This topic is now almost exactly 1 year old and has accumulated 681 postings.
Have your initial questions been answered during the last 12 months?
If yes: Could you please sum up your findings and the answers to your questions and then mark the topic as solved? This would be a great help for other users and save them the time to wade through 600something postings.
Hello friends, I wanted to see if you help me in this, I wanted to know what is the highest priority in DSCP if it is EF or CS7
I also want to know if these commands are properly placed in the Extra arguments boxes
Hello guys,
I have a TP link archer c7 v5 and got two question.
Should I use layer cake instead of piece of cake? I want my hit detection to be much instant as possible. I heard I also should set squash to do not squash on inbound.
Im playing on console, game is using following udp ports 3074, 3479 and 3480.
Can I run this in my firewall as dscp mark?
##ICMP
iptables -t mangle -A FORWARD -p icmp -j DSCP --set-dscp-class EF
iptables -t mangle -A POSTROUTING -p icmp -j DSCP --set-dscp-class EF
##GAMING
iptables -t mangle -A FORWARD -p udp --match multiport --sport 3074,3479:3480 -j DSCP --set-dscp-class EF
iptables -t mangle -A FORWARD -p udp --match multiport --dport 3074,3479:3480 -j DSCP --set-dscp-class EF
iptables -t mangle -A POSTROUTING -p udp --match multiport --sport 3074,3479:3480 -j DSCP --set-dscp-class EF
iptables -t mangle -A POSTROUTING -p udp --match multiport --dport 3074,3479:3480 -j DSCP --set-dscp-class EF
If you want to use DSCP to prioritize some packets over others, you need to use layer_cake and make sure packets carry the correct/desired dscp marking before cake gets hold of them.
Ok thanks. Can I use the iptables I posted above? Just want these udp packets to travel fast as possible and ICMP priotized.
Well, just try it.
tc -s qdisc will give you statistics where cake reports how many packets traversed through the different priority tiers, so just run a test and see whether the correct counters increase.
Typically on a wan link's ingress side qdiscs run before iptables got hold of the packets, so on ingress the marking most likely is not going to have an effect on egress it might (unless the NAT system had to re-map the ports to different internal port numbers)...
It would be awesome if SQM (luci-app) had a option to prioritize packets of specific gaming ports when using layer_cake. I would love to prioritize a few gaming ports but reading thrue this thread I figured out that it does seem to be kinda complicated and not very userfriendly.
@lajkasir
If this worked for you please report back as I would like to set up something similar for some games.
Im using gargoyle rn but dont know if its possible to run this on openwrt thats why im asking...
On gargoyle i post these in firewall.user and run this command in putty
/etc/init.d/firewall restart
Then reboot
Edit: ok i just tried but get error. Do i need to have SQM and Layer cake enabled to get this working?
I've tested your rules with Modern Warfare on my PS4 and it does seem to work for the egress side (layer_cake@pppoe). On the ingress side it didn't had any effect and I guess the reason is the one that moeller0 stated above...
Yes but my test showed me that your solution will only work on the upload side (egress) and sadly I don't know any simple solution for the download side (ingress). To make things rly work it has to be Up+Dowload sided.
If you're using a snapshot of master you can use sqm-scripts 1.4.0 (or newer) with cake and also install kmod-sched-ctinfo, kmod-sched-connmark, and kmod-sched-ipset (the latter is optional but I make use of it). I use a simple script based off of what @ldir originally posted:
#!/bin/sh
# Cero3 Shaper
# A cake shaper and AQM solution that allows several diffserv marking schemes
# for ethernet gateways
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# Copyright (C) 2012-5 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller
#sm: TODO pass in the cake diffserv keyword
. ${SQM_LIB_DIR}/defaults.sh
QDISC=cake
# Default traffic classication is passed in INGRESS_CAKE_OPTS and EGRESS_CAKE_OPTS, defined in defaults.sh now
egress() {
SILENT=1 $TC qdisc del dev $IFACE root
$TC qdisc add dev $IFACE root handle cacf: $( get_stab_string ) cake \
bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}
# put an action on the egress interface to set DSCP from the stored connmark.
# this seems counter intuitive but it ensures once the mark is set that all
# subsequent egress packets have the same stored DSCP avoiding iptables rules
# to mark every packet, ctinfo does it for us and then CAKE is happy using the
# DSCP
$TC filter add dev $IFACE protocol all prio 10 u32 match u32 0 0 action \
ctinfo dscp 0xfc000000 0x01000000
}
ingress() {
SILENT=1 $TC qdisc del dev $IFACE handle ffff: ingress
$TC qdisc add dev $IFACE handle ffff: ingress
SILENT=1 $TC qdisc del dev $DEV root
[ "$IGNORE_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS besteffort"
[ "$ZERO_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS wash"
$TC qdisc add dev $DEV root handle cace: $( get_stab_string ) cake \
bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}
$IP link set dev $DEV up
# redirect all IP packets arriving in $IFACE to ifb0
# set DSCP from conntrack mark
$TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
match u32 0 0 action \
ctinfo dscp 0xfc000000 0x01000000 \
mirred egress redirect dev $DEV
# Configure iptables chain to mark packets
ipt -t mangle -N QOS_MARK_${IFACE}
# Change DSCP of relevant hosts/packets
# and save the DSCP to the connmark using savedscp
#From sched_cake.c:
