I installed recent 09-oct build and then qos-script from nbd repository and something is wrong. there is 'files' directory in the root and inside all of the files belongs to qos-script...

Fixed

Is it possible to use the qos-scripts on an interface other than the "wan" interface?

My router has its wan interface configured as "br2" which is a bridge between a newly created vlan3 (created from 2 lan ports) and the vlan1 wan port (so that I have a "hub" type of connection between the ISP and two self-firewalled machines sitting on vlan3). However, I would like to use the router to perform QoS on traffic that is sent out the WAN port on vlan1 (including traffic that is bridged from vlan3).

Maybe what I'm doing isn't possible -- I'm still reading what I can find to understand the details of how bridging/routing/forwarding/QoS all relate.

Would the solution be to create a duplicate set of wan_* nvram variables that use vlan1 as the ifname so that the qos-script can use these variables? Would this also mean I would have to make a change to the hotplug method of loading the qos-scripts?

As you can guess I don't understand how all these pieces fit together yet (trying though).

use anything other than 'wan' in the interface section name and add 'option device br2' to the interface section

Nbd, how can I adopt your script to work with esfq discipline? (I have this module from tomato software and
'insmod' seems working propetly

root@OpenWrt:~# insmod sch_esfq.o
Using sch_esfq.o
root@OpenWrt:~# lsmod
Module                  Size  Used by    Tainted: P
sch_esfq                5984   0 (unused)
ipt_IMQ                  672   1
ipt_length               336   4
ipt_layer7             10512   2
ipt_ipp2p               7320   1
ipt_CONNMARK             816   2
sch_red                 3216   2
sch_sfq                 3912   6
sch_hfsc               15960   2
cls_fw                  2888   8
imq                     2384   1
ehci-hcd               20556   0 (unused)
uhci                   30164   0 (unused)
usb-storage            68624   0 (unused)
sd_mod                 12500   0 (unused)
scsi_mod               70616   1 [usb-storage sd_mod]
usbcore                74808   1 [ehci-hcd uhci usb-storage]
ext2                   41528   0 (unused)
wlcompat               15520   0 (unused)
wl                    423640   0 (unused)
switch-robo             4460   0 (unused)
switch-core             4896   0 [switch-robo]
diag                    3616   0 (unused)

Thank you for the tip nbd, by using 'option device vlan1' I was able to have the script generate the output I desire. Now I just need to test that this is doing what I expect. Thanks again.

Ok forgive me, I am new to OpenWRT. I came to this community because of the solid QoS scipts offered. I have Sunrocket VOIP at home and nbd's script has given me fairly consistant MOS score of 4.0 with Visualware's VOIP test software. I have had 30-40% less jitter with this QoS script as well!

Now for my question, as I am still confused by other firewall related posts:

Firewall! Is the firewall now soley in /etc/config/firewall? This also appears to be where the webif is also storing firewall modifications. If /etc/config/firewall is indeed the new firewall location should firewall.user used at all?

How does one create a DMZ with the new /etc/config/firewall? Would the following work?:

forward::192.168.1.50

(Last edited by speedphreak on 8 Nov 2006, 17:21)

Very interesting. I just installed WR RC6. I can now use nbd's latest 9.2.1 scripts. Now the firewall is gone from the webif, so I decided to use firewall.user instead.

I'm not sure if im more confused or less confused now, lol...

I would still like to know if   forward::192.168.1.10   would essentially make a DMZ. It appears to be that the statement would be saying to forward all ports to 192.168.1.10.

Is the firewall coming back to the webif?

Was it decided that the project didn't want this feature?

Thanks!

the best thing i can guess is to do something like
forward:1-60000:<ip>
or however many ports are legitimate. i'm not sure how to do a DMZ from the new firewall config file. firewall.user is definitely a valid place to put custom rules (e.g. DMZ), but the new layout is made to do the kind of default settings that you would typically see in a webif as it is more easily parsed.

My earlier understanding of simply changing the qos-scripts to use vlan1 (described in my previous post) was incorrect as iptables apparently won't work on a device that makes up the bridge -- I guess I need ebtables to do this.

Can anybody can confirm if it is or is not possible to get qos-scripts with ebtables to shape traffic on a device that is part of a bridge? I'm hoping to avoid having to write tc filter rules directly. And if it's currently not possible that would save me a lot of reading.

It is currently not possible, but probably not that hard to implement...

It took a while for me to get back on this, but I believe I've finally managed to get the qos-scripts working with ebtables so I can do traffic-shaping on an ethernet bridge. I can't say definitively that *everything* is working as it should but I can verify that data is being distributed among the four qdiscs and my voip service is getting higher priority than the bulk traffic (which was my goal).

