Page 1 of 2
Trouble with L7 QoS
Posted: Sun May 12, 2013 7:23 pm
by Rafael
Hi, everyone!
*background story start*
I am really new to both Gargoyle and OpenWRT!
I have been using Tomato with my Linksys WRT54G for quite some time! However, I had to acquire a new router to cover a "dead zone" in my home.
Since this new router (Buffalo WZR-HP-AG300H) is way more powerful then the old router (Linksys WRT54G) and my bandthwidth has increased a little bit, I decided to make the buffalo router my main one, and since Tomato is not supported, I decided to give Gargoyle a go (seemed the best fit for me).
*background story end*
Anyway, I have setup everything as close as I could as it was on tomato and gave it a try. But I am already having trouble! I downloaded all the L7 protocols and added the shoutcast one to the l7index, and created a QoS rule to match it, however it always falls for the default rule! Even though it clearly matches the L7 protocol!
In the connection list it shows like this:
Code: Select all
Proto WAN Host/LAN Host Bytes Up/Down Qos Up/Down L7 Proto
tcp 173.192.45.18:10010 6.812 KBytes P2P Shoutcast
rafael-pc:52224 379.767 KBytes P2P
There is no P2P rule above the shoutcast one yet it doesn't get applied.
PS: A addional issue I just noticed is that now all connections list the Down classification as "NA". It got fixed after reboot.
PS2: tried to upload screenshot but have been unable. If I manage I will update with screenshots.
Any ideas?
Re: Trouble with L7 QoS
Posted: Sun May 12, 2013 10:43 pm
by pbix
Yes we do need those screen shots so keep trying.
Also what version of Gargoyle are you using for the record.
Also be sure to read my comment on L7 Pattern matching in the Gargoyle QoS Configuration WIki.
Re: Trouble with L7 QoS
Posted: Mon May 13, 2013 8:18 am
by Rafael
Hi!
UPDATE: Gargoyle version 1.5.9
Here are the screens:
- connections2.png (208.16 KiB) Viewed 8626 times
- rules2.png (200.53 KiB) Viewed 8626 times
The upload rules are the same as the download ones (exception for the source/destination).
The L7 column show that the pattern has match successfully, however the classification rule haven't somehow.
I double checked the l7index and it is correct.
Thanks.
Re: Trouble with L7 QoS
Posted: Mon May 13, 2013 8:58 pm
by pbix
Are you using Quotas? They take precedence over anything classifications on the QOS pages.
If not, please post complete QOS pages, not just what you think is important.
Also please post the output from the following command at the command prompt of your router. Again, the complete output.
Re: Trouble with L7 QoS
Posted: Mon May 13, 2013 10:31 pm
by Rafael
Hi!
Here it is the output of command you asked me to run:
Code: Select all
BusyBox v1.19.4 (2013-01-03 08:17:10 EST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
------------------------------------------------------------------
| _____ _ |
| | __ \ | | |
| | | \/ __ _ _ __ __ _ ___ _ _| | ___ |
| | | __ / _` | '__/ _` |/ _ \| | | | |/ _ \ |
| | |_\ \ (_| | | | (_| | (_) | |_| | | __/ |
| \____/\__,_|_| \__, |\___/ \__, |_|\___| |
| __/ | __/ | |
| |___/ |___/ |
| |
|----------------------------------------------------------------|
| Gargoyle version 1.5.9 | OpenWrt Attitude Adjustment branch |
| Gargoyle revision f73df29 | OpenWrt revision r34879 |
| Built January 03, 2013 | Target ar71xx/usb_large |
------------------------------------------------------------------
root@router1:~# iptables -vnL -t mangle
Chain PREROUTING (policy ACCEPT 16M packets, 11G bytes)
pkts bytes target prot opt in out source destination
1934K 247M l7marker all -- * * 0.0.0.0/0 0.0.0.0/0 connbytes 0:20 connbytes mode packets connbytes direction both connmark match 0x0/0xff0000
Chain INPUT (policy ACCEPT 263K packets, 58M bytes)
pkts bytes target prot opt in out source destination
111K 28M qos_ingress all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 15M packets, 11G bytes)
pkts bytes target prot opt in out source destination
15M 11G zone_wan_MSSFIX all -- * * 0.0.0.0/0 0.0.0.0/0
8657K 8409M qos_ingress all -- eth1 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 186K packets, 36M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 16M packets, 11G bytes)
pkts bytes target prot opt in out source destination
1600K 192M l7marker all -- * * 0.0.0.0/0 0.0.0.0/0 connbytes 0:20 connbytes mode packets connbytes direction both connmark match 0x0/0xff0000
6930K 2374M bw_egress all -- * eth1 0.0.0.0/0 0.0.0.0/0
6930K 2374M qos_egress all -- * eth1 0.0.0.0/0 0.0.0.0/0
Chain bw_egress (1 references)
pkts bytes target prot opt in out source destination
