Trouble with L7 QoS

Rafael · Post by **Rafael** » Sun May 12, 2013 7:23 pm

Hi, everyone!

*background story start*

I am really new to both Gargoyle and OpenWRT!

I have been using Tomato with my Linksys WRT54G for quite some time! However, I had to acquire a new router to cover a "dead zone" in my home.

Since this new router (Buffalo WZR-HP-AG300H) is way more powerful then the old router (Linksys WRT54G) and my bandthwidth has increased a little bit, I decided to make the buffalo router my main one, and since Tomato is not supported, I decided to give Gargoyle a go (seemed the best fit for me).

*background story end*

Anyway, I have setup everything as close as I could as it was on tomato and gave it a try. But I am already having trouble! I downloaded all the L7 protocols and added the shoutcast one to the l7index, and created a QoS rule to match it, however it always falls for the default rule! Even though it clearly matches the L7 protocol!

In the connection list it shows like this:

Code: Select all

Proto WAN Host/LAN Host     Bytes Up/Down  Qos Up/Down L7 Proto
tcp   173.192.45.18:10010   6.812 KBytes   P2P         Shoutcast
      rafael-pc:52224       379.767 KBytes P2P

There is no P2P rule above the shoutcast one yet it doesn't get applied.

PS: A addional issue I just noticed is that now all connections list the Down classification as "NA". It got fixed after reboot.

PS2: tried to upload screenshot but have been unable. If I manage I will update with screenshots.

Any ideas?

Post by **pbix** » Sun May 12, 2013 10:43 pm

Yes we do need those screen shots so keep trying.

Also what version of Gargoyle are you using for the record.

Also be sure to read my comment on L7 Pattern matching in the Gargoyle QoS Configuration WIki.

Rafael · Post by **Rafael** » Mon May 13, 2013 8:18 am

Hi!

UPDATE: Gargoyle version 1.5.9

Here are the screens:

: connections2.png (208.16 KiB) Viewed 8623 times

: rules2.png (200.53 KiB) Viewed 8623 times

The upload rules are the same as the download ones (exception for the source/destination).

The L7 column show that the pattern has match successfully, however the classification rule haven't somehow.

I double checked the l7index and it is correct.

Thanks.

Post by **pbix** » Mon May 13, 2013 8:58 pm

Are you using Quotas? They take precedence over anything classifications on the QOS pages.

If not, please post complete QOS pages, not just what you think is important.

Also please post the output from the following command at the command prompt of your router. Again, the complete output.

Code: Select all

iptables -vnL -t mangle

Rafael · Post by **Rafael** » Mon May 13, 2013 10:31 pm

Hi!

Here it is the output of command you asked me to run:

Code: Select all

BusyBox v1.19.4 (2013-01-03 08:17:10 EST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

------------------------------------------------------------------
|            _____                             _                 |
|           |  __ \                           | |                |
|           | |  \/ __ _ _ __ __ _  ___  _   _| | ___            |
|           | | __ / _` | '__/ _` |/ _ \| | | | |/ _ \           |
|           | |_\ \ (_| | | | (_| | (_) | |_| | |  __/           |
|            \____/\__,_|_|  \__, |\___/ \__, |_|\___|           |
|                             __/ |       __/ |                  |
|                            |___/       |___/                   |
|                                                                |
|----------------------------------------------------------------|
| Gargoyle version 1.5.9    | OpenWrt Attitude Adjustment branch |
| Gargoyle revision f73df29 | OpenWrt revision r34879            |
| Built January 03, 2013    | Target  ar71xx/usb_large           |
------------------------------------------------------------------
root@router1:~# iptables -vnL -t mangle
Chain PREROUTING (policy ACCEPT 16M packets, 11G bytes)
 pkts bytes target     prot opt in     out     source               destination
1934K  247M l7marker   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connbytes 0:20 connbytes mode packets connbytes direction both connmark match 0x0/0xff0000

