FlexQoS FlexQoS 1.0 - Flexible QoS Enhancement Script for Adaptive QoS

[andresmorago]

hello
im trying to add mark 0B0037 (openvpn) under file downloads but it still showing as work from home category. what could it be happening?

sorry for the crappy screenshots but the forum reduces the resolution

Spoiler: FlexQoS Debug

FlexQoS v1.0.0 released 2020-08-08
Development channel

Debug:

Log date: 2020-08-17 16:17:24-0400
Router Model: RT-AC68U
Firmware Ver: 384.18_0
tc WAN iface: eth0
Undf Prio: 2
Undf FlowID: 1:15
Classes Present: 8
Down Band: 120832
Up Band  : 5120
***********
Net Control: 1:10
Work-From-Home: 1:11
Gaming: 1:16
Others: 1:15
Web Surfing: 1:12
Streaming: 1:13
File Downloads: 1:14
Game Downloads: 1:17
***********
Downrates: 6041, 24166, 12083, 36249, 6041, 12083, 18124, 6041
Downceils: 120832, 120832, 120832, 120832, 120832, 120832, 120832, 120832
Downbursts: 6397b, 28793b, 14396b, 6393b, 4798b, 3197b, 3196b, 3197b
DownCbursts: 150345b, 150345b, 150345b, 150345b, 150345b, 150345b, 150345b, 150345b
DownQuantums: default, 302075, default, 453112, default, default, 226550, default
***********
Uprates: 256, 1024, 512, 512, 256, 1536, 768, 256
Upceils: 5120, 5120, 5120, 5120, 5120, 5120, 5120, 5120
Upbursts: 3200b, 3200b, 3200b, 3200b, 3200b, 3198b, 3198b, 3198b
UpCbursts: 6400b, 6400b, 6400b, 6400b, 6400b, 6400b, 6400b, 6400b
UpQuantums: default, default, default, default, default, default, default, default
***********
iptables settings: <>>udp>>500,4500>>3<>>udp>16384:16415>>>3<>>tcp>>119,563>>5<>>tcp>>80,443>08****>7<>>udp>>3478>>3<>>udp>50000:65535>>>3<>>tcp>>6690,8081>>5<>>tcp>>443>1400C2>5
-o br0 -p udp -m multiport --sports 500,4500 -j MARK --set-mark 0x80060001
-o eth0 -p udp -m multiport --dports 500,4500 -j MARK --set-mark 0x40060001
-o br0 -p udp --dport 16384:16415 -j MARK --set-mark 0x80060001
-o eth0 -p udp --sport 16384:16415 -j MARK --set-mark 0x40060001
-o br0 -p tcp -m multiport --sports 119,563 -j MARK --set-mark 0x80030001
-o eth0 -p tcp -m multiport --dports 119,563 -j MARK --set-mark 0x40030001
-o br0 -p tcp -m multiport --sports 80,443 -m mark --mark 0x80080000/0xc03f0000 -j MARK --set-mark 0x803f0001
-o eth0 -p tcp -m multiport --dports 80,443 -m mark --mark 0x40080000/0xc03f0000 -j MARK --set-mark 0x403f0001
-o br0 -p udp --sport 3478 -j MARK --set-mark 0x80060001
-o eth0 -p udp --dport 3478 -j MARK --set-mark 0x40060001
-o br0 -p udp --dport 50000:65535 -j MARK --set-mark 0x80060001
-o eth0 -p udp --sport 50000:65535 -j MARK --set-mark 0x40060001
-o br0 -p tcp -m multiport --sports 6690,8081 -j MARK --set-mark 0x80030001
-o eth0 -p tcp -m multiport --dports 6690,8081 -j MARK --set-mark 0x40030001
-o br0 -p tcp --sport 443 -m mark --mark 0x801400C2/0xc03fffff -j MARK --set-mark 0x80030001
-o eth0 -p tcp --dport 443 -m mark --mark 0x401400C2/0xc03fffff -j MARK --set-mark 0x40030001
***********
appdb rules: <000000>6<00006B>6<0D0007>5<0D0086>5<0D00A0>5<12003F>4<0B0037>5<13****>4<14****>4<1A****>5
filter add dev br0 protocol all prio 2 u32 match mark 0x80000000 0xc000ffff flowid 1:15
filter add dev eth0 protocol all prio 2 u32 match mark 0x40000000 0xc000ffff flowid 1:15
filter add dev br0 protocol all prio 2 u32 match mark 0x8000006B 0xc03fffff flowid 1:15
filter add dev eth0 protocol all prio 2 u32 match mark 0x4000006B 0xc03fffff flowid 1:15
filter add dev br0 protocol all prio 15 u32 match mark 0x800D0007 0xc03fffff flowid 1:14
filter add dev eth0 protocol all prio 15 u32 match mark 0x400D0007 0xc03fffff flowid 1:14
filter add dev br0 protocol all prio 15 u32 match mark 0x800D0086 0xc03fffff flowid 1:14
filter add dev eth0 protocol all prio 15 u32 match mark 0x400D0086 0xc03fffff flowid 1:14
filter add dev br0 protocol all prio 15 u32 match mark 0x800D00A0 0xc03fffff flowid 1:14
filter add dev eth0 protocol all prio 15 u32 match mark 0x400D00A0 0xc03fffff flowid 1:14
filter add dev br0 protocol all prio 20 u32 match mark 0x8012003F 0xc03fffff flowid 1:12
filter add dev eth0 protocol all prio 20 u32 match mark 0x4012003F 0xc03fffff flowid 1:12
filter add dev br0 protocol all prio 13 u32 match mark 0x800B0037 0xc03fffff flowid 1:14
filter add dev eth0 protocol all prio 13 u32 match mark 0x400B0037 0xc03fffff flowid 1:14
filter change dev br0 prio 22 protocol all handle 802::800 u32 flowid 1:12
filter change dev eth0 prio 22 protocol all handle 802::800 u32 flowid 1:12
filter change dev br0 prio 23 protocol all handle 804::800 u32 flowid 1:12
filter change dev eth0 prio 23 protocol all handle 804::800 u32 flowid 1:12
filter add dev br0 protocol all prio 2 u32 match mark 0x801A0000 0xc03f0000 flowid 1:14
filter add dev eth0 protocol all prio 2 u32 match mark 0x401A0000 0xc03f0000 flowid 1:14

 

[dave14305]

hello
im trying to add mark 0B0037 (openvpn) under file downloads but it still showing as work from home category. what could it be happening?

Your sixth iptables rule is capturing the traffic in the wide udp port range you've specified since it happens to be sourcing from a local port in that range. So it's moved to Work-From-Home.

 

[andresmorago]

Your sixth iptables rule is capturing the traffic in the wide udp port range you've specified since it happens to be sourcing from a local port in that range. So it's moved to Work-From-Home.

thanks dave!
so that will override the appdb even that im using a specific mark number? the iptables rule only has a port range with no other specified condition

 

[dave14305]

thanks dave!
so that will override the appdb even that im using a specific mark number? the iptables rule only has a port range with no other specified condition

Yes, because the iptables rule will assign a new mark belonging to Work-From-Home BEFORE the traffic reaches the AppDB filters.

The 50000:65535/udp rule is very generic. What is it meant to do?

 

[K4TTO]

If you don't saturate your bandwidth, you should be fine without QoS. I would disable it and watch the traffic and see if there is any noticeable impact on gaming. If this does not work, enable QoS and see if it helps.

Will do a stress test, with 2 tv and 2 smartphone with Netflix and something updating

 

[andresmorago]

Yes, because the iptables rule will assign a new mark belonging to Work-From-Home BEFORE the traffic reaches the AppDB filters.

The 50000:65535/udp rule is very generic. What is it meant to do?

Thanks Dave.
i have been trying to catch what sap voice calls since some of the connections come up without mark. I figured all of the, originate from that port range.
could you recommend a better approach for that?

thanks

 

[dave14305]

Thanks Dave.
i have been trying to catch what sap voice calls since some of the connections come up without mark. I figured all of the, originate from that port range.
could you recommend a better approach for that?

thanks

I don’t use WhatsApp, so I don’t have any specific recommendations. The current rule will basically include any udp connection from any device on your network that uses a source port in the ephemeral port range, which is more than you probably want.

Maybe someone else will have an example rule to share.

 

[Vexira]

Thanks Dave.
i have been trying to catch what sap voice calls since some of the connections come up without mark. I figured all of the, originate from that port range.
could you recommend a better approach for that?

thanks

What's app has a upnp port forwarding entry, I noticed it it so fast uses only one number and was tracked for me.

If it's not being tracked check the colour of the in tracked traffic and also the device it's coming from.

 

[chris.at]

WhatsApp voice and video calls:

 

[CriticJay]

Thanks for your work and this is the Gaming configuration I am using:

FYI: It's recommended that Learn-From-Home be the LAST item in the Adaptive QoS Category List.

 

[Cam]

FYI: It's recommended that Learn-From-Home be the LAST item in the Adaptive QoS Category List.

Why last?

 

[andresmorago]

What's app has a upnp port forwarding entry, I noticed it it so fast uses only one number and was tracked for me.

If it's not being tracked check the colour of the in tracked traffic and also the device it's coming from.

WhatsApp voice and video calls:
View attachment 25530

@Vexira @chris.at
thanks for your feedback
here are my tracked connections when im on a whatsapp voice call from my iphone. as you can see, most of the connections dont have a class number and occur on a random port number (always a high number)
only 2 connections are being correctly categorized as they have a mark number 000029

 

[CriticJay]

Why last?

That is practically a requirement for using this script, so you don't mess things up!

This is why you need to read the instructions before installing scripts...

 

[dave14305]

Why last?

That is practically a requirement for using this script, so you don't mess things up!

This is why you need to read the instructions before installing scripts...

Technically, the only requirement is that Learn-From-Home is lower than Streaming. Practically, there is nothing useful about Learn-From-Home as it is defined today by ASUS/Trend, which is why I still left the FreshJR Game Downloads repurposing intact. So the only reason to move it up from the bottom of the list would be to give Game Downloads higher priority.

You can move it up or down as you wish, as long as it remains below Streaming.

 

[dave14305]

@Vexira @chris.at
thanks for your feedback
here are my tracked connections when im on a whatsapp voice call from my iphone. as you can see, most of the connections dont have a class number and occur on a random port number (always a high number)
only 2 connections are being correctly categorized as they have a mark number 000029


View attachment 25548

Maybe this is a case for a udp rule for local ports 50000:65535 to remote ports 50000:65535 and Mark 000000?

 

[Cam]

That is practically a requirement for using this script, so you don't mess things up!

This is why you need to read the instructions before installing scripts...

Ouch! Perhaps you need to read the "instructions", as I couldnt find anywhere that it said it MUST be last, only behind streaming... as I just noticed @dave14305 confirmed in his post.

 

[andresmorago]

Maybe this is a case for a udp rule for local ports 50000:65535 to remote ports 50000:65535 and Mark 000000?

thanks dave. will give this a try and improve my current rule with only had 50000:65535 on local ports and mark 000000

 

[Wade Coxon]

Ouch! Perhaps you need to read the "instructions", as I couldnt find anywhere that it said it MUST be last, only behind streaming... as I just noticed @dave14305 confirmed in his post.

It's in the first post under "Known Issues", and also mentioned again in the third post as a FAQ "How I should set my priorities".
The direction to "read the instructions" was probably a bit too bluntly stated, since this tip isn't listed in the install instructions. However, it is generally a good idea to read all the available documentation for any third party addons, because they will often have little gochas and foibles like this.

 

[chris.at]

thanks dave. will give this a try and improve my current rule with only had 50000:65535 on local ports and mark 000000

Forget the local ports, just categorize the remote ports like you see it in my screenshot and your calls will be categorized correctly. If you don't believe me search the web for whatsapp voice and video ports and you will come to the same conclusion. To be more specific, only udp 3478 is missing the correct classification in your screenshot, other ports from my list can be used during calls, but rarely. Mainly 3478 is used and yes, it's not classified without manual interaction.

 

[sbsnb]

Gmail traffic from VPN client is correctly identified, but is categorized as Work-from-home.

I don't see a rule that would do such a thing. I thought FlexQoS showed all the rules, including built-in. Am I misunderstanding?