Ultimate SQM settings: Layer_cake + DSCP marks (New Script!)

shaping was working fine till an hour back.... now it shows this... idk whats wrong...
now the veth0 is not limiting my download...
and sqm is not working on veth0 now...

qdisc noqueue 0: dev veth0 root refcnt 2
 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0

sqm.@queue[1]=queue
sqm.@queue[1].debug_logging='0'
sqm.@queue[1].verbosity='5'
sqm.@queue[1].ingress_ecn='ECN'
sqm.@queue[1].tcMTU='2047'
sqm.@queue[1].tcTSIZE='128'
sqm.@queue[1].enabled='1'
sqm.@queue[1].download='0'
sqm.@queue[1].qdisc='cake'
sqm.@queue[1].script='piece_of_cake.qos'
sqm.@queue[1].qdisc_advanced='1'
sqm.@queue[1].egress_ecn='ECN'
sqm.@queue[1].qdisc_really_really_advanced='1'
sqm.@queue[1].ilimit='18'
sqm.@queue[1].elimit='18'
sqm.@queue[1].linklayer='ethernet'
sqm.@queue[1].linklayer_advanced='1'
sqm.@queue[1].tcMPU='64'
sqm.@queue[1].linklayer_adaptation_mechanism='cake'
sqm.@queue[1].interface='veth0'
sqm.@queue[1].squash_dscp='0'
sqm.@queue[1].squash_ingress='0'
sqm.@queue[1].upload='22000'
sqm.@queue[1].overhead='50'
sqm.@queue[1].eqdisc_opts='diffserv4 dual-dsthost ingress nat rtt 124ms'

anybody else has this problem?

restarted router and redid the setting on veth on sqm... now its working

I think maybe this is related to the question posted this morning about my other script not working after some time...

[SOLVED] SQM Script Hotplug

1 Like

Hello,

Concerning the DSCP.sh file.
Is there something to add in or in the dnsmasq.conf if we play csgo like the following :

#High priority ipset, i use for pubgM
iptmark ! -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset,udp

iptmark -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS5 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset

Regards

Hey guys,

I wanted to try those nice scripts to my router,
I placed the DSCP.sh to /root and then changed the dnsmasq.conf

All good until I restarted the rooter and now my devices cannot connect to wifi and my pc cannot get any ip, which makes the connection to the router impossible.

I actually did a hard reboot to the second partition for the internet to come up...
Any ideas how I can delete the script from the second partition? because now the DSCP.sh is hidden from the partition I'm currently in...

Thank you.

hi there..im a newbie here so..i wanna try your DSCP script without the "veth" on my Newifi with flashed Openwrt and already applied it , im not sure if it works or not.., and i hope if you can help me a bit to understand how to proceed if its not that much to ask but i'll ask anyway =) coz i been reading a lot of tutorials and wind up here..one thing i really get confused is the "veth" =( since im new on how to use "script" and i wanna show you whats inside of my router..by the way im on a low bandwwith ISP..3MbpsDown/1MbpsUp..and i love and play online games but lags at it..=(

The most well supported script currently is the one from the thread: Help prioritizing games with alternative qdisc design

but since you have such slow speeds, you should also read Why you need at least 3Mbps upload to get good game performance with ~1500byte packets: Doing the math

The script from the first link has some mitigation code that helps reduce the typical packet sizes for people with slow connections such as yourself. it can help a lot.

1 Like

Hishams script with a little editing is by far the best script still to this day!!!!!

Please can you show script 'script with a little editing'. Thank you.

how to create dscp mark like your doing in firewall using webgui? newbie here i can't understand all scripts thank you.

from old post is says i should use prerouting, how?

not sure if the following tutorials on youtube i've did are working:

i'm pretty sure something is wrong since i've set https/443 to cs7 but i got less packets and bytes from tin 7 using diffserv8

need help badly it's been days since i'm doing trial and error

I will post my version of his script tonight but it's set up for the games I play you have to be smart enough to figure out your own port... As well as setup your DNS mask IP sets with the games or whatever you're playing I'll give you guys an example of what works for me on my PS5 with the games that I play like war zone and blacklight retribution and America's Army I only play FPS games... I edited his script for what I want to give priority to! Please forgive me for any typos or gibberish I'm on speech to text

3 Likes

waiting for your version of the script, i would like to try it for warzone

1 Like

#!/bin/ash -x
IPT="iptables"
iptmark="iptables"
##ipset for streming sites.they are bening filled by dnsmasq
ipset create streaming hash:ip
ipset create usrcdn hash:ip
ipset create bulk hash:ip
ipset create latsens hash:ip

#flush mangle table
$IPT -t mangle -F PREROUTING
#Clear interface dscp marks, we don't trust ISP marks(also to use our own marks).
$IPT -t mangle -A PREROUTING -i wan -j DSCP --set-dscp 0
########################################