Chain INPUT (policy ACCEPT 263K packets, 58M bytes)
 pkts bytes target     prot opt in     out     source               destination
 111K   28M qos_ingress  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 15M packets, 11G bytes)
 pkts bytes target     prot opt in     out     source               destination
  15M   11G zone_wan_MSSFIX  all  --  *      *       0.0.0.0/0            0.0.0.0/0
8657K 8409M qos_ingress  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 186K packets, 36M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 16M packets, 11G bytes)
 pkts bytes target     prot opt in     out     source               destination
1600K  192M l7marker   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connbytes 0:20 connbytes mode packets connbytes direction both connmark match 0x0/0xff0000
6930K 2374M bw_egress  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0
6930K 2374M qos_egress  all  --  *      eth1    0.0.0.0/0            0.0.0.0/0

Chain bw_egress (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist0-upload-2-449 --type individual_src --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total1-upload-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist1-upload-minute-15 --type individual_src --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total2-upload-minute-359 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 359
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist2-upload-900-24 --type individual_src --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total3-upload-180-479 --type combined --current_bandwidth 0 --reset_interval 180 --reset_time 180 --intervals_to_save 479
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist3-upload-hour-24 --type individual_src --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total4-upload-7200-359 --type combined --current_bandwidth 0 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist4-upload-day-31 --type individual_src --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           bandwidth --id total5-upload-day-365 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 365
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           match-set local_addr_set src bandwidth --id bdist5-upload-month-12 --type individual_src --reset_interval month --intervals_to_save 12
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos0-up-uclass_1-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos1-up-uclass_1-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos2-up-uclass_1-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos3-up-uclass_1-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos4-up-uclass_1-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x2/0x7f bandwidth --id qos5-up-uclass_1-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos0-up-uclass_2-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos1-up-uclass_2-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos2-up-uclass_2-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos3-up-uclass_2-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos4-up-uclass_2-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x3/0x7f bandwidth --id qos5-up-uclass_2-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos0-up-uclass_3-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos1-up-uclass_3-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos2-up-uclass_3-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos3-up-uclass_3-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos4-up-uclass_3-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x4/0x7f bandwidth --id qos5-up-uclass_3-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos0-up-uclass_4-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos1-up-uclass_4-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos2-up-uclass_4-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos3-up-uclass_4-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos4-up-uclass_4-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x5/0x7f bandwidth --id qos5-up-uclass_4-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x6/0x7f bandwidth --id qos0-up-uclass_5-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x6/0x7f bandwidth --id qos1-up-uclass_5-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x6/0x7f bandwidth --id qos2-up-uclass_5-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x6/0x7f bandwidth --id qos3-up-uclass_5-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x6/0x7f bandwidth --id qos4-up-uclass_5-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x6/0x7f bandwidth --id qos5-up-uclass_5-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x7/0x7f bandwidth --id qos0-up-uclass_6-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x7/0x7f bandwidth --id qos1-up-uclass_6-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x7/0x7f bandwidth --id qos2-up-uclass_6-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x7/0x7f bandwidth --id qos3-up-uclass_6-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x7/0x7f bandwidth --id qos4-up-uclass_6-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x7/0x7f bandwidth --id qos5-up-uclass_6-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x8/0x7f bandwidth --id qos0-up-uclass_7-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x8/0x7f bandwidth --id qos1-up-uclass_7-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x8/0x7f bandwidth --id qos2-up-uclass_7-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x8/0x7f bandwidth --id qos3-up-uclass_7-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x8/0x7f bandwidth --id qos4-up-uclass_7-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x8/0x7f bandwidth --id qos5-up-uclass_7-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x9/0x7f bandwidth --id qos0-up-uclass_8-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x9/0x7f bandwidth --id qos1-up-uclass_8-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x9/0x7f bandwidth --id qos2-up-uclass_8-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x9/0x7f bandwidth --id qos3-up-uclass_8-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x9/0x7f bandwidth --id qos4-up-uclass_8-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
    0     0            all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x9/0x7f bandwidth --id qos5-up-uclass_8-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12

