FlexQoS FlexQoS 1.3.2 - Flexible QoS Enhancement Script for Adaptive QoS

dave14305

Part of the Furniture
FlexQoS Version 1.3.2 - Released 16-Sep-2022

This is just a minor release with an iptables optimization. Nothing exciting or outwardly visible has changed.
  • CHANGED: Split iptables rules into separate upload and download chains to avoid unnecessary rule traversal
  • CHANGED: Tweaked 'debug' command output formatting for better readability

FlexQoS Version 1.3.1 - Released 15-Mar-2022
Beware the ides of March!

This is just a minor bugfix release to address some issues I noticed now that I've been eating my own dogfood again.

FIXED: IPv6 connections sometimes incorrectly mapped to an incorrect rule with a local IPv4 address defined.
CHANGED: Changing graph scale from Linear to Logarithmic is now instantaneous instead of waiting until the next refresh.
REMOVED: FreshJR_QOS migration script

FlexQoS Version 1.3.0 - Released 07-Nov-2021

NEW:
  • Automatic IPv6 support for iptables rules using local IPv4 CIDRs. Local IPv4 CIDRs are mapped to equivalent IPv6 addresses via MAC address, using iptables and ipsets.
CHANGED:
  • Classify outbound DNS, DoT and NTP as Net Control Packets. This traffic previously bypassed QoS.
FIXED:
  • Avoid conflicts with Selective Routing fwmarks when combined with Adaptive QoS marks for outbound DNS from router
REMOVED:
  • Nightly check cronjob at 3:30 AM since it seems superfluous now.
Previous versions discussed here.

Update via the WebUI, amtm, or the command line with flexqos update



Requirements:
  • ASUSWRT-Merlin 384.15 or higher
  • SSH, JFFS scripts enabled
  • Adaptive QoS enabled
Installation:
The simplest method for installation is to use amtm, option i, option 3.

For manual installation, paste the following command into your SSH terminal session:
Code:
/usr/sbin/curl "https://raw.githubusercontent.com/dave14305/FlexQoS/master/flexqos.sh" -o /jffs/addons/flexqos/flexqos.sh --create-dirs && chmod +x /jffs/addons/flexqos/flexqos.sh && sh /jffs/addons/flexqos/flexqos.sh -install
Source: https://github.com/dave14305/FlexQoS

Updates:
Code:
flexqos -update
# or
sh /jffs/addons/flexqos/flexqos.sh -update
You can also update via the "Check for Update" button in the WebUI.

User documentation available on Github:
 
Last edited:

dave14305

Part of the Furniture
This was the 1.2.6 beta release on the develop branch. Nothing new in that regard, but it was lingering too long on the develop branch.

The next major release will be considered 2.0 and it will incorporate CAKE into FlexQoS (but separate from CakeQoS-Merlin, which doesn't require any Trend Micro EULA).
 

SomeWhereOverTheRainBow

Part of the Furniture
FlexQoS Version 1.3.0 - Released 07-Nov-2021

NEW:
  • Automatic IPv6 support for iptables rules using local IPv4 CIDRs. Local IPv4 CIDRs are mapped to equivalent IPv6 addresses via MAC address, using iptables and ipsets.
CHANGED:
  • Classify outbound DNS, DoT and NTP as Net Control Packets. This traffic previously bypassed QoS.
FIXED:
  • Avoid conflicts with Selective Routing fwmarks when combined with Adaptive QoS marks for outbound DNS from router
REMOVED:
  • Nightly check cronjob at 3:30 AM since it seems superfluous now.
Previous versions discussed here.

Update via the WebUI, amtm, or the command line with flexqos update



Requirements:
  • ASUSWRT-Merlin 384.15 or higher
  • SSH, JFFS scripts enabled
  • Adaptive QoS enabled
Installation:
The simplest method for installation is to use amtm, option i, option 3.

For manual installation, paste the following command into your SSH terminal session:
Code:
/usr/sbin/curl "https://raw.githubusercontent.com/dave14305/FlexQoS/master/flexqos.sh" -o /jffs/addons/flexqos/flexqos.sh --create-dirs && chmod +x /jffs/addons/flexqos/flexqos.sh && sh /jffs/addons/flexqos/flexqos.sh -install
Source: https://github.com/dave14305/FlexQoS

Updates:
Code:
flexqos -update
# or
sh /jffs/addons/flexqos/flexqos.sh -update
You can also update via the "Check for Update" button in the WebUI.

