On Mon, Sep 09, 2013 at 12:02:20PM -0500, Karl O. Pinc wrote: > > It would be interesting to know, given the bandwdith you've got, just > how much you've had to discard in order to get this behavior. >
Hello Karl, My best guess is 15% at the most. Probably less. I don't know how my modem counts kBytes (1000 vs. 1024). > > Sorry, I didn't actually look at your config and it's not something I > can pay attention right now. > That's OK. By now I've figured out how to get QoS to work. According to this defect report there's an issue with the current qos-scripts: https://dev.openwrt.org/ticket/9620 I know almost nothing about iptables, so I decided to use u32 filters instead. Admittedly I didn't know anything about u32 filters either, but it sure was less effort to get to know the basics than getting an intro to iptables would have been :) Basically I started out with the output of /usr/lib/qos/generate.sh all 'generate.sh' is part of qos-scripts. Then I more or less replaced the iptable filters with u32 filters. The resulting script works pretty good for my use case. HTTP and HTTPS get priority like I want them to; trailers and newscasts now play nicely, the issues I had with qos-scripts are gone. All that's required is a bare AA 12.09 with tc and ifb support. insmod cls_u32 >&- 2>&- insmod em_u32 >&- 2>&- #insmod act_connmark >&- 2>&- insmod act_mirred >&- 2>&- insmod sch_ingress >&- 2>&- #insmod cls_fw >&- 2>&- insmod sch_hfsc >&- 2>&- insmod sch_fq_codel >&- 2>&- ifconfig pppoe-wan up txqueuelen 5 >&- 2>&- tc qdisc del dev pppoe-wan root >&- 2>&- #tc qdisc add dev pppoe-wan root handle 1: hfsc default 30 # Use the same line as above except default to the bulk class 1:40 tc qdisc add dev pppoe-wan root handle 1: hfsc default 40 tc class add dev pppoe-wan parent 1: classid 1:1 hfsc sc rate 650kbit ul rate 650kbit tc class add dev pppoe-wan parent 1:1 classid 1:10 hfsc rt m1 379kbit d 1201us m2 65kbit ls m1 379kbit d 1201us m2 361kbit ul rate 650kbit tc class add dev pppoe-wan parent 1:1 classid 1:20 hfsc rt m1 345kbit d 3004us m2 325kbit ls m1 345kbit d 3004us m2 180kbit ul rate 650kbit tc class add dev pppoe-wan parent 1:1 classid 1:30 hfsc ls m1 0kbit d 100000us m2 90kbit ul rate 650kbit tc class add dev pppoe-wan parent 1:1 classid 1:40 hfsc ls m1 0kbit d 200000us m2 18kbit ul rate 650kbit tc qdisc add dev pppoe-wan parent 1:10 handle 100: fq_codel tc qdisc add dev pppoe-wan parent 1:20 handle 200: fq_codel tc qdisc add dev pppoe-wan parent 1:30 handle 300: fq_codel tc qdisc add dev pppoe-wan parent 1:40 handle 400: fq_codel #tc filter add dev pppoe-wan parent 1: prio 1 protocol ip handle 1/0xff fw flowid 1:10 #tc filter add dev pppoe-wan parent 1: prio 2 protocol ip handle 2/0xff fw flowid 1:20 #tc filter add dev pppoe-wan parent 1: prio 3 protocol ip handle 3/0xff fw flowid 1:30 #tc filter add dev pppoe-wan parent 1: prio 4 protocol ip handle 4/0xff fw flowid 1:40 ifconfig ifb0 up txqueuelen 5 >&- 2>&- tc qdisc del dev ifb0 root >&- 2>&- #tc qdisc add dev ifb0 root handle 1: hfsc default 30 # Use the same line as above except default to the bulk class 1:40 tc qdisc add dev ifb0 root handle 1: hfsc default 40 tc class add dev ifb0 parent 1: classid 1:1 hfsc sc rate 8500kbit ul rate 8500kbit tc qdisc del dev pppoe-wan ingress >&- 2>&- tc qdisc add dev pppoe-wan ingress #tc filter add dev pppoe-wan parent ffff: protocol ip prio 1 u32 match u32 0 0 flowid 1:1 action connmark action mirred egress redirect dev ifb0 # Use the same line as above except remove the connmark action tc filter add dev pppoe-wan parent ffff: protocol ip prio 1 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ifb0 tc class add dev ifb0 parent 1:1 classid 1:10 hfsc rt m1 1926kbit d 229us m2 850kbit ls m1 1926kbit d 229us m2 4722kbit ul rate 8500kbit tc class add dev ifb0 