Chain l7marker (2 references)
 pkts bytes target     prot opt in     out     source               destination
 216K   27M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto bittorrent CONNMARK xset 0x10000/0xff0000
49051 3450K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto edonkey CONNMARK xset 0x20000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto gnutella CONNMARK xset 0x30000/0xff0000
 1559  233K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto rtp CONNMARK xset 0x40000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto shoutcast CONNMARK xset 0x50000/0xff0000
14695 2235K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto skypeout CONNMARK xset 0x60000/0xff0000
 1155  151K CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto skypetoskype CONNMARK xset 0x70000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto ssh CONNMARK xset 0x80000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto bittorrent CONNMARK xset 0x90000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto edonkey CONNMARK xset 0xa0000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto gnutella CONNMARK xset 0xb0000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto rtp CONNMARK xset 0xc0000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto shoutcast CONNMARK xset 0xd0000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto skypeout CONNMARK xset 0xe0000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto skypetoskype CONNMARK xset 0xf0000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto ssh CONNMARK xset 0x100000/0xff0000
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           connmark match 0x0/0xff0000 LAYER7 l7proto tor CONNMARK xset 0x110000/0xff0000

Chain qos_egress (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 CONNMARK save mask 0x7f
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0
6930K 2374M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK set 0x8
10614  988K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:443 MARK set 0x6
 259K  128M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 MARK set 0x6
 5987  934K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 MARK set 0x6
1048K   63M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 MARK set 0x6
17734 1177K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 MARK set 0x5
  200 13378 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 MARK set 0x5
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x7
 201K  107M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x7
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x7
 798K   34M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x7
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53 connbytes 10240:4294967295 connbytes mode bytes connbytes direction both MARK set 0x8
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53 connbytes 10240:4294967295 connbytes mode bytes connbytes direction both MARK set 0x8
  450 37082 MARK       all  --  *      *       192.168.5.26         0.0.0.0/0           MARK set 0x4
    0     0 MARK       all  --  *      *       192.168.5.25         0.0.0.0/0           MARK set 0x4
    0     0 MARK       all  --  *      *       192.168.5.21         0.0.0.0/0           MARK set 0x4
    0     0 MARK       all  --  *      *       192.168.5.23         0.0.0.0/0           MARK set 0x4
    0     0 MARK       all  --  *      *       192.168.5.22         0.0.0.0/0           MARK set 0x4
    0     0 MARK       all  --  *      *       0.0.0.0/0            200.190.61.201      MARK set 0x4
 1217 1240K MARK       all  --  *      *       0.0.0.0/0            54.232.196.1        MARK set 0x4
 1200 99283 MARK       all  --  *      *       0.0.0.0/0            54.232.196.0        MARK set 0x4
11784 1002K MARK       all  --  *      *       0.0.0.0/0            208.67.220.220      MARK set 0x5
11656 1016K MARK       all  --  *      *       0.0.0.0/0            208.67.222.222      MARK set 0x5
6930K 2374M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0x7f