For my setup (with the wan port, vlan1, on a new ethernet bridge, br2, with two LAN ports on a new vlan, vlan3) with ebtables installed I had to modify the /etc/init.d/S35firewall script to change the MASQ rules to only MASQUERADE packets that come from the internal network (br0) as I believe the default MASQ rules were incorrectly doing source-nat on packets that were intended to be forwarded through the br2 bridge unchanged when ebtables was installed. This is what I ended up with (diff):

 ### MASQ
   iptables -t nat -A PREROUTING -j prerouting_rule
   iptables -t nat -A POSTROUTING -j postrouting_rule
-  iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
+  iptables -t nat -A POSTROUTING -o $WAN -s 192.168.1.0/24 -j MASQUERADE

I went down a few wrong paths before finally getting it right. As it turns out, along with the changes to the S35firewall rules all I really needed to do was to install the ebtables packages (ebtables and kmod-ebtables) and then make the change to the etc/config/qos (to change the "config interface wan" line to be "config interface dummy" and then set the interface I want the qos-scripts rule to operate on by adding the "option device vlan1" line underneath):

# INTERFACES:
config interface dummy
        option device vlan1
        option classgroup  "Default"

Now the qos-scripts will shape all traffic going out the vlan1 bridge sub-interface. That's about it; I have "transparent" traffic-shaping working along-side the regular nat/router operation (I'm not sure if "transparent" traffic-shaping can be used in the same manner as it is for transparent firewalling -- I intend it to mean that I'm shaping all traffic going out on vlan1, both bridged traffic from vlan3 and routed traffic from the br2 interface).

To add a bit more flexibility and security I modified the example rules in firewall.user to only allow incoming ssh conections from the "internal" side of the br2 bridge using the physdev iptables extenstion like this:

## Open port to WAN
## -- This allows port 22 to be answered by (dropbear on) the router
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -m physdev --physdev-in vlan3 -j ACCEPT
iptables        -A input_rule      -i $WAN -p tcp --dport 22 -m physdev --physdev-in vlan3 -j ACCEPT

This way I can connect to the router using the router's WAN ip address from any of the machines on the vlan3 side of the bridge but not from the vlan1 (aka internet) side.

Thank you to everybody for their efforts on the OpenWRT project as a whole. I am very impressed with the ease of installation, the number of features available in easy to install packages, and the reliability of the system as a whole.

... just remember that I did have to add another rule to iptables so that packets would be forwarded across the ethernet bridge (as described in the above post) when ebtables was loaded:

iptables -A FORWARD -m physdev --physdev-in vlan1 -j ACCEPT
iptables -A FORWARD -m physdev --physdev-out vlan1 -j ACCEPT

I have a feel that these rules may be a little too vague and may be accepting traffic that most firewally would typically want to avoid but my router is running on a non-secure section of the network so I'm not too concerned by it. If anybody knows a better iptables rule to allow forwarding all traffic through the ethernet bridge I'd happily listen to the advice.

Hello,

is there any source where I can find the algorithm being used for developing this script? I would like to understand the paramters being used in the  qos script in more detail. For example, linksharing, packetdelay, avgrate... how are these parameters being used for shaping the traffic?

I had been looking for the same information but have since found that the defaults are working well enough that I haven't been motivated to pursue this.

All I've been able to find are the links on the QoS How-To page (http://wiki.openwrt.org/MiniHowtos/QoSH … 28howto%29) to read up on how the HSFC queuing mechanism works in theory, http://www.cs.cmu.edu/~hzhang/HFSC/main.html and the links on the HSFC section of the Linux Traffic-Control-HOWTO at http://www.linux.com/howtos/Traffic-Con … ml#qc-hfsc. Of course the Traffic-Control-HOWTO itself and the LARTC HOWTO at http://www.lartc.org/howto/ could be useful too.

Sadly I haven't found any direct information on how the HSFC class is implemented on linux or clear descripton of what the tc parameters for HSFC actually do. I have a feeling it may be pretty similar to the Net/Free BSD implementation of HSFC though but I haven't followed up on that myself to be certain.

I'd like to experiment with tweaking some of the settings as well but without a better understanding the HSFC implementation I'd likely make things worse than better at this point.

many thanks CWM, your're right, without explicit information about the implementation, it is hard to reconfigure these parameters. If they really affect the QoS significantly is another question. I will work on that and post whatever I found the next days. It is however really sad that there's no doc for such a useful implementation.

Dear nbd.

I am using the QoS with the Webif2 interface, on the Asus WL500G, and have implemented your latest package 0.9.4-1

On a side issue, using the Webif2 interface any of the changes submitted are never saved,  but that doesnt bother me as i can edit the etc/config/qos file directly and thats no problem.

I am an ISDN user with 128k up and down.  Normal downloads are 14 to 14.5kilobytes ps
All I want to really do now is have any kind of traffic prioritise over P2P, so it seems your script should do this by default

the only changes i have made to your script is in the following section.

config interface wan
    option classgroup  "Default"
    option enabled      1
    option upload       128
    option download   128

Once the QoS starts to kick in I lose  what appears to be exactly 50% of my bandwidth - yet both ISDN channels are still active.  Also it does seem that the P2P does not get deprioritised when other protocols are in use.  For example in my testing i was running P2p on one computer and doing http downloads on another, and did a lot of testing. 

