SQM CABLE DOCSIS 3.1 Settings + Packet Prioritization

As a point of order 'act_ctinfo' is a tc action not a q(ueuing)disc(ipline)

A typical usage for an IFB redirect ingress scenario is something like

# tc filter show dev eth0 ingress
filter parent ffff: protocol all pref 49152 matchall chain 0 
filter parent ffff: protocol all pref 49152 matchall chain 0 handle 0x1 
	action order 1: ctinfo zone 0 pipe
	 index 2 ref 1 bind 1 dscp 0x0000003f 0x00000800

	action order 2: mirred (Egress Redirect to device ifb4eth0) stolen
	index 1 ref 1 bind 1

The 1st action is 'ctinfo' where we hope to find that the conntrack firewall entry has a DSCP stored for this connection in the conntrack MARK field and if so, set that stored DSCP value into the current packet.
The 2nd action is 'mirred' (mirror/redirect) where we redirect this packet to the ingress port of another interface, in this case 'ifb4eth0'

iptables is typically used to copy the DSCP from an existing (usually egress) packet into the conntrack firewall MARK - openwrt's iptables has a patched CONNMARK module which understands '--set-dscpmark' which copies the DSCP field into connmark and sets a flag.

classification rules here - put the desired DSCP into the packet

iptables -t mangle -A MANGLE_CHAIN_HERE -j CONNMARK --set-dscpmark 0x3f/0x800

Most of the time you only need to set the DSCP on connection startup, so if you're clever with iptables rules and the DSCP_IS_STORED flag you can save yourself going through the classification decisions for every packet - sort of set and forget.

To set a decided DSCP on egress (to wan) you need something like

# tc filter show dev eth0
filter parent 8011: protocol all pref 49152 matchall chain 0 
filter parent 8011: protocol all pref 49152 matchall chain 0 handle 0x1 
	action order 1: ctinfo zone 0 pipe
	 index 1 ref 1 bind 1 dscp 0x0000003f 0x00000800

I should add that at present nftables does not have equivalent functionality of --set-dscpmark. You should cheer on Jeremy Sowden's efforts to enhance nftables to do so here https://marc.info/?l=netfilter-devel&m=164907445630634&w=2

Not to be too down on nftables, I was wondering why my old raspberry pi was running openwrt with fw4 and I'd forgotten I had been experimenting with how far I could get. It would be nice if you could do something as simple as "nft add rule t c ct mark set ip dscp" or even better "nft add rule t c ct mark set ct mark and 0xffffff00 or ip dscp" and it not throw a syntax error. You can get close with "meta nfproto ipv4 ct mark set @nh,8,6" and "meta nfproto ipv6 ct mark set @nh,4,6" but they both destroy the existing mark value rather than nicely masking themselves in - that's why Jeremy's work is so useful. I had sort of given up / got occupied with work but I'll see if I can work around the limitation.


This reminds me, what sqm features do you need for your script? We have the possibility to supply your own start-up function, and we could easily add a similar approach for shut-down/clean-up/stop function. (We did not do this so far as we do not even have a user for the non-default start-up function)?

i think i will try to set up qosify with your method @moeller0

i installed a fresh snapshot, installed luci, installed qosify

but what commands do i need for qosify ?

when i insert /etc/config/qosify i get permission denied

hi N1k i suggere try

vi /etc/config/network 

he should be work :wink:

1 Like

I installed qosify, does that config work for a 1000/50 cable connection:

i added port 27005 and 3074 to voice so my gaming traffic gets the highest prio

the thing is i dont need all these prioritizations i just want my gaming traffic to be prioritized, would be cool if someone can help

also when my pc sends packets with port 27005 to a game server (that changes port everytime i search a new match), how can i always get the right port and prioritize the server packets that are incoming.

the packets are not marked in wireshark:
DSCP Default

As discussed in Qosify main thread looks like port matching is not working (or if it's working not for all of us). Secondly, you cannot use Qosify to mark listening ports (what you want), only destination ports.

1 Like

I guess in the ingress directiom 27005 is a destination port.... this might indicate either that either port marking does not work, or maybe that there is another rule after the port rule that resets the DSCP to default?

Is there documentation about the sequence in which rules get evaluated?

To test this hypothesis, maybe set all rules to +besteffort and only the port rule to voice?

Pet peeve, please remove the voice classification for DNS... there will still be situations where that is justified, but as a default it feels a bad choice. Cake's flow-fair queuing (and in addition its per-internal-IP-fairness modes) should automatically give DNS request a decent chance of speedy processing, so hard prioritization is not going to be a noticeable win across the board.

Remember for any packet that gets delivered faster other packet(s) will need to be delayed more, which works better the fewer packets are in the high priority tiers.

Yes, you are right, but he's instantiating Qosify linked to the wan.

Ah, not having tested qosify, I naively assumed that the:

option bandthwidth_up 42mbit
option bandwidth_down 850mbit
option ingress 1
option egress 1

in his config would configure a "normal" cake shaper pair with egress shaping on the wan interface and ingress shaping on an IFB, but I might well be totally out to lunch here.

so what i need would be some method that can port match and listen to ports and prioritize the ingress and egress packets, is there something out like that ?

can i just delete all the rules i dont need and only use

udp 27005 voice

for example and prioritize the voice as EF ?

Well, for the egress direction I think we already established that method.

Did you test whether your gaming already improves when you prioritize in egress direction?

Probably, but as I have said before due to using an old router I can not test (and have not tested) qosify myself, so I refrain from giving detailed recommendations how to configure it, since I lack the necessary first-hand experience, sorry.

yea it feels like my shots connect better but when someone is coming around a corner i cant reakt and i think an ingress prioritization would help there

1 Like

also what should i take for

option overhead_type none

is option options "docsis"

enough ?

OK, I guess the problem with this is that it is hard to quantify improvements making stringent A/B test difficult. I guess if you can clearly define a port range for the ingress traffic, we might be able to come up with a tc filter invocation that might actually work for testing... (in the end I think that qosify should be properly tested and any port bugs reported upstream and fixed, but not being able/willing to actually test qosify I will not be able to help in that).

this is my config now:



and i think its working

but where can i set my per packet overhead for my connection
i changed option options "docsis" with option options "overhead 22" but im not sure if this is right because there is still option overhead_type none

This looks like it works, but please repeat the capture on the router to see whether you see EF marks for the egress packets as well.

Again, not an expert on qosify's configuration, could you please post the output of tc -s qdisc so we see what is actually configured?

Could I ask you for a favor please?

Instead of going through the hassle of creating a screenshot and pasting that here, could you simply select all the relevant text in the terminal window and copy and paste it into the forum editor as "Preformatted text"? To paste as preformatted text, click on the </> icon in the toolbar and replace the "type or paste here" placeholder with what you copied from the terminal window.

Or if you want to do it in the forum editor purely with entering text:

Just make sure you "sandwich" your text between two rows of backtick characters ` (which themselves will be invisible in the preview) looking in something like this in the editor:
Your Pasted Text as preformatted text with fixed width font
1111 (note with fixed-width fonts the numbers are right-aligned)
but looking like this in the rendered forum:

Your Pasted Text as preformatted text with fixed width font
1111 (note with fixed-width fonts the numbers are right-aligned)
1 Like