Chain qos_ingress (2 references)
 pkts bytes target     prot opt in     out     source               destination
8769K 8437M IMQ        all  --  *      *       0.0.0.0/0            0.0.0.0/0           IMQ: todev 0
    0     0 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0 CONNMARK save mask 0x7f00
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0           mark match !0x0
8769K 8437M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           MARK set 0x800
 7829  802K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:443 MARK set 0x600
 234K  133M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:443 MARK set 0x600
 5645  811K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:80 MARK set 0x600
1978K 2800M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:80 MARK set 0x600
14722 1933K MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 MARK set 0x500
  112 14310 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:53 MARK set 0x500
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x700
 166K   89M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x700
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x700
1596K 2330M MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x700
    0     0 MARK       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:53 connbytes 10240:4294967295 connbytes mode bytes connbytes direction both MARK set 0x800
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp spt:53 connbytes 10240:4294967295 connbytes mode bytes connbytes direction both MARK set 0x800
  270 80079 MARK       all  --  *      *       0.0.0.0/0            192.168.5.26        MARK set 0x400
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.5.25        MARK set 0x400
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.5.21        MARK set 0x400
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.5.23        MARK set 0x400
    0     0 MARK       all  --  *      *       0.0.0.0/0            192.168.5.22        MARK set 0x400
    0     0 MARK       all  --  *      *       200.190.61.201       0.0.0.0/0           MARK set 0x400
 1171  494K MARK       all  --  *      *       54.232.196.1         0.0.0.0/0           MARK set 0x400
 1628 1554K MARK       all  --  *      *       54.232.196.0         0.0.0.0/0           MARK set 0x400
 7518  999K MARK       all  --  *      *       208.67.220.220       0.0.0.0/0           MARK set 0x500
 7242  943K MARK       all  --  *      *       208.67.222.222       0.0.0.0/0           MARK set 0x500
8769K 8437M CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save mask 0x7f00

Chain zone_wan_MSSFIX (1 references)
 pkts bytes target     prot opt in     out     source               destination
 221K   11M TCPMSS     tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
root@router1:~#

Plus the screenshots of both QoS:
http://rafael.org/arquivos/gargoyle/Gar ... -05-37.png

http://rafael.org/arquivos/gargoyle/Gar ... -09-14.png

UPDATE: I'm not using quotas.

Thanks.

Rafael · Post by **Rafael** » Mon May 13, 2013 11:07 pm

No L7 rule seems to be applied! I doubt that is actually a skype call but anyway (okay, I know it is not one), but it should have been applied as a call:

http://rafael.org/arquivos/gargoyle/Gar ... -59-14.png

I didn't put the entire page because the stupid browser plugin would just ignore me when I asked it to save the entire page (damn, I forgot how P2P is connection heavy, I am more a usenet kind of guy...)

Post by **pbix** » Tue May 14, 2013 9:23 pm

I had a look at the data you posted. It seems that the iptable rules are not being written correctly on your router. I tested a few such rules on my router also running v1.5.9 and I do not have the same problem.

From the command line your can run /etc/init.d/qos_gargoyle restart and see if you can see any error messages of note.

To proceed further I suggest you reset your routers to default settings. Then without making any other changes enable one rule with L7 pattern matching. I think you will see that it works. Then you can see what step you made along the way that broke it.

Rafael · Post by **Rafael** » Wed May 15, 2013 10:46 pm

Thanks for the reply.

I will see when I can do this test you suggested.

Regarding the restart, it did indeed show quite a few errors, but I have no idea if they represent a actual problem.

Here is the output:

Code: Select all

BusyBox v1.19.4 (2013-01-03 08:17:10 EST) built-in shell (ash)
Enter 'help' for a list of built-in commands.