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 match-set local_addr_set src bandwidth --id bdist0-upload-2-449 --type individual_src --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 bandwidth --id total1-upload-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 match-set local_addr_set src bandwidth --id bdist1-upload-minute-15 --type individual_src --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 bandwidth --id total2-upload-minute-359 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 359
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 match-set local_addr_set src bandwidth --id bdist2-upload-900-24 --type individual_src --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 bandwidth --id total3-upload-180-479 --type combined --current_bandwidth 0 --reset_interval 180 --reset_time 180 --intervals_to_save 479
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 match-set local_addr_set src bandwidth --id bdist3-upload-hour-24 --type individual_src --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 bandwidth --id total4-upload-7200-359 --type combined --current_bandwidth 0 --reset_interval 7200 --reset_time 7200 --intervals_to_save 359
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 match-set local_addr_set src bandwidth --id bdist4-upload-day-31 --type individual_src --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 bandwidth --id total5-upload-day-365 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 365
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 match-set local_addr_set src bandwidth --id bdist5-upload-month-12 --type individual_src --reset_interval month --intervals_to_save 12
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x2/0x7f bandwidth --id qos0-up-uclass_1-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x2/0x7f bandwidth --id qos1-up-uclass_1-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x2/0x7f bandwidth --id qos2-up-uclass_1-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x2/0x7f bandwidth --id qos3-up-uclass_1-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x2/0x7f bandwidth --id qos4-up-uclass_1-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x2/0x7f bandwidth --id qos5-up-uclass_1-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x3/0x7f bandwidth --id qos0-up-uclass_2-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x3/0x7f bandwidth --id qos1-up-uclass_2-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x3/0x7f bandwidth --id qos2-up-uclass_2-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x3/0x7f bandwidth --id qos3-up-uclass_2-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x3/0x7f bandwidth --id qos4-up-uclass_2-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x3/0x7f bandwidth --id qos5-up-uclass_2-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x4/0x7f bandwidth --id qos0-up-uclass_3-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x4/0x7f bandwidth --id qos1-up-uclass_3-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x4/0x7f bandwidth --id qos2-up-uclass_3-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x4/0x7f bandwidth --id qos3-up-uclass_3-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x4/0x7f bandwidth --id qos4-up-uclass_3-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x4/0x7f bandwidth --id qos5-up-uclass_3-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x5/0x7f bandwidth --id qos0-up-uclass_4-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x5/0x7f bandwidth --id qos1-up-uclass_4-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x5/0x7f bandwidth --id qos2-up-uclass_4-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x5/0x7f bandwidth --id qos3-up-uclass_4-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x5/0x7f bandwidth --id qos4-up-uclass_4-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x5/0x7f bandwidth --id qos5-up-uclass_4-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x6/0x7f bandwidth --id qos0-up-uclass_5-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x6/0x7f bandwidth --id qos1-up-uclass_5-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x6/0x7f bandwidth --id qos2-up-uclass_5-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x6/0x7f bandwidth --id qos3-up-uclass_5-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x6/0x7f bandwidth --id qos4-up-uclass_5-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x6/0x7f bandwidth --id qos5-up-uclass_5-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x7/0x7f bandwidth --id qos0-up-uclass_6-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x7/0x7f bandwidth --id qos1-up-uclass_6-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x7/0x7f bandwidth --id qos2-up-uclass_6-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x7/0x7f bandwidth --id qos3-up-uclass_6-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x7/0x7f bandwidth --id qos4-up-uclass_6-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x7/0x7f bandwidth --id qos5-up-uclass_6-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x8/0x7f bandwidth --id qos0-up-uclass_7-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x8/0x7f bandwidth --id qos1-up-uclass_7-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x8/0x7f bandwidth --id qos2-up-uclass_7-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x8/0x7f bandwidth --id qos3-up-uclass_7-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x8/0x7f bandwidth --id qos4-up-uclass_7-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x8/0x7f bandwidth --id qos5-up-uclass_7-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x9/0x7f bandwidth --id qos0-up-uclass_8-2-449 --type combined --current_bandwidth 0 --reset_interval 2 --reset_time 2 --intervals_to_save 449
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x9/0x7f bandwidth --id qos1-up-uclass_8-minute-15 --type combined --current_bandwidth 0 --reset_interval minute --intervals_to_save 15
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x9/0x7f bandwidth --id qos2-up-uclass_8-900-24 --type combined --current_bandwidth 0 --reset_interval 900 --reset_time 900 --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x9/0x7f bandwidth --id qos3-up-uclass_8-hour-24 --type combined --current_bandwidth 0 --reset_interval hour --intervals_to_save 24
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x9/0x7f bandwidth --id qos4-up-uclass_8-day-31 --type combined --current_bandwidth 0 --reset_interval day --intervals_to_save 31
0 0 all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x9/0x7f bandwidth --id qos5-up-uclass_8-month-12 --type combined --current_bandwidth 0 --reset_interval month --intervals_to_save 12
Chain l7marker (2 references)
pkts bytes target prot opt in out source destination
216K 27M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto bittorrent CONNMARK xset 0x10000/0xff0000
49051 3450K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto edonkey CONNMARK xset 0x20000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto gnutella CONNMARK xset 0x30000/0xff0000
1559 233K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto rtp CONNMARK xset 0x40000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto shoutcast CONNMARK xset 0x50000/0xff0000
14695 2235K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto skypeout CONNMARK xset 0x60000/0xff0000
1155 151K CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto skypetoskype CONNMARK xset 0x70000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto ssh CONNMARK xset 0x80000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto bittorrent CONNMARK xset 0x90000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto edonkey CONNMARK xset 0xa0000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto gnutella CONNMARK xset 0xb0000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto rtp CONNMARK xset 0xc0000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto shoutcast CONNMARK xset 0xd0000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto skypeout CONNMARK xset 0xe0000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto skypetoskype CONNMARK xset 0xf0000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto ssh CONNMARK xset 0x100000/0xff0000
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 connmark match 0x0/0xff0000 LAYER7 l7proto tor CONNMARK xset 0x110000/0xff0000
Chain qos_egress (1 references)
pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match !0x0 CONNMARK save mask 0x7f
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 mark match !0x0
6930K 2374M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x8
10614 988K MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443 MARK set 0x6
259K 128M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 MARK set 0x6
5987 934K MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 MARK set 0x6
1048K 63M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 MARK set 0x6
17734 1177K MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 MARK set 0x5
200 13378 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 MARK set 0x5
0 0 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x7
201K 107M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x7
0 0 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x7
798K 34M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x7
0 0 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 connbytes 10240:4294967295 connbytes mode bytes connbytes direction both MARK set 0x8
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 connbytes 10240:4294967295 connbytes mode bytes connbytes direction both MARK set 0x8