Is it possible the script simply doesnt suit a connection this slow?

I have trouble with the quality of voip.

So I commented out all lines in /etc/config/qos except the section for UDP packets -500 and set the class to "Priority".
In my tests this was the best quality, but in some cases (surfing on websites with many items/images) I get crackling in voip.
I think the biggest problem is the jitter (> 20ms; http://myspeed.visualware.com/voip/)
Where can I change the packet delay in /etc/config/qos?

Is there anything else what I can do?

zap-o-post

Hey.. I've installed OPENWRT because am trying to get QOS going.

Here’s my dilemma. When my network first started out I was only running Microsoft ISA 2004 which I use as a router. Then I had the need for VOIP. Well turned out that ISA 2004 nor 2006 support SIP. So I had a few WAN addresses from my ISP. So I decided to add a Linksys firewall to the mix to get VOIP going.  All I had to do was make sure that the phones had a gateway  address of the Linksys LAN gateway.  So now here comes the "but" since both the ISA and the linksys went out the same DSL modem .113 I couldnt just do QOS on the Linksys because it would only effect the clients that used the linksys as a Gateway.

So here’s my thoughts. I added another Linksys router to the mix running OPENWRT RC6. Disabled the WAN side of the router and gave the LAN side an IP from my ISP .114 in this case. I then went to my ISA box and updated its gateway to 114 and I also went to my Linksys running my VOIP and updated its gateway to 114. So now all traffic passes thru the Linksys running OpenWrt and that one has a gateway of my dsl modem set .113.

So here is where am at now. Everything is working but I would like to get Rudys or NBD script to do QOS for me. I've done my speed test a against a few city’s and I have my numbers. I've been able to modify the script but I don’t know if the way I have things configured will things work. Im looking to get QOS going so that my calls sound better. Am willing to hook things up physically different if I have to.

Hi.  I was wondering if someone especially nbd if he's around what the following does in the iptables as I'm new and confused about qos.

MARK match 0x1 length 400:65535 MARK set 0x0
MARK match 0x2 length 800:65535 MARK set 0x0

Only reason I'm asking is because it's not listed anywhere in the qos config file?  Also I'm wondering if it is wise to reclassify sip packets using layer7 because for whatever reason the class doesn't seem to catch any while if I change to reclassify it will activate.  Thanks a bunch.

It is listed, see 'maxsize' under the class settings. It automatically emits rules like that. That prevents packets over a certain size from being shaped under these classes.

thanks nbd.  Can you give me your impression of the qos settings when it comes to sip?

For example as I mentioned that layer7 sip and h323 does not seem to detect anything when classified but works when it's reclassified.  What's the benefit if any since layer7 will not work under that situation?

sip, h323 and skype are shaped properly for me in the default configuration

Hi!

Is it possible to use nbd's qos script to the wlan interface?

i am analyzing the qos script and i want to know more about the rules and what does mean the follow:

config classify
        option target       "Bulk"
        option layer7       "edonkey" ??? -------- can i change that option ??? which are my options ??
config classify
        option target       "Bulk"
        option layer7       "bittorrent"??? -------- can i change that option ???       Which are my options ??
config classify
        option target       "Priority"
        option ports        "22,53"  ???? ----- why DNS and SSH is priority???
config classify
        option target       "Normal"
        option proto        "tcp"
        option ports        "20,21,25,80,110,443,993,995"
config classify
        option target       "Express"
        option ports        "5190"
config default
        option target       "Express"
        option proto        "udp"
        option pktsize      "-500"  ???? ------- what is the unit of this option???   Why is -500 ??   Can i change this option ??
config reclassify
        option target       "Priority"
        option proto        "icmp"
config default
        option target       "Bulk"
        option portrange    "1024-65535"
config reclassify
        option target       "Priority"
        option proto        "tcp"
        option pktsize      "-128"   ???? ------- what is the unit of this option???   Why is -500 ??   Can i change this option ??
        option mark         "!Bulk"
        option tcpflags     "SYN"
config reclassify
        option target       "Priority"
        option proto        "tcp"
        option pktsize      "-128"
        option mark             "!Bulk"
        option tcpflags     "ACK"

Now in the follow part i have more questions, ¿can i agree more code lines for this script? ¿how can i manipulate this values, which is the maximun value and the minimum value? ¿when does the "priority_down" works? ¿when does the "normal_down" works?

config class "Priority"
        option packetsize  400
        option maxsize     400
        option avgrate     10
        option priority    20
config class "Priority_down"
        option packetsize  1000
        option avgrate     10

config class "Express"
        option packetsize  1000
        option maxsize     800
        option avgrate     50
        option priority    10

config class "Normal"
        option packetsize  1500
        option packetdelay 100
        option avgrate     10
        option priority    5
config class "Normal_down"
        option avgrate     20

config class "Bulk"
        option avgrate     1
        option packetdelay 200