------------------------------------------------------------------
|            _____                             _                 |
|           |  __ \                           | |                |
|           | |  \/ __ _ _ __ __ _  ___  _   _| | ___            |
|           | | __ / _` | '__/ _` |/ _ \| | | | |/ _ \           |
|           | |_\ \ (_| | | | (_| | (_) | |_| | |  __/           |
|            \____/\__,_|_|  \__, |\___/ \__, |_|\___|           |
|                             __/ |       __/ |                  |
|                            |___/       |___/                   |
|                                                                |
|----------------------------------------------------------------|
| Gargoyle version 1.5.9    | OpenWrt Attitude Adjustment branch |
| Gargoyle revision f73df29 | OpenWrt revision r34879            |
| Built January 03, 2013    | Target  ar71xx/usb_large           |
------------------------------------------------------------------
root@router1:~# /etc/init.d/qos_gargoyle restart
+ awk {print $5}
+ grep hfsc
+ tc qdisc show
+ tc qdisc del dev eth1 root
+ tc qdisc del dev imq0 root
+ delete_chain_from_table mangle qos_egress
+ delete_chain_from_table mangle qos_ingress
+ set +x
+ tc qdisc add dev eth1 root handle 1:0 hfsc default 1
+ tc class add dev eth1 parent 1:0 classid 1:1 hfsc ls rate 1000Mbit ul rate 900kbit
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:2 hfsc ls m2 100Mbit rt m1 192kbit d 20ms m2 96kbit
+ tc qdisc add dev eth1 parent 1:2 handle 2:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x2 fw flowid 1:2
+ tc filter add dev eth1 parent 2: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:3 hfsc ls m2 30Mbit rt m1 64kbit d 20ms m2 32kbit
+ tc qdisc add dev eth1 parent 1:3 handle 3:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x3 fw flowid 1:3
+ tc filter add dev eth1 parent 3: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:4 hfsc ls m2 100Mbit rt m1 192kbit d 20ms m2 96kbit
+ tc qdisc add dev eth1 parent 1:4 handle 4:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x4 fw flowid 1:4
+ tc filter add dev eth1 parent 4: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:5 hfsc ls m2 20Mbit rt m1 64kbit d 20ms m2 32kbit
+ tc qdisc add dev eth1 parent 1:5 handle 5:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x5 fw flowid 1:5
+ tc filter add dev eth1 parent 5: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:6 hfsc ls m2 500Mbit ul m2 800kbit
+ tc qdisc add dev eth1 parent 1:6 handle 6:1 sfq headdrop limit 30 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x6 fw flowid 1:6
+ tc filter add dev eth1 parent 6: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:7 hfsc ls m2 200Mbit ul m2 800kbit
+ tc qdisc add dev eth1 parent 1:7 handle 7:1 sfq headdrop limit 30 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x7 fw flowid 1:7
+ tc filter add dev eth1 parent 7: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:8 hfsc ls m2 40Mbit ul m2 700kbit
+ tc qdisc add dev eth1 parent 1:8 handle 8:1 sfq headdrop limit 26 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x8 fw flowid 1:8
+ tc filter add dev eth1 parent 8: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:9 hfsc ls m2 10Mbit rt m1 192kbit d 20ms m2 96kbit
+ tc qdisc add dev eth1 parent 1:9 handle 9:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x9 fw flowid 1:9
+ tc filter add dev eth1 parent 9: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc qdisc change dev eth1 root handle 1:0 hfsc default 8
+ iptables -t mangle -N qos_egress
+ iptables -t mangle -A POSTROUTING -o eth1 -j qos_egress
+ set +x
Bad argument `0xC0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xF0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xE0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xD0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0x100000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0x90000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xA0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xB0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t mangle -I qos_egress -j MARK --set-mark 0x8
+ iptables -t mangle -I qos_egress -m mark ! --mark 0x0 -j RETURN
+ iptables -t mangle -I qos_egress -m mark ! --mark 0x0 -j CONNMARK --save-mark --mask 0x007F
+ iptables -t mangle -A qos_egress -j CONNMARK --save-mark --mask 0x007F
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:2 hfsc rt m1 2048kbit d 20ms m2 1024kbit ls m1 100Mbit d 20ms m2 100Mbit
+ tc qdisc add dev imq0 parent 1:2 handle 2:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 0x200 fw flowid 1:2
+ tc filter add dev imq0 parent 2: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:3 hfsc rt m2 320kbit ls m2 20Mbit
+ tc qdisc add dev imq0 parent 1:3 handle 3:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 3 protocol ip handle 0x300 fw flowid 1:3
+ tc filter add dev imq0 parent 3: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:4 hfsc ls m2 60Mbit
+ tc qdisc add dev imq0 parent 1:4 handle 4:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 4 protocol ip handle 0x400 fw flowid 1:4
+ tc filter add dev imq0 parent 4: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:5 hfsc rt m2 64kbit ls m2 10Mbit
+ tc qdisc add dev imq0 parent 1:5 handle 5:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 5 protocol ip handle 0x500 fw flowid 1:5
+ tc filter add dev imq0 parent 5: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:6 hfsc ls m2 500Mbit ul m2 12000kbit
+ tc qdisc add dev imq0 parent 1:6 handle 6:1 sfq headdrop limit 225 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 6 protocol ip handle 0x600 fw flowid 1:6
+ tc filter add dev imq0 parent 6: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:7 hfsc ls m2 200Mbit ul m2 10000kbit
+ tc qdisc add dev imq0 parent 1:7 handle 7:1 sfq headdrop limit 187 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 7 protocol ip handle 0x700 fw flowid 1:7
+ tc filter add dev imq0 parent 7: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:8 hfsc ls m2 100Mbit ul m2 8000kbit
+ tc qdisc add dev imq0 parent 1:8 handle 8:1 sfq headdrop limit 150 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 8 protocol ip handle 0x800 fw flowid 1:8
+ tc filter add dev imq0 parent 8: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:9 hfsc rt m2 192kbit ls m2 10Mbit
+ tc qdisc add dev imq0 parent 1:9 handle 9:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 9 protocol ip handle 0x900 fw flowid 1:9
+ tc filter add dev imq0 parent 9: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc qdisc change dev imq0 root handle 1:0 hfsc default 8
+ iptables -t mangle -N qos_ingress
+ iptables -t mangle -A FORWARD -i eth1 -j qos_ingress
+ iptables -t mangle -A INPUT -i eth1 -j qos_ingress
+ set +x
Bad argument `0xC0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xF0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xE0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xD0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0x100000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0x90000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xA0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xB0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t mangle -I qos_ingress -j MARK --set-mark 0x800
+ iptables -t mangle -I qos_ingress -m mark ! --mark 0x0 -j RETURN
+ iptables -t mangle -I qos_ingress -m mark ! --mark 0x0 -j CONNMARK --save-mark --mask 0x7F00
+ iptables -t mangle -I qos_ingress -j IMQ --todev 0
+ iptables -t mangle -A qos_ingress -j CONNMARK --save-mark --mask 0x7F00
+ set +x
root@router1:~#