#Latency Sensitive (gaming/voip)
########################################
##Latency Sensitive
$IPT -t mangle -A PREROUTING -p icmp -j DSCP --set-dscp-class CS6 ##dscp tag for ping packets
$IPT -t mangle -A PREROUTING -m set --match-set latsens src -j DSCP --set-dscp-class CS6 ## set dscp tag for our Latency Sensitive (latsens) ipset
$IPT -t mangle -A PREROUTING -p tcp -m conntrack --ctorigsrc 192.168.2.160 -m multiport ! --ports 80,443,8080 -j DSCP --set-dscp-class CS6 -m comment --comment "PS4" #i don't have PS4, change the ip according to your ip setting.
####Latency Sensitive Ports####
sport00="3074"
sport4="9305:9308"
sport16="3478:3479"
dport00="3074:3075,3478:3479,3658:3659,9305:9308"
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport00 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport4 -j DSCP --set-dscp-class AF41
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport16 -j DSCP --set-dscp-class AF41
$IPT -t mangle -A PREROUTING -p udp -m multiport --dport $dport00 -j DSCP --set-dscp-class CS6
$IPT -t mangle -N dscp_mark > /dev/null 2>&1
$IPT -t mangle -F dscp_mark

#check if POSTROUTING already exits then jumps to our tables if not, add them
$IPT -t mangle -L POSTROUTING -n | grep dscp_mark || $IPT -t mangle -A POSTROUTING -o br-lan -j dscp_mark
iptmark() {
$IPT -t mangle -A dscp_mark "$@"
}
#A robust 2 rules to detect realtime traffic
iptmark -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 100/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp"

#unmarked UDP streams with small packets get CS6
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,80,443,8080 -m connbytes --connbytes 0:940 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6"
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 137,442,444,445,446,447 -m connbytes --connbytes 0:940 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6"
#large udp streams like video call get AF41
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,80,443,8080 -m connbytes --connbytes 940:1500 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class AF21 -m comment --comment "large udp connection gets AF21"
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 137,442,444,445,446,447 -m connbytes --connbytes 940:1500 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6"
#DNS traffic both udp and tcp
iptmark -p udp -m multiport --port 53 -j DSCP --set-dscp-class CS6 -m comment --comment "DNS udp"
#NTP
iptmark -p udp -m multiport --port 123 -j DSCP --set-dscp-class CS6 -m comment --comment "NTP udp"
#High priority ipset, i use for pubgM
iptmark ! -p udp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset,udp
iptmark -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset
###########
##Browsing
###########

#medium priority for browsing
iptmark -p tcp -m multiport --ports 80,443 -j DSCP --set-dscp-class CS3 -m comment --comment "Browsing at CS3"
##################
#TCP SYN,ACK flows
##################
#Make sure ACK,SYN packets get priority (to avoid upload speed limiting our download speed)
iptmark -p tcp --tcp-flags ALL ACK -m length --length :128 -j DSCP --set-dscp-class CS3
iptmark -p tcp --tcp-flags ALL SYN -m length --length :666 -j DSCP --set-dscp-class CS3
#Small packet is probably interactive or flow control
iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m length --length 0:500 -j DSCP --set-dscp-class CS3
#Small packet connections: multi purpose (don't harm since not maxed out)
iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS3
########################################

#Streaming Media (videos/audios)
########################################
#Known video streams sites like netflix
iptmark -m set --match-set streaming src,dst -j DSCP --set-dscp-class AF41 -m comment --comment "video audio stream ipset"
#known usrcdn like google or akamai
iptmark -m set --match-set usrcdn src,dst -j DSCP --set-dscp-class AF21 -m comment --comment "usrcdn ipset"
#########################################

#Background Traffic (Bulk/file transfer)
#########################################
#bulk traffic ipset, like windows udates and steam updates/downloads
iptmark -p tcp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
iptmark -p udp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
iptmark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS3 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS3 to CS1 for bulk tcp traffic"

1 Like
#records.
#You may add multiple srv-host lines.
#The fields are ,,,,
#A SRV record sending LDAP for the example.com domain to
#ldapserver.example.com 1 port 289
srv-host=_ldap._tcp.example.com,ldapserver.example.com 1,389

#Two SRV records for LDAP, each with different priorities
srv-host=_ldap._tcp.example.com,ldapserver.example.com 1,389,1
srv-host=_ldap._tcp.example.com,ldapserver.example.com 1,389,2

#A SRV record indicating that there is no LDAP server for the domain
#example.com
srv-host=_ldap._tcp.example.com

#The following line shows how to make dnsmasq serve an arbitrary PTR
#record. This is useful for DNS-SD.
#The fields are ,
ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"

#Change the following lines to enable dnsmasq to serve TXT records.
#These are used for things like SPF and zeroconf.
#The fields are ,,...
#Example SPF.
txt-record=example.com,"v=spf1 a -all"

