GitHub repository. Also, using dnsmasq-full is not required for this.
If you had read the README (or at least tried it), you would have found that Qosmate already supports negating ports. There's even an example in the README showing how to do it.
Alternatively, you can achieve the same effect using the auto-setup feature and then entering your gaming IP.
Qosmate doesn't offer the same dynamic classification as dscpclassify, but there are some options in the advanced settings to more or less automatically downgrade or upgrade traffic that exceeds certain thresholds.
Additionally, when you prioritize your gaming console's UDP traffic to use the highest priority class/tin, any background downloads (which typically use TCP) should automatically fall into the default tin. This should prevent them from interfering with your gaming traffic, regardless of the root qdisc you are using, so actually no need to set up additional rules.
I have a question. If I enter my IP 192.168.0.100, the ports should appear in CS5. But I noticed that they appear in CS0. I'm leaving a screenshot to see if I can explain myself better.
Or if I search in CS5, I get other IPs.
thanks for the effort trying to resolve, i'll try on virtual owrt too, to see if my current bare metal installation and/or hw have a glitch or something else is causing this on - probably only - my end.
root@OpenWrt-23.05.4-sda2:~# ip -o -4 a show dev eth0
2: eth0 inet 192.168.100.131/24 brd 192.168.100.255 scope global eth0\ valid_lft forever preferred_lft forever
so question 1)
where CS6 is coming from? according to qosmate config WASH is enabled for both ingress and egress.
question 2)
i have a lan client with 10.0.0.165 address, i'd assume the given ruleset HTTP_2 would mark all HTTP traffic from my client with CS2 but strangely i don't see HTTP related traffic in Connection list but as you can see everything is shown as from wan ip. is this as designed?
In the previous test version of the new connections tab, I encountered several fundamental issues. One of them: In conntrack (wich is what im using for getting connection information), both directions of a connection are included, and in certain situations, I mistakenly swapped the source and destination IPs and ports. This should work better in the current version.
Additionally, the connection values (Bytes, Packets, AVG PPS, etc.) previously only considered incoming traffic values. To better differentiate and represent these values, they are now displayed separately for both incoming and outgoing traffic.
Interpretation of Connection Directions:
The direction of connections is now interpreted consistently, regardless of whether they are LAN-to-WAN, WAN-to-LAN, or local connections:
The first direction recorded in conntrack is always considered the "original" direction.
"Source" in the UI always corresponds to the first source IP/Port in the conntrack entry.
"Destination" in the UI always corresponds to the first destination IP/Port in the conntrack entry.
"Out" (Outgoing) refers to data flowing from the source to the destination.
"In" (Incoming) refers to data flowing from the destination to the source.
After the installation please clear your browser cache and restart the browser...
Please install the new version of the connections tab and try again. Also for testing DSCP markings please disable Wash DSCP Egress and Wash DSCP Ingress. @NeMe_FuUuRyyyyY Be aware, your last screenshot may show your public IP address.
Updating to the newest connections.js should hopefully resolve this issue
Do you have a network switch? These often assign some CS6 or CS7 DSCPs out of the box. It’s possible that one of these might have sneaked into the conntrack.
If you're using CAKE, it simply uses the CAKE wash function without additional firewall washing rules. It’s possible that some LAN device might be assigning DSCPs, or maybe even your hypervisor. Could you perhaps use tcpdump to check where the packets marked with CS6 are coming from?
Originally, qosmate also used additional firewall washing rules with CAKE to remove DSCP markings before and after the nftables rules. However, I have discarded this functionality (at least when using CAKE) to allow DSCPs to be assigned directly on LAN devices and have those markings written into conntrack. I wanted to avoid offering a general wash function alongside a specific one just for CAKE, as this might have been confusing for many users.
However, if it becomes necessary, I can reconsider and come up with a solution.
Technically, you probably still only have a single physical WAN port. You should apply qosmate to this port. This should cover overall traffic shaping, including VPN traffic. Maybe I'm wrong here but packets sent through your VPN tunnel may not be as easy to mark with DSCPs, as the tunnel appears as a single connection and is encrypted. This means that CAKE or HFSC cannot automatically look inside to read the DSCP values.
@Lynx has a lot of knowledge on this topic and has already created several discussions about it. If you want to learn more, just use the search function or check out this link:
Good day pesa. Can you please add these dependencies for QosMate on the builds you are releasing on your Github? I don't have a good PC to build firmwares lol. Thanks man!
I'd like to introduce a new feature in QoSmate: the "Custom Rules" tab. This feature aims to provide more flexibility for users who need advanced traffic control options.
The Custom Rules tab includes:
Direct nftables rule input: Users can enter custom nftables rules through the QoSmate interface.
Basic validation: The tab checks custom rules for syntax errors, showing results in the UI.
Example rules: To help users understand the feature's potential use.
Reminder: If you have validated any rules, you still need to save and apply them for the changes to take effect.
Technical details:
QoSmate uses a separate nftables table (qosmate_custom) for these custom rules.
A wrapper allows writing chain and rule definitions without repeatedly specifying the table.
This feature is similar to the custom firewall rules in older OpenWrt versions.
The tab is designed for users familiar with nftables syntax. While it offers more control, it also requires careful use to avoid unintended effects. I strongly advise against copying or using rules without a clear understanding of their function and potential impact on your network.
However, for those interested, this feature theoretically allows for easy integration of rules from other sources, such as Elan's script. But as always, proceed with caution and ensure you understand the rules you're implementing.
Since I haven't received much feedback from the testers who tried out the new connections tab, I'm assuming that the feature is at least being used and is fundamentally working. Therefore, I will include it in the official release so that it will be available through the regular update.
How to update:
Since my update function is quite simple, and to ensure that all new Luci tabs are downloaded, at least one-time, when transitioning from old versions to this version, both a regular update and an additional forced update are necessary. Simply enter this command in the cmd and answer both questions in the interactive part with "y".
service qosmate update && sleep 5 && QOSMATE_FORCE=1 /etc/init.d/qosmate update
I'm keen to hear your feedback and learn how you'll use this new functionality.
Note: In the current custom rules implementation DSCP's are not yet written automatically into the conntrack like when entering "normal" rules. This could probably be easily achieved by using the following command at the end of the chain:
ct mark set ip dscp or 128 counter
ct mark set ip6 dscp or 128 counter
If desired, I could implement a feature to ensure that DSCP is written into the conntrack by default or at least offer an option to do so.
A big thank you to you, Hudra. I'm now using your script along with my Geofilter DOPAM script. The game is going very well, and I'm thrilled. Congratulations!
Thank you, no dedicated server for COD. Unfortunately, Qosmate worked but not for long in my case. The Cake QoS script from Élan makes the connection much more stable, especially in the long term.
As far as I know, Call of Duty has exclusively used dedicated servers in recent years and hasn't relied on listen servers or pure P2P connections for a long time. Therefore, it's likely the same for the Black Ops 6 beta. Also I have not noticed any host migrations in the beta which would indicate we are on p2p.
However, the BO6 servers are unfortunately not in great condition at the moment. I've noticed this myself, and there's a lot of talk about it online as well. But it's important to remember that this is a beta version. The developers are testing various things, and it's expected that connections might not work perfectly yet.
Elan's script just uses Cake (which can also be used with QosMate) along with some custom heuristic nftables rules, which you could theoretically use with QosMate as well (new custom rules tab). So there shouldn't be any difference. There are no secret magic rules or procedures in Elan's script...