What do you think?

Post by **pbix** » Thu May 16, 2013 7:47 am

There are many error like this below in your script output.

Code: Select all

Bad argument `0xC0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xF0000/0xFF0000'

These are the error related to this problem. I have tried but been unsuccessful in duplicating these error on my router.

In that script file we have the lines of interest.

Code: Select all

$echo_on
iptables -t $table -I $chain $tmp_proto $match_str -j MARK --set-mark $next_mark
$echo_off

In the output we should see the entire command printed and then any error the happens. Link this

Code: Select all

+ set +x
+ iptables -t mangle -I qos_ingress -m connmark --mark 0x60000/0xFF0000 -j MARK --set-mark 0x200
+

For some reason you are only getting the error output which seems very strange.

Please investigate if you can. I am traveling for the next few days so will not be back on the board until the weekend.

Rafael · Post by **Rafael** » Sat May 25, 2013 4:07 pm

UPDATE: There is a $echo_off just above the apply_all_rules function, that is why the source of the errors did not get printed.
UPDATE2: And there is no $echo_on in the function

I added a echo at the line you mentioned and it printed this:

Code: Select all

iptables -t mangle -I qos_ingress -m connmark --mark 0x50000 0xD0000/0xFF0000 0xFF0000 -j MARK --set-mark 0x300

Running the command by its own also yelds the error message.

Beyond ports and address rules I know nothing about iptables. So I can't really say if this command should have worked. Should it?

It only happen when I enable L7 rules (I guess this is the reason they do not work).

Any ideas for me to check?

Thanks.

Gargoyle Forum

Trouble with L7 QoS

Trouble with L7 QoS

Re: Trouble with L7 QoS

Re: Trouble with L7 QoS

Re: Trouble with L7 QoS

Re: Trouble with L7 QoS

Re: Trouble with L7 QoS

Re: Trouble with L7 QoS

Re: Trouble with L7 QoS

Re: Trouble with L7 QoS

Re: Trouble with L7 QoS