#Example zeroconf
txt-record=_http._tcp.example.com,name=value,paper=A4

#Provide an alias for a "local" DNS name. Note that this only works
#for targets which are names from DHCP or /etc/hosts. Give host
#"bert" another name, bertrand
#The fields are ,
cname=bertand,bert

except-interface=wan

##Latency Sensitive (gaming/voip)
ipset=/zcure-blr-ps4-east-us.hardsuitlabs.com/*hardsuitlabs.com,9305,1/latsens
ipset=/zcure-blr-ps4-east-us.hardsuitlabs.com/*hardsuitlabs.com,9306,2/latsens
ipset=/zcure-blr-ps4-east-us.hardsuitlabs.com/*hardsuitlabs.com,9308,3/latsens
ipset=/d3ovluux6b7f2q.cloudfront.net/*demonware.net/Iw8-ps4-loginqueue.prod.demonware.net,3074,1/latsens

##video/audio streams

#Youtube is also isolated by my isp
ipset=/googlevideo.com/*.googlevideo.com/streaming

#NetFlix
ipset=/nflxvideo.net/streaming

#AmazonVideo
ipset=/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/streaming

#Facebook
ipset=/fbcdn.net/streaming

#Twitch
ipset=/ttvnw.net/streaming

#VeVo
ipset=/vevo.com/streaming

#Spotify
ipset=/audio-fa.scdn.cot/streaming

#Deezer
ipset=/deezer.com/streaming

#SoundCloud
ipset=/sndcdn.com/streaming

#last.fm
ipset=/last.fm/streaming
#reddit videos
ipset=/v.redd.it/streaming
#twitch.tv
ipset=/ttvnw.net/par10s27-in-f206.1e100.net/streaming
##i have isolated speed for those cdn's
ipset=/googletagmanager.com/googleusercontent.com/.googleusercontent.com/google.com/fbcdn.net/.fbcdn.net/akamaihd.net/.akamaihd.net/whatsapp.net/.whatsapp.net/whatsapp.com/.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn

#Bulk downloads
#qq download
ipset=/download.qq.com/bulk

#Steam Download
ipset=/steamcontent.com/bulk

#PSN Download
ipset=/gs2.ww.prod.dl.playstation.net/bulk

#DropBox
ipset=/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk

#Google Drive
ipset=/drive.google.com/drive-thirdparty.googleusercontent.com/bulk

#Google Docs
ipset=/docs.google.com/docs.googleusercontent.com/bulk

#PlayStore Download
ipset=/gvt1.com/bulk

#WhatsApp Files
ipset=/mmg-fna.whatsapp.net/bulk

#Youtube Upload
ipset=/upload.youtube.com/upload.video.google.com/bulk

#WindowsUpdate
ipset=/windowsupdate.com/update.microsoft.com/bulk

type or paste code here

Please use codeboxes for pasting configuration files, doing so improves the readability by a lot (and avoids a mess with unintended formatting changes or potentially swallowed characters).

3 Likes

sry learning curve my friend...

Well at least one success story so far... Also im a newb just persistent I hate to loose but all glory should go to SOLIDUS1983 he is the man!!!!

1 Like

Hello and thanks for sharing your knowledge all around this forum.

For reference, here is my current WIP configuration. Since I have two WAN links, nicely managed by mwan3, I suppose I have to add two queues, one for each WAN, but it's the LAN thing above that I cannot seem to quite understand...

config queue 'eth1'
	option interface 'eth1'
	option qdisc 'cake'
	option ingress_ecn 'ECN'
	option itarget 'auto'
	option etarget 'auto'
	option enabled '1'
	option download '200000'
	option upload '100000'
	option linklayer 'ethernet'
	option overhead '44'
	option qdisc_advanced '1'
	option egress_ecn 'NOECN'
	option qdisc_really_really_advanced '1'
	option debug_logging '0'
	option verbosity '5'
	option script 'layer_cake.qos'
	option squash_dscp '0'
	option squash_ingress '0'
	option iqdisc_opts 'diffserv4 nat dual-dsthost ingress'
	option eqdisc_opts 'diffserv4 nat dual-srchost'

config queue
	option enabled '1'
	option interface 'eth5.210'
	option download '200000'
	option upload '60000'
	option debug_logging '0'
	option verbosity '5'
	option qdisc 'cake'
	option linklayer 'ethernet'
	option overhead '44'
	option qdisc_advanced '1'
	option ingress_ecn 'ECN'
	option egress_ecn 'NOECN'
	option qdisc_really_really_advanced '1'
	option itarget 'auto'
	option etarget 'auto'
	option script 'layer_cake.qos'
	option squash_dscp '0'
	option squash_ingress '0'
	option iqdisc_opts 'diffserv4 nat dual-dsthost ingress'
	option eqdisc_opts 'diffserv4 nat dual-srchost'

I have copied the non-veth script into /root/DSCP.sh, made it executable and added the line to call it into the Local Startup section of LUCI. I have also added the needed ipset lines to the bottom of /etc/dnsmasq.conf. file.

I'm not sure I follow what you mean by "set upload on lan to your wan download"...
Does this mean I have to add an additional queue (for br-lan) into the sqm file?
If so, how do I set this about? Do I need to invert download and upload rates on this new queue?
Additionally, do I need to invert dst-host and src-host in this new queue?

For anyone (@hisham2630, @dlakelan, @AlanDias17) taking the time answering those questions, many thanks in advance.
Cesar