450 37082 MARK all -- * * 192.168.5.26 0.0.0.0/0 MARK set 0x4
0 0 MARK all -- * * 192.168.5.25 0.0.0.0/0 MARK set 0x4
0 0 MARK all -- * * 192.168.5.21 0.0.0.0/0 MARK set 0x4
0 0 MARK all -- * * 192.168.5.23 0.0.0.0/0 MARK set 0x4
0 0 MARK all -- * * 192.168.5.22 0.0.0.0/0 MARK set 0x4
0 0 MARK all -- * * 0.0.0.0/0 200.190.61.201 MARK set 0x4
1217 1240K MARK all -- * * 0.0.0.0/0 54.232.196.1 MARK set 0x4
1200 99283 MARK all -- * * 0.0.0.0/0 54.232.196.0 MARK set 0x4
11784 1002K MARK all -- * * 0.0.0.0/0 208.67.220.220 MARK set 0x5
11656 1016K MARK all -- * * 0.0.0.0/0 208.67.222.222 MARK set 0x5
6930K 2374M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0x7f
Chain qos_ingress (2 references)
pkts bytes target prot opt in out source destination
8769K 8437M IMQ all -- * * 0.0.0.0/0 0.0.0.0/0 IMQ: todev 0
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 mark match !0x0 CONNMARK save mask 0x7f00
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 mark match !0x0
8769K 8437M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x800
7829 802K MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:443 MARK set 0x600
234K 133M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 MARK set 0x600
5645 811K MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:80 MARK set 0x600
1978K 2800M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 MARK set 0x600
14722 1933K MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 MARK set 0x500
112 14310 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53 MARK set 0x500
0 0 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x700
166K 89M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x700
0 0 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x700
1596K 2330M MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 connbytes 1048576:4294967295 connbytes mode bytes connbytes direction both MARK set 0x700
0 0 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 connbytes 10240:4294967295 connbytes mode bytes connbytes direction both MARK set 0x800
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53 connbytes 10240:4294967295 connbytes mode bytes connbytes direction both MARK set 0x800
270 80079 MARK all -- * * 0.0.0.0/0 192.168.5.26 MARK set 0x400
0 0 MARK all -- * * 0.0.0.0/0 192.168.5.25 MARK set 0x400
0 0 MARK all -- * * 0.0.0.0/0 192.168.5.21 MARK set 0x400
0 0 MARK all -- * * 0.0.0.0/0 192.168.5.23 MARK set 0x400
0 0 MARK all -- * * 0.0.0.0/0 192.168.5.22 MARK set 0x400
0 0 MARK all -- * * 200.190.61.201 0.0.0.0/0 MARK set 0x400
1171 494K MARK all -- * * 54.232.196.1 0.0.0.0/0 MARK set 0x400
1628 1554K MARK all -- * * 54.232.196.0 0.0.0.0/0 MARK set 0x400
7518 999K MARK all -- * * 208.67.220.220 0.0.0.0/0 MARK set 0x500
7242 943K MARK all -- * * 208.67.222.222 0.0.0.0/0 MARK set 0x500
8769K 8437M CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save mask 0x7f00
Chain zone_wan_MSSFIX (1 references)
pkts bytes target prot opt in out source destination
221K 11M TCPMSS tcp -- * eth1 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
root@router1:~#
Plus the screenshots of both QoS:
http://rafael.org/arquivos/gargoyle/Gar ... -05-37.png
http://rafael.org/arquivos/gargoyle/Gar ... -09-14.png
UPDATE: I'm not using quotas.
Thanks.
Re: Trouble with L7 QoS
Posted: Mon May 13, 2013 11:07 pm
by Rafael
No L7 rule seems to be applied! I doubt that is actually a skype call but anyway (okay, I know it is not one), but it should have been applied as a call:
http://rafael.org/arquivos/gargoyle/Gar ... -59-14.png
I didn't put the entire page because the stupid browser plugin would just ignore me when I asked it to save the entire page (damn, I forgot how P2P is connection heavy, I am more a usenet kind of guy...)
Re: Trouble with L7 QoS
Posted: Tue May 14, 2013 9:23 pm
by pbix
I had a look at the data you posted. It seems that the iptable rules are not being written correctly on your router. I tested a few such rules on my router also running v1.5.9 and I do not have the same problem.
From the command line your can run /etc/init.d/qos_gargoyle restart and see if you can see any error messages of note.
To proceed further I suggest you reset your routers to default settings. Then without making any other changes enable one rule with L7 pattern matching. I think you will see that it works. Then you can see what step you made along the way that broke it.
Re: Trouble with L7 QoS
Posted: Wed May 15, 2013 10:46 pm
by Rafael
Thanks for the reply.
I will see when I can do this test you suggested.
Regarding the restart, it did indeed show quite a few errors, but I have no idea if they represent a actual problem.
Here is the output:
Code: Select all
BusyBox v1.19.4 (2013-01-03 08:17:10 EST) built-in shell (ash)
Enter 'help' for a list of built-in commands.