# /* Further pruned list of traffic classes for four-class system:
# *
# * Latency Sensitive (CS7, CS6, EF, VA, CS5, CS4)
# * Streaming Media (AF4x, AF3x, CS3, AF2x, TOS4, CS2, TOS1)
# * Best Effort (CS0, AF1x, TOS2, and those not specified)
# * Background Traffic (CS1)
# *
# * Total 4 traffic classes.
# */
#and for diffserv8:
# /* Pruned list of traffic classes for typical applications:
# *
# * Network Control (CS6, CS7)
# * Minimum Latency (EF, VA, CS5, CS4)
# * Interactive Shell (CS2, TOS1)
# * Low Latency Transactions (AF2x, TOS4)
# * Video Streaming (AF4x, AF3x, CS3)
# * Bog Standard (CS0 etc.)
# * High Throughput (AF1x, TOS2)
# * Background Traffic (CS1)
# *
# * Total 8 traffic classes.
# */
GAMING_CLASS=AF41
ipt -t mangle -A QOS_MARK_${IFACE} -m set --match-set gameset dst -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -t mangle -A QOS_MARK_${IFACE} -m set --match-set bulkset dst -j DSCP --set-dscp-class CS1
ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.3 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.3 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.4 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.4 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.166 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.166 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.1.152 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.1.152 -m multiport --dports 1024:65535 -j DSCP --set-dscp-class ${GAMING_CLASS}
ipt -A QOS_MARK_${IFACE} -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000
# Send unmarked connections to the marking chain
# top 6 bits are DSCP, LSB is DSCP is valid flag
# ipt -t mangle -A PREROUTING -i $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}
ipt -t mangle -A POSTROUTING -o $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}
#you could just send every packet to the marking chain and update the stored DSCP for every packet
#which should work for dynamic type marking but at a cpu cost
}
sqm_prepare_script() {
do_modules
verify_qdisc $QDISC "cake" || return 1
}
I have limited upload bandwidth so I use cakes video tin rather than voice. The '--savedscp-mark' saves the DSCP marks we set to the connection and the 'ctinfo' action restores the DSCP value to the packets before cake takes them.
The patches for savedscp support weren't merged into 19.07, but I've been building my own images with it since the beginning of August and everything has been working perfectly for me. If you want a fancier script ldir has a good example here.
I use dnsmasq to populate two ipsets, but you need to use dnsmasq-full for that. One is for a couple of games that use a HTTPS connection for game traffic, the other is mainly to confine Windows/Xbox updates to the bulk tin.
Thanks for your input!
I'm using a Snapshot build of davidc502 (OpenWrt SNAPSHOT r11086-4fc0a61ed3) and it has sqm-scripts 1.4.0-1 installed and I'm also able to install the packages which you mentioned above.
I'll give your solution/script a try later on. My Upload speed is rather on the larger side (~40mbps) so I guess that the default voice tin for gaming would make sense for me. I'll just need to figure out how to adjust the script for my needs because all I want for now is to priotize my PS4 Gaming traffic and I think some source/destination port rules for the gaming/server ports would be a good start.
All of the clients I specified are game consoles so I let them have the full range of ports I expect them to possibly use for game traffic (not worried about bittorrent clients on the consoles). Since the marks are being set on egress and you have no way to predetermine what hosts they will connect to except in limited circumstances (DNS requests for hosted servers, which are handled by ipsets) I considered that the easiest way to handle them.
Did you feel any diffrence
Edit: I will try to flash my wrt1900acsv2 with davidc502 firmware and try this:
iptables -t mangle -A POSTROUTING -j DSCP --set-dscp-class CS0
iptables -t mangle -A POSTROUTING -p icmp -j DSCP --set-dscp-class CS4
iptables -t mangle -A POSTROUTING -p udp --sport 3074 -j DSCP --set-dscp-class CS4
iptables -t mangle -A POSTROUTING -p udp --dport 3074 -j DSCP --set-dscp-class CS4
No I couldn't tell a difference in case of the hit detection but as I said these rules only work for egress and I can only notice a noticeable (negative) impact on gaming when there is heavy torrenting or steam updates are going on. So a working priotizizing for ingress is needed to make things better for gaming.
Hopefully I'll find time at the weekend to try out the script which Barrakketh provided and see if that fixes my problems.
I will try to respond to all of you tomorrow!
Needs veth. Pages 1-14 was a huge discussion with dlakelan and hisham2630 directing newcomers with the veth settings and firewall interaction within openwrt. This long thread has so many resources if yall just dig...
Looking at devmail at cake, there has been some attempts at trying to get cake to carry connmarks but doubt that will go mainline.
After ~9 months of soaking this SQM settings, I just like to say it works really well!
Thanks again @dlakelan for the original idea from your blog + contributions and @hisham2630 for creating this thread repository + contributions. Some user stated this thread should be marked "solved" -- that had to be a joke right??
@hisham2630
You turn on ack filtering in one of your later posts -- I have unacceptable tradeoff experience with it compared to ack filtering off.
Unacceptable in this case as defined: 95% of the time it works wonderfully but sometimes I have website timeouts whereas ack filter off--100% website is reached, no timeouts.
Comparing notes, do you have 100% positive experience?
Thanks for your feedback @QOS, hisham and I spent a lot of time trying out many different things. He has a fairly unique and unusual network connection, with different channels to caches that offer him higher speed vs the general internet. In any case. I agree with you that when you mark with DSCP and you get end-to-end QOS including WMM you do feel the snap of it all for realtime communications, such as VOIP or games or whatever.