Hishams script with a little editing is by far the best script still to this day!!!!!
Please can you show script 'script with a little editing'. Thank you.
how to create dscp mark like your doing in firewall using webgui? newbie here i can't understand all scripts thank you.
from old post is says i should use prerouting, how?
not sure if the following tutorials on youtube i've did are working:
i'm pretty sure something is wrong since i've set https/443 to cs7 but i got less packets and bytes from tin 7 using diffserv8
need help badly it's been days since i'm doing trial and error
I will post my version of his script tonight but it's set up for the games I play you have to be smart enough to figure out your own port... As well as setup your DNS mask IP sets with the games or whatever you're playing I'll give you guys an example of what works for me on my PS5 with the games that I play like war zone and blacklight retribution and America's Army I only play FPS games... I edited his script for what I want to give priority to! Please forgive me for any typos or gibberish I'm on speech to text
3 Likes
waiting for your version of the script, i would like to try it for warzone
1 Like
#!/bin/ash -x
IPT="iptables"
iptmark="iptables"
##ipset for streming sites.they are bening filled by dnsmasq
ipset create streaming hash:ip
ipset create usrcdn hash:ip
ipset create bulk hash:ip
ipset create latsens hash:ip
#flush mangle table
$IPT -t mangle -F PREROUTING
#Clear interface dscp marks, we don't trust ISP marks(also to use our own marks).
$IPT -t mangle -A PREROUTING -i wan -j DSCP --set-dscp 0
########################################
#Latency Sensitive (gaming/voip)
########################################
##Latency Sensitive
$IPT -t mangle -A PREROUTING -p icmp -j DSCP --set-dscp-class CS6 ##dscp tag for ping packets
$IPT -t mangle -A PREROUTING -m set --match-set latsens src -j DSCP --set-dscp-class CS6 ## set dscp tag for our Latency Sensitive (latsens) ipset
$IPT -t mangle -A PREROUTING -p tcp -m conntrack --ctorigsrc 192.168.2.160 -m multiport ! --ports 80,443,8080 -j DSCP --set-dscp-class CS6 -m comment --comment "PS4" #i don't have PS4, change the ip according to your ip setting.
####Latency Sensitive Ports####
sport00="3074"
sport4="9305:9308"
sport16="3478:3479"
dport00="3074:3075,3478:3479,3658:3659,9305:9308"
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport00 -j DSCP --set-dscp-class CS6
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport4 -j DSCP --set-dscp-class AF41
$IPT -t mangle -A PREROUTING -p udp -m multiport --sport $sport16 -j DSCP --set-dscp-class AF41
$IPT -t mangle -A PREROUTING -p udp -m multiport --dport $dport00 -j DSCP --set-dscp-class CS6
$IPT -t mangle -N dscp_mark > /dev/null 2>&1
$IPT -t mangle -F dscp_mark
#check if POSTROUTING already exits then jumps to our tables if not, add them
$IPT -t mangle -L POSTROUTING -n | grep dscp_mark || $IPT -t mangle -A POSTROUTING -o br-lan -j dscp_mark
iptmark() {
$IPT -t mangle -A dscp_mark "$@"
}
#A robust 2 rules to detect realtime traffic
iptmark -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 100/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp"
#unmarked UDP streams with small packets get CS6
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,80,443,8080 -m connbytes --connbytes 0:940 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6"
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 137,442,444,445,446,447 -m connbytes --connbytes 0:940 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6"
#large udp streams like video call get AF41
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 22,25,53,67,68,123,143,161,162,514,80,443,8080 -m connbytes --connbytes 940:1500 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class AF21 -m comment --comment "large udp connection gets AF21"
iptmark -p udp -m connmark ! --mark 0x55 -m multiport ! --ports 137,442,444,445,446,447 -m connbytes --connbytes 940:1500 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS6 -m comment --comment "small udp connection gets CS6"
#DNS traffic both udp and tcp
iptmark -p udp -m multiport --port 53 -j DSCP --set-dscp-class CS6 -m comment --comment "DNS udp"
#NTP
iptmark -p udp -m multiport --port 123 -j DSCP --set-dscp-class CS6 -m comment --comment "NTP udp"
#High priority ipset, i use for pubgM
iptmark ! -p udp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset,udp
iptmark -p tcp -m set --match-set latsens src,dst -j DSCP --set-dscp-class CS6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset
###########
##Browsing
###########
#medium priority for browsing
iptmark -p tcp -m multiport --ports 80,443 -j DSCP --set-dscp-class CS3 -m comment --comment "Browsing at CS3"
##################
#TCP SYN,ACK flows
##################
#Make sure ACK,SYN packets get priority (to avoid upload speed limiting our download speed)
