Sure i can't share them (copyright issues), just kidding.
@dlakelan @moeller0 I think it's better to use
-m dscp ! --dscp 48 instead of -m connmark ! --mark 0x6 right ???
########################################
# Latency Sensitive (gaming/voip)
########################################
##ICMP, to prioritize pings
$IPT -t mangle -A PREROUTING -p icmp -j CONNMARK --set-mark 0x5 -m comment --comment "ICMP-pings"
#DNS traffic both udp and tcp
$IPT -t mangle -A PREROUTING -p udp -m multiport --port 53,123,5353 -j CONNMARK --set-mark 0x5 -m comment --comment "DNS udp and NTP"
$IPT -t mangle -A PREROUTING -p tcp -m multiport --port 53,5353 -j CONNMARK --set-mark 0x5 -m comment --comment "DNS tcp"
$IPT -t mangle -A PREROUTING -m connmark --mark 0x5 -j DSCP --set-dscp-class CS5
#give a high priority for PS4 and xbox
$IPT -t mangle -A PREROUTING -p tcp -m conntrack --ctorigsrc 192.168.1.150 -m multiport ! --ports 80,443,8080 -j CONNMARK --set-mark 0x6 -m comment --comment "PS4" #for PS4 or xbox etc, change the ip according to your ip setting.
$IPT -t mangle -A PREROUTING -p udp -m conntrack --ctorigsrc 192.168.1.150 -m multiport ! --ports 80,443,8080 -j CONNMARK --set-mark 0x6 -m comment --comment "PS4"
#High priority ipset, i use for pubgM
$IPT -t mangle -A PREROUTING ! -p tcp -m set --match-set latsens src,dst -j CONNMARK --set-mark 0x6 -m comment --comment "latency sensitive ipset" ## set dscp tag for Latency Sensitive (latsens) ipset
#A robust 2 rules to detect realtime traffic
$IPT -t mangle -A PREROUTING -p udp -m hashlimit --hashlimit-name udp_high_prio --hashlimit-above 120/sec --hashlimit-burst 50 --hashlimit-mode srcip,srcport,dstip,dstport -j CONNMARK --set-mark 0x55 -m comment --comment "connmark for udp"
$IPT -t mangle -A PREROUTING -p udp -m connmark ! --mark 0x55 -m conntrack --ctorigsrc 192.168.1.0/24 -m multiport ! --ports 53,5353,80,443,8080,60887 -m connbytes --connbytes 0:700 --connbytes-dir both --connbytes-mode avgpkt -j CONNMARK --set-mark 0x6 -m comment --comment "small udp connection"
$IPT -t mangle -A PREROUTING -m connmark --mark 0x6 -j DSCP --set-dscp-class CS6
##################
#TCP ACK flows
##################
# prioritize inbound and outbound ACK pkts according to size
# empty ipv4 ack pkts <64 appear very often but empty ipv6 ack pkts are larger and fall into smaller priority class
$IPT -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags ALL ACK -m length --length :64 -j CONNMARK --set-mark 0x3
$IPT -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags ALL ACK -m length --length 65:89 -j CONNMARK --set-mark 0x3
#Make sure ACK packets get priority (to avoid upload speed limiting our download speed)
$IPT -t mangle -A PREROUTING -p tcp -m length --length :128 --tcp-flags SYN,RST,ACK ACK -j CONNMARK --set-mark 0x3
$IPT -t mangle -A PREROUTING -m connmark --mark 0x3 -j DSCP --set-dscp-class CS3
#mid size ACK
$IPT -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags ALL ACK -m length --length 90:159 -j CONNMARK --set-mark 0x2
$IPT -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags ALL ACK -m length --length 160:255 -j CONNMARK --set-mark 0x2
$IPT -t mangle -A PREROUTING -m connmark --mark 0x2 -j DSCP --set-dscp-class CS2
# large ack pkts carry data and dont need the same priority
$IPT -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags ALL ACK -m length --length 256:511 -j CONNMARK --set-mark 0x2
########################################
# Streaming Media (videos/audios)
########################################
#Known video streams sites like youtube,netflix
$IPT -t mangle -A PREROUTING -m set --match-set vidstream src,dst -j CONNMARK --set-mark 0x41 -m comment --comment "vidstream ipset"
# some iptv provider's use this port
$IPT -t mangle -A PREROUTING -p tcp -m multiport --port 1935 -j CONNMARK --set-mark 0x41 -m comment --comment "some iptv streaming service"
$IPT -t mangle -A PREROUTING -m connmark --mark 0x41 -j DSCP --set-dscp-class AF41
##set dscp tag for our ipset usrcdn #those cdn's have an isolated speeds by my ISP
$IPT -t mangle -A PREROUTING -m set --match-set usrcdn src,dst -j CONNMARK --set-mark 0x21 -m comment --comment "usrcdn ipset"
$IPT -t mangle -A PREROUTING -m connmark --mark 0x21 -j DSCP --set-dscp-class AF21
########################################
# Best Effort (browsing/services)
########################################
#Small packet is probably interactive or flow control
$IPT -t mangle -A PREROUTING -m connmark ! --mark 0x2 -m connmark ! --mark 0x3 -m connmark ! --mark 0x5 -m connmark ! --mark 0x6 -m connmark ! --mark 0x21 -m connmark ! --mark 0x41 -m length --length 0:500 -j CONNMARK --set-mark 0x3
#Small packet connections: multi purpose (don't harm since not maxed out)
$IPT -t mangle -A PREROUTING -m connmark ! --mark 0x2 -m connmark ! --mark 0x3 -m connmark ! --mark 0x5 -m connmark ! --mark 0x6 -m connmark ! --mark 0x21 -m connmark ! --mark 0x41 -m connbytes --connbytes 0:250 --connbytes-dir both --connbytes-mode avgpkt -j CONNMARK --set-mark 0x3
#########################################
# Background Traffic (Bulk/file transfer)
#########################################
#bulk traffic ipset, like windows udates and steam updates/downloads
$IPT -t mangle -A PREROUTING -m set --match-set bulk src,dst -j CONNMARK --set-mark 0x1 -m comment --comment "bulk traffic ipset"
#A robust rule to detect downloads/uploads and torrents!
$IPT -t mangle -A PREROUTING -m connmark ! --mark 0x2 -m connmark ! --mark 0x3 -m connmark ! --mark 0x5 -m connmark ! --mark 0x6 -m connmark ! --mark 0x21 -m connmark ! --mark 0x41 -m connmark --mark 0x1 -j CONNMARK --set-mark 0xB
$IPT -t mangle -A PREROUTING -p tcp -m multiport --ports 21,25,80,81,443,444,554,8000,8080,8409,60887,27014:27050 -m connbytes --connbytes 500000: --connbytes-dir both --connbytes-mode bytes -j CONNMARK --set-mark 0xB #60887 bittorrent
$IPT -t mangle -A PREROUTING -p udp -m multiport --ports 21,25,80,81,443,444,554,8000,8080,8409,60887 -m connbytes --connbytes 500000: --connbytes-dir both --connbytes-mode bytes -j CONNMARK --set-mark 0xB
$IPT -t mangle -A PREROUTING -m connmark --mark 0xB -j DSCP --set-dscp-class CS1
#tcpdump rule, copy and paste this rule into terminal, this rule is used to capture realtime traffic, you can change ip to what you like
#tcpdump -i br-lan host 192.168.1.126 and udp and portrange 1-65535 and !port 53 and ! port 80 and ! port 443 -vv -X -w /root/cap-name.pcap
One question @dlakelan @moeller0 can CAKE handle a lot of users, like 100 ~ 400 users ?