------------------------------------------------------------------
| _____ _ |
| | __ \ | | |
| | | \/ __ _ _ __ __ _ ___ _ _| | ___ |
| | | __ / _` | '__/ _` |/ _ \| | | | |/ _ \ |
| | |_\ \ (_| | | | (_| | (_) | |_| | | __/ |
| \____/\__,_|_| \__, |\___/ \__, |_|\___| |
| __/ | __/ | |
| |___/ |___/ |
| |
|----------------------------------------------------------------|
| Gargoyle version 1.5.9 | OpenWrt Attitude Adjustment branch |
| Gargoyle revision f73df29 | OpenWrt revision r34879 |
| Built January 03, 2013 | Target ar71xx/usb_large |
------------------------------------------------------------------
root@router1:~# /etc/init.d/qos_gargoyle restart
+ awk {print $5}
+ grep hfsc
+ tc qdisc show
+ tc qdisc del dev eth1 root
+ tc qdisc del dev imq0 root
+ delete_chain_from_table mangle qos_egress
+ delete_chain_from_table mangle qos_ingress
+ set +x
+ tc qdisc add dev eth1 root handle 1:0 hfsc default 1
+ tc class add dev eth1 parent 1:0 classid 1:1 hfsc ls rate 1000Mbit ul rate 900kbit
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:2 hfsc ls m2 100Mbit rt m1 192kbit d 20ms m2 96kbit
+ tc qdisc add dev eth1 parent 1:2 handle 2:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x2 fw flowid 1:2
+ tc filter add dev eth1 parent 2: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:3 hfsc ls m2 30Mbit rt m1 64kbit d 20ms m2 32kbit
+ tc qdisc add dev eth1 parent 1:3 handle 3:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x3 fw flowid 1:3
+ tc filter add dev eth1 parent 3: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:4 hfsc ls m2 100Mbit rt m1 192kbit d 20ms m2 96kbit
+ tc qdisc add dev eth1 parent 1:4 handle 4:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x4 fw flowid 1:4
+ tc filter add dev eth1 parent 4: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:5 hfsc ls m2 20Mbit rt m1 64kbit d 20ms m2 32kbit
+ tc qdisc add dev eth1 parent 1:5 handle 5:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x5 fw flowid 1:5
+ tc filter add dev eth1 parent 5: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:6 hfsc ls m2 500Mbit ul m2 800kbit
+ tc qdisc add dev eth1 parent 1:6 handle 6:1 sfq headdrop limit 30 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x6 fw flowid 1:6
+ tc filter add dev eth1 parent 6: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:7 hfsc ls m2 200Mbit ul m2 800kbit
+ tc qdisc add dev eth1 parent 1:7 handle 7:1 sfq headdrop limit 30 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x7 fw flowid 1:7
+ tc filter add dev eth1 parent 7: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:8 hfsc ls m2 40Mbit ul m2 700kbit
+ tc qdisc add dev eth1 parent 1:8 handle 8:1 sfq headdrop limit 26 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x8 fw flowid 1:8
+ tc filter add dev eth1 parent 8: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc class add dev eth1 parent 1:1 classid 1:9 hfsc ls m2 10Mbit rt m1 192kbit d 20ms m2 96kbit
+ tc qdisc add dev eth1 parent 1:9 handle 9:1 sfq headdrop limit 33 divisor 256
+ tc filter add dev eth1 parent 1:0 protocol ip handle 0x9 fw flowid 1:9
+ tc filter add dev eth1 parent 9: handle 1 flow divisor 256 map key nfct-src and 0xff
+ set +x
+ tc qdisc change dev eth1 root handle 1:0 hfsc default 8
+ iptables -t mangle -N qos_egress
+ iptables -t mangle -A POSTROUTING -o eth1 -j qos_egress
+ set +x
Bad argument `0xC0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xF0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xE0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xD0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0x100000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0x90000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xA0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xB0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t mangle -I qos_egress -j MARK --set-mark 0x8
+ iptables -t mangle -I qos_egress -m mark ! --mark 0x0 -j RETURN
+ iptables -t mangle -I qos_egress -m mark ! --mark 0x0 -j CONNMARK --save-mark --mask 0x007F
+ iptables -t mangle -A qos_egress -j CONNMARK --save-mark --mask 0x007F
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:2 hfsc rt m1 2048kbit d 20ms m2 1024kbit ls m1 100Mbit d 20ms m2 100Mbit
+ tc qdisc add dev imq0 parent 1:2 handle 2:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 2 protocol ip handle 0x200 fw flowid 1:2
+ tc filter add dev imq0 parent 2: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:3 hfsc rt m2 320kbit ls m2 20Mbit
+ tc qdisc add dev imq0 parent 1:3 handle 3:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 3 protocol ip handle 0x300 fw flowid 1:3