iptmark -p tcp --tcp-flags ALL ACK -m length --length :128 -j DSCP --set-dscp-class CS3
iptmark -p tcp --tcp-flags ALL SYN -m length --length :666 -j DSCP --set-dscp-class CS3
#Small packet is probably interactive or flow control
iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m length --length 0:500 -j DSCP --set-dscp-class CS3
#Small packet connections: multi purpose (don't harm since not maxed out)
iptmark -m dscp ! --dscp 24 -m dscp ! --dscp 18 -m dscp ! --dscp 34 -m dscp ! --dscp 40 -m dscp ! --dscp 48 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j DSCP --set-dscp-class CS3
########################################
#Streaming Media (videos/audios)
########################################
#Known video streams sites like netflix
iptmark -m set --match-set streaming src,dst -j DSCP --set-dscp-class AF41 -m comment --comment "video audio stream ipset"
#known usrcdn like google or akamai
iptmark -m set --match-set usrcdn src,dst -j DSCP --set-dscp-class AF21 -m comment --comment "usrcdn ipset"
#########################################
#Background Traffic (Bulk/file transfer)
#########################################
#bulk traffic ipset, like windows udates and steam updates/downloads
iptmark -p tcp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
iptmark -p udp -m set --match-set bulk src,dst -j DSCP --set-dscp-class CS1 -m comment --comment "bulk traffic ipset"
iptmark -p tcp -m connbytes --connbytes 350000: --connbytes-dir both --connbytes-mode bytes -m dscp --dscp-class CS3 -j DSCP --set-dscp-class CS1 -m comment --comment "Downgrade CS3 to CS1 for bulk tcp traffic"
1 Like
#records.
#You may add multiple srv-host lines.
#The fields are ,,,,
#A SRV record sending LDAP for the example.com domain to
#ldapserver.example.com 1 port 289
srv-host=_ldap._tcp.example.com,ldapserver.example.com 1,389
#Two SRV records for LDAP, each with different priorities
srv-host=_ldap._tcp.example.com,ldapserver.example.com 1,389,1
srv-host=_ldap._tcp.example.com,ldapserver.example.com 1,389,2
#A SRV record indicating that there is no LDAP server for the domain
#example.com
srv-host=_ldap._tcp.example.com
#The following line shows how to make dnsmasq serve an arbitrary PTR
#record. This is useful for DNS-SD.
#The fields are ,
ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
#Change the following lines to enable dnsmasq to serve TXT records.
#These are used for things like SPF and zeroconf.
#The fields are ,,...
#Example SPF.
txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
txt-record=_http._tcp.example.com,name=value,paper=A4
#Provide an alias for a "local" DNS name. Note that this only works
#for targets which are names from DHCP or /etc/hosts. Give host
#"bert" another name, bertrand
#The fields are ,
cname=bertand,bert
except-interface=wan
##Latency Sensitive (gaming/voip)
ipset=/zcure-blr-ps4-east-us.hardsuitlabs.com/*hardsuitlabs.com,9305,1/latsens
ipset=/zcure-blr-ps4-east-us.hardsuitlabs.com/*hardsuitlabs.com,9306,2/latsens
ipset=/zcure-blr-ps4-east-us.hardsuitlabs.com/*hardsuitlabs.com,9308,3/latsens
ipset=/d3ovluux6b7f2q.cloudfront.net/*demonware.net/Iw8-ps4-loginqueue.prod.demonware.net,3074,1/latsens
##video/audio streams
#Youtube is also isolated by my isp
ipset=/googlevideo.com/*.googlevideo.com/streaming
#NetFlix
ipset=/nflxvideo.net/streaming
#AmazonVideo
ipset=/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/streaming
#Facebook
ipset=/fbcdn.net/streaming
#Twitch
ipset=/ttvnw.net/streaming
#VeVo
ipset=/vevo.com/streaming
#Spotify
ipset=/audio-fa.scdn.cot/streaming
#Deezer
ipset=/deezer.com/streaming
#SoundCloud
ipset=/sndcdn.com/streaming
#last.fm
ipset=/last.fm/streaming
#reddit videos
ipset=/v.redd.it/streaming
#twitch.tv
ipset=/ttvnw.net/par10s27-in-f206.1e100.net/streaming
##i have isolated speed for those cdn's
ipset=/googletagmanager.com/googleusercontent.com/.googleusercontent.com/google.com/fbcdn.net/.fbcdn.net/akamaihd.net/.akamaihd.net/whatsapp.net/.whatsapp.net/whatsapp.com/.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn
#Bulk downloads
#qq download
ipset=/download.qq.com/bulk
#Steam Download
ipset=/steamcontent.com/bulk
#PSN Download
ipset=/gs2.ww.prod.dl.playstation.net/bulk
#DropBox
ipset=/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk
#Google Drive
ipset=/drive.google.com/drive-thirdparty.googleusercontent.com/bulk
#Google Docs
ipset=/docs.google.com/docs.googleusercontent.com/bulk
#PlayStore Download
ipset=/gvt1.com/bulk
#WhatsApp Files
ipset=/mmg-fna.whatsapp.net/bulk
#Youtube Upload
ipset=/upload.youtube.com/upload.video.google.com/bulk
#WindowsUpdate
ipset=/windowsupdate.com/update.microsoft.com/bulk
type or paste code here
Please use codeboxes for pasting configuration files, doing so improves the readability by a lot (and avoids a mess with unintended formatting changes or potentially swallowed characters).