User documentation available on Github:
Donations
Donations are graciously accepted via Paypal.
Awesome work. I am simply amazed by the automatic IPV6 support given the very limited ip6tables of Asuswrt. Great work!. As always, it is running great!
 

SomeWhereOverTheRainBow

Part of the Furniture
1636347811343.png

1636347849943.png


I love the reclassification of DNS, DoT and NTP traffic.
1636347966948.png


Maybe a potential new feature for users is to allow the gui to ignore traffic at specific ports in the tracked connections table that way users can better filter their traffic list.
 

BikeHelmet

Regular Contributor
Maybe a potential new feature for users is to allow the gui to ignore traffic at specific ports in the tracked connections table that way users can better filter their traffic list.
I get pages of those Net Control packets from all the printers that I have hooked up.

@dave14305 1.2.5 works fine on my RT-AC3200 with 384.13_10 - can you think of any reason 1.3.0 wouldn't work, or shall I try upgrading and see if it is fine? I don't actually use IPv6 here. (ISP limitation.)
 

BoostOver

Regular Contributor
d
FlexQoS Version 1.3.0 - Released 07-Nov-2021
Great job
A request:
Always thinking about online gaming ……
Would it be possible to see the internet flow in the ip/ports table used in real time?
As already done in:
It would be very useful to understand exactly what exactly the exact port is used since games now use a different port every time.
Thank You
 

BoostOver

Regular Contributor
I have reclassified the priority classes but apparently, in this
1B22406D-D397-4E25-AF1E-6C763F752492.png
example, the videos stream always remains high (it is classified as Learn From Home). Bug or my mistake?
Thanks
 

BikeHelmet

Regular Contributor
TrendMicro has some weird double-classification. If you move Learn-From-Home to the absolute bottom (Below Others), the things in it will go into other more proper categories.

Yes, that's a real weird one.

Most people here consider it a toxic category, kind of junk because some much random stuff falls into it if it's above others, so get rid of it. (Deprioritize it.)
 

chris.at

Regular Contributor
CHANGED:
  • Classify outbound DNS, DoT and NTP as Net Control Packets. This traffic previously bypassed QoS.
One question dave14305, not sure if I already asked during beta state, but if I remove my own DoT=NetControl rule it would be classified as WebTraffic although your rule is there. So I assume it's the wildcard mark rule which reclassifies it as WebTraffic, right? If so, I think it should be fine when you move your default rules to the FlexQoS iptables section since my own defined rule is working, or am I completely wrong?

1636362780915.png


1636362809402.png


Code:
-A OUTPUT -o eth0 -p udp -m multiport --dports 53,123 -j MARK --set-xmark 0x40090fff/0xc03f0fff
-A OUTPUT -o eth0 -p tcp -m multiport --dports 53,853 -j MARK --set-xmark 0x40090fff/0xc03f0fff
-A OUTPUT -o eth0 -p udp -m multiport ! --dports 53,123 -j MARK --set-xmark 0x4018ffff/0xc03fffff
-A OUTPUT -o eth0 -p tcp -m multiport ! --dports 53,853 -j MARK --set-xmark 0x4018ffff/0xc03fffff
-A POSTROUTING -j FlexQoS
-A FlexQoS -o br0 -p tcp -m multiport --sports 853 -j MARK --set-xmark 0x8009ffff/0xc03fffff
-A FlexQoS -o eth0 -p tcp -m multiport --dports 853 -j MARK --set-xmark 0x4009ffff/0xc03fffff
 
Last edited:

dave14305

Part of the Furniture
I love the reclassification of DNS, DoT and NTP traffic.
None of the newly reclassified traffic would show up in the Tracked Connections table, since it is not LAN to WAN traffic, but router to WAN traffic (iptables OUTPUT table). So I’m guessing your screenshot is showing some LAN device running Unbound, which would be classified as DNS by the TM engine.
Maybe a potential new feature for users is to allow the gui to ignore traffic at specific ports in the tracked connections table that way users can better filter their traffic list.
You can already set and “remember” a filter to hide port 53 by putting !53 in the Remote Port field.
 

dave14305

Part of the Furniture
Would it be possible to see the internet flow in the ip/ports table used in real time?
No, it’s not tracked at the IP/port level anywhere. The Bandwidth Monitor page tracks at the device/application level, which can’t be mapped to ip and port directly.
 

dave14305

Part of the Furniture
One question dave14305, not sure if I already asked during beta state, but if I remove my own DoT=NetControl rule it would be classified as WebTraffic although your rule is there. So I assume it's the wildcard mark rule which reclassifies it as WebTraffic, right? If so, I think it should be fine when you move your default rules to the FlexQoS iptables section since my own defined rule is working, or am I completely wrong?

View attachment 37258

View attachment 37259

Code:
-A OUTPUT -o eth0 -p udp -m multiport --dports 53,123 -j MARK --set-xmark 0x40090fff/0xc03f0fff
-A OUTPUT -o eth0 -p tcp -m multiport --dports 53,853 -j MARK --set-xmark 0x40090fff/0xc03f0fff
-A OUTPUT -o eth0 -p udp -m multiport ! --dports 53,123 -j MARK --set-xmark 0x4018ffff/0xc03fffff
-A OUTPUT -o eth0 -p tcp -m multiport ! --dports 53,853 -j MARK --set-xmark 0x4018ffff/0xc03fffff
-A POSTROUTING -j FlexQoS
-A FlexQoS -o br0 -p tcp -m multiport --sports 853 -j MARK --set-xmark 0x8009ffff/0xc03fffff
-A FlexQoS -o eth0 -p tcp -m multiport --dports 853 -j MARK --set-xmark 0x4009ffff/0xc03fffff
Leave your rule as it is. The new version only affects the router’s DNS traffic. DNS/DoT from the LAN won’t change their previous behavior.

If your DoT traffic was always properly identified as DoT you could just make an AppDB rule for the DoT mark to put it back in NetControl. If it was ever misclassified, then the iptables rule for port 853 makes more sense.
 

Kingp1n

Very Senior Member
I was running 1.2.6 dev and updated thru the webgui. It did the update successfully but now it reads 1.3.0 dev.

This is not a big deal but thought I would mention it here. I fixed it by running "flexqos stable" thru ssh.
 

Attachments

  • Screenshot_20211108-065112_Samsung Internet.jpg
    Screenshot_20211108-065112_Samsung Internet.jpg
    44.6 KB · Views: 172

chris.at

Regular Contributor
Thank you dave14305, now I got it - user initiated vs router initiated or in other words forward vs output chain. Thanks for enlightenment. ;)
Regarding the AppDB rule - yes, it got misclassified in the past so I made the iptables one which always works well.
 

Vexira

Part of the Furniture
FlexQoS Version 1.3.0 - Released 07-Nov-2021

NEW:
  • Automatic IPv6 support for iptables rules using local IPv4 CIDRs. Local IPv4 CIDRs are mapped to equivalent IPv6 addresses via MAC address, using iptables and ipsets.
CHANGED:
  • Classify outbound DNS, DoT and NTP as Net Control Packets. This traffic previously bypassed QoS.
FIXED:
  • Avoid conflicts with Selective Routing fwmarks when combined with Adaptive QoS marks for outbound DNS from router
REMOVED:
  • Nightly check cronjob at 3:30 AM since it seems superfluous now.
Previous versions discussed here.

Update via the WebUI, amtm, or the command line with flexqos update



Requirements:
  • ASUSWRT-Merlin 384.15 or higher
  • SSH, JFFS scripts enabled
  • Adaptive QoS enabled
Installation:
The simplest method for installation is to use amtm, option i, option 3.

For manual installation, paste the following command into your SSH terminal session:
Code:
/usr/sbin/curl "https://raw.githubusercontent.com/dave14305/FlexQoS/master/flexqos.sh" -o /jffs/addons/flexqos/flexqos.sh --create-dirs && chmod +x /jffs/addons/flexqos/flexqos.sh && sh /jffs/addons/flexqos/flexqos.sh -install
Source: https://github.com/dave14305/FlexQoS

Updates:
Code:
flexqos -update
# or
sh /jffs/addons/flexqos/flexqos