+ tc filter add dev imq0 parent 3: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:4 hfsc ls m2 60Mbit
+ tc qdisc add dev imq0 parent 1:4 handle 4:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 4 protocol ip handle 0x400 fw flowid 1:4
+ tc filter add dev imq0 parent 4: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:5 hfsc rt m2 64kbit ls m2 10Mbit
+ tc qdisc add dev imq0 parent 1:5 handle 5:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 5 protocol ip handle 0x500 fw flowid 1:5
+ tc filter add dev imq0 parent 5: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:6 hfsc ls m2 500Mbit ul m2 12000kbit
+ tc qdisc add dev imq0 parent 1:6 handle 6:1 sfq headdrop limit 225 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 6 protocol ip handle 0x600 fw flowid 1:6
+ tc filter add dev imq0 parent 6: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:7 hfsc ls m2 200Mbit ul m2 10000kbit
+ tc qdisc add dev imq0 parent 1:7 handle 7:1 sfq headdrop limit 187 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 7 protocol ip handle 0x700 fw flowid 1:7
+ tc filter add dev imq0 parent 7: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:8 hfsc ls m2 100Mbit ul m2 8000kbit
+ tc qdisc add dev imq0 parent 1:8 handle 8:1 sfq headdrop limit 150 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 8 protocol ip handle 0x800 fw flowid 1:8
+ tc filter add dev imq0 parent 8: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc class add dev imq0 parent 1:1 classid 1:9 hfsc rt m2 192kbit ls m2 10Mbit
+ tc qdisc add dev imq0 parent 1:9 handle 9:1 sfq headdrop limit 281 divisor 256
+ tc filter add dev imq0 parent 1:0 prio 9 protocol ip handle 0x900 fw flowid 1:9
+ tc filter add dev imq0 parent 9: handle 1 flow divisor 256 map key dst and 0xff
+ set +x
+ tc qdisc change dev imq0 root handle 1:0 hfsc default 8
+ iptables -t mangle -N qos_ingress
+ iptables -t mangle -A FORWARD -i eth1 -j qos_ingress
+ iptables -t mangle -A INPUT -i eth1 -j qos_ingress
+ set +x
Bad argument `0xC0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xF0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xE0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xD0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0x100000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0x90000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xA0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xB0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -t mangle -I qos_ingress -j MARK --set-mark 0x800
+ iptables -t mangle -I qos_ingress -m mark ! --mark 0x0 -j RETURN
+ iptables -t mangle -I qos_ingress -m mark ! --mark 0x0 -j CONNMARK --save-mark --mask 0x7F00
+ iptables -t mangle -I qos_ingress -j IMQ --todev 0
+ iptables -t mangle -A qos_ingress -j CONNMARK --save-mark --mask 0x7F00
+ set +x
root@router1:~#
What do you think?
Re: Trouble with L7 QoS
Posted: Thu May 16, 2013 7:47 am
by pbix
There are many error like this below in your script output.
Code: Select all
Bad argument `0xC0000/0xFF0000'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `0xF0000/0xFF0000'
These are the error related to this problem. I have tried but been unsuccessful in duplicating these error on my router.
In that script file we have the lines of interest.
Code: Select all
$echo_on
iptables -t $table -I $chain $tmp_proto $match_str -j MARK --set-mark $next_mark
$echo_off
In the output we should see the entire command printed and then any error the happens. Link this
Code: Select all
+ set +x
+ iptables -t mangle -I qos_ingress -m connmark --mark 0x60000/0xFF0000 -j MARK --set-mark 0x200
+
For some reason you are only getting the error output which seems very strange.
Please investigate if you can. I am traveling for the next few days so will not be back on the board until the weekend.
Re: Trouble with L7 QoS
Posted: Sat May 25, 2013 4:07 pm
by Rafael
UPDATE: There is a $echo_off just above the apply_all_rules function, that is why the source of the errors did not get printed.
UPDATE2: And there is no $echo_on in the function
I added a echo at the line you mentioned and it printed this:
Code: Select all
iptables -t mangle -I qos_ingress -m connmark --mark 0x50000 0xD0000/0xFF0000 0xFF0000 -j MARK --set-mark 0x300
Running the command by its own also yelds the error message.
Beyond ports and address rules I know nothing about iptables. So I can't really say if this command should have worked. Should it?
It only happen when I enable L7 rules (I guess this is the reason they do not work).
Any ideas for me to check?
Thanks.