3 Likes
sry learning curve my friend...
Well at least one success story so far... Also im a newb just persistent I hate to loose but all glory should go to SOLIDUS1983 he is the man!!!!
1 Like
Hello and thanks for sharing your knowledge all around this forum.
For reference, here is my current WIP configuration. Since I have two WAN links, nicely managed by mwan3, I suppose I have to add two queues, one for each WAN, but it's the LAN thing above that I cannot seem to quite understand...
config queue 'eth1'
option interface 'eth1'
option qdisc 'cake'
option ingress_ecn 'ECN'
option itarget 'auto'
option etarget 'auto'
option enabled '1'
option download '200000'
option upload '100000'
option linklayer 'ethernet'
option overhead '44'
option qdisc_advanced '1'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option debug_logging '0'
option verbosity '5'
option script 'layer_cake.qos'
option squash_dscp '0'
option squash_ingress '0'
option iqdisc_opts 'diffserv4 nat dual-dsthost ingress'
option eqdisc_opts 'diffserv4 nat dual-srchost'
config queue
option enabled '1'
option interface 'eth5.210'
option download '200000'
option upload '60000'
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option linklayer 'ethernet'
option overhead '44'
option qdisc_advanced '1'
option ingress_ecn 'ECN'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option itarget 'auto'
option etarget 'auto'
option script 'layer_cake.qos'
option squash_dscp '0'
option squash_ingress '0'
option iqdisc_opts 'diffserv4 nat dual-dsthost ingress'
option eqdisc_opts 'diffserv4 nat dual-srchost'
I have copied the non-veth script into /root/DSCP.sh, made it executable and added the line to call it into the Local Startup section of LUCI. I have also added the needed ipset lines to the bottom of /etc/dnsmasq.conf. file.
I'm not sure I follow what you mean by "set upload on lan to your wan download"...
Does this mean I have to add an additional queue (for br-lan) into the sqm file?
If so, how do I set this about? Do I need to invert download and upload rates on this new queue?
Additionally, do I need to invert dst-host and src-host in this new queue?
For anyone (@hisham2630, @dlakelan, @AlanDias17) taking the time answering those questions, many thanks in advance.
Cesar
Thanks 1000 times.
your script works great on warzone. I put your script together with @AlanDias17's sqm settings and everything works great.
For now the best script and the best smq settings for games.
I will continue to test.
Thanks again @Reeves0724 and @AlanDias17 for sharing your information. Thanks also to @dlakelan and @hisham2630 for building these awesome scripts and also thanks to @Dopam-IT_1987 for helping me set up. When you want I can try other settings.
P.S.
I changed the game port tags in EF, it seems better less delay
3 Likes
Just an update this is the current SQM settings I'm using. It's best so far imo along with the above scripts
config queue 'eth1'
option qdisc 'cake'
option linklayer 'none'
option download '0'
option debug_logging '0'
option verbosity '5'
option enabled '1'
option script 'layer_cake.qos'
option qdisc_advanced '1'
option squash_dscp '0'
option squash_ingress '1'
option ingress_ecn 'NOECN'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option interface 'pppoe-wan'
option upload '14500'
option eqdisc_opts 'diffserv8 nat ack-filter datacentre'
config queue
option enabled '1'
option interface 'br-lan'
option download '0'
option debug_logging '0'
option verbosity '5'
option qdisc 'cake'
option script 'layer_cake.qos'
option qdisc_advanced '1'
option squash_ingress '1'
option ingress_ecn 'NOECN'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option linklayer 'none'
option squash_dscp '0'
option upload '14500'
option eqdisc_opts 'diffserv8 nat datacentre'
2 Likes
I play in wired
1 Like
I never put sqm on a bridge like br-lan only wan , eth0 etc but i guess to each thier own... I would at least change from br-lan interface to eth0
1 Like
you can use the two instance but only on upload 
1 Like