parent 1:1 classid 1:20 hfsc rt m1 4429kbit d 229us m2 4250kbit ls m1 4429kbit d 229us m2 2361kbit ul rate 8500kbit tc class add dev ifb0 parent 1:1 classid 1:30 hfsc ls m1 0kbit d 100000us m2 1180kbit ul rate 8500kbit tc class add dev ifb0 parent 1:1 classid 1:40 hfsc ls m1 0kbit d 200000us m2 236kbit ul rate 8500kbit tc qdisc add dev ifb0 parent 1:10 handle 100: fq_codel tc qdisc add dev ifb0 parent 1:20 handle 200: fq_codel tc qdisc add dev ifb0 parent 1:30 handle 300: fq_codel tc qdisc add dev ifb0 parent 1:40 handle 400: fq_codel #tc filter add dev ifb0 parent 1: prio 1 protocol ip handle 1/0xff fw flowid 1:10 #tc filter add dev ifb0 parent 1: prio 2 protocol ip handle 2/0xff fw flowid 1:20 #tc filter add dev ifb0 parent 1: prio 3 protocol ip handle 3/0xff fw flowid 1:30 #tc filter add dev ifb0 parent 1: prio 4 protocol ip handle 4/0xff fw flowid 1:40 # Filtering # ICMP will be put into the priority class 1:10; we can use a tc shorthand for # this # Note: The tc shorthands assume a constant IPv4 header length; for stuff that # is within the first 20 Bytes of the IPv4 header, e.g. the IP protocol, this # works, but for stuff that is behind the first 20 Bytes (e.g. TCP/UDP ports) # we better use more complex filters just to be safe (and for that we'll need # hash tables and handles) # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 match ip protocol 1 0xff classid 1:10 # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 match ip protocol 1 0xff classid 1:10 # Let's put all UDP packets up to 500 bytes into the express class 1:20: # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 match ip protocol 17 0xff match u16 0x0000 0xfe0c at 2 classid 1:20 # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 match ip protocol 17 0xff match u16 0x0000 0xfe0c at 2 classid 1:20 # Hash Tables (ht) need to be created before they can be used # Here is the ht for small TCP packets; use it for ACK and SYN filtering on # select packets # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 handle 1: u32 divisor 1 # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 handle 1: u32 divisor 1 # Here is the ht for TCP packets that are either bigger than 128 Bytes or come # out of ht 1: unclassified # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 handle 2: u32 divisor 1 # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 handle 2: u32 divisor 1 # Here is the ht for UDP packets: # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 handle 3: u32 divisor 1 # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 handle 3: u32 divisor 1 # Now, this is copied & pasted from "cls_u32.txt" (found it online); according # to "russell" "it does calculate the position of the second header in an IP # packet"; this means that the *next* filter, which we *jump* to using "link", # will not start at the IP header of the packet, but instead it will start at # the next protocol's header, i.e. the TCP or UDP header. # Put all small TCP packets (up to 128 Bytes) into ht 1: for further filtering # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 link 1: offset at 0 mask 0f00 shift 6 plus 0 eat match ip protocol 6 0xff match u16 0x0000 0xff80 at 2 # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 link 1: offset at 0 mask 0f00 shift 6 plus 0 eat match ip protocol 6 0xff match u16 0x0000 0xff80 at 2 # Next we put all bigger (and small but unclassified) TCP packets into ht 2: # for further filtering # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 link 2: offset at 0 mask 0f00 shift 6 plus 0 eat match ip protocol 6 0xff # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 link 2: offset at 0 mask 0f00 shift 6 plus 0 eat match ip protocol 6 0xff # Same for UDP (protocol 17); put them into ht 3: # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 link 3: offset at 0 mask 0f00 shift 6 plus 0 eat match ip protocol 17 0xff # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 link 3: offset at 0 mask 0f00 shift 6 plus 0 eat match ip protocol 17 0xff # Now we add specific filters # Filters for ht 1:0; ACK and SYN packets from HTTP and HTTPS traffic are put # into class 1:10 # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 classid 1:10 ht 1:0 match tcp dst 80 0xffff match u8 0x10 0xff at 13 tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 classid 1:10 ht 1:0 match tcp dst 80 0xffff match u8 0x02 0xff at 13 tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 classid 1:10 ht 1:0 match tcp dst 443 0xffff match u8 0x10 0xff at 13 tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 classid 1:10 ht 1:0 match tcp dst 443 0xffff match u8 0x02 0xff at 13 # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 classid 1:10 ht 1:0 match tcp src 80 0xffff match u8 0x10 0xff at 13 tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 classid 1:10 ht 1:0 match tcp src 80 0xffff match u8 0x02 0xff at 13 tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 classid 1:10 ht 1:0 match tcp src 443 0xffff match u8 0x10 0xff at 13 tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 classid 1:10 ht 1:0 match tcp src 443 0xffff match u8 0x02 0xff at 13 # Filters for ht 2:0; HTTP and HTTPS are put into class 1:30 # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 classid 1:30 ht 2:0 match tcp dst 80 0xffff tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 classid 1:30 ht 2:0 match tcp dst 443 0xffff # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 classid 1:30 ht 2:0 match tcp src 80 0xffff tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 classid 1:30 ht 2:0 match tcp src 443 0xffff # Now UDP # Filters for ht 3:0, DNS traffic is put into the priority class 1:10: # Egress tc filter add dev pppoe-wan parent 1: protocol ip prio 1 u32 classid 1:10 ht 3:0 match udp dst 53 0xffff # Ingress tc filter add dev ifb0 parent 1: protocol ip prio 1 u32 classid 1:10 ht 3:0 match udp src 53 0xffff #insmod ipt_multiport >&- 2>&- #insmod ipt_CONNMARK >&- 2>&- #insmod ipt_length >&- 2>&- #iptables -t mangle -N qos_Default >&- 2>&- #iptables -t mangle -N qos_Default_ct >&- 2>&- #iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -m tcp -p tcp -m multiport --ports 22,53 -j MARK --set-mark 1/0xff #iptables -t mangle -A qos_Default_ct -m mark --mark 0/0xff -p udp -m udp -m multiport --ports 22,53 -j MARK --set-mark 1/0xff #iptables -t mangle -A qos_Default_ct -j CONNMARK --save-mark --mask 0xff #iptables -t mangle -A qos_Default -j CONNMARK --restore-mark --mask 0xff #iptables -t mangle -A qos_Default -m mark --mark 0/0xff -j qos_Default_ct # I didn't try to implement the following two rules with u32 #iptables -t mangle -A qos_Default -m mark --mark 1/0xff -m length --length 400: -j MARK --set-mark 0/0xff #iptables -t mangle -A qos_Default -m mark --mark 2/0xff -m length --length 800: -j MARK --set-mark 0/0xff #iptables -t mangle -A qos_Default -m mark --mark 0/0xff -p udp -m length --length :500 -j MARK --set-mark 2/0xff #iptables -t mangle -A qos_Default -p icmp -j MARK --set-mark 1/0xff #iptables -t mangle -A qos_Default -m mark --mark 0/0xff -p tcp -m tcp -m multiport --ports 20,21,465,563,873,995 -j MARK --set-mark 4/0xff #iptables -t mangle -A qos_Default -p tcp -m length --length :128 -m mark ! --mark 4/0xff -m tcp --tcp-flags ALL SYN -j MARK --set-mark 1/0xff #iptables -t mangle -A qos_Default -p tcp -m length --length :128 -m mark ! --mark 4/0xff -m tcp --tcp-flags ALL ACK -j MARK --set-mark 1/0xff #iptables -t mangle -A OUTPUT -o pppoe-wan -j qos_Default #iptables -t mangle -A FORWARD -o pppoe-wan -j qos_Default Kind regards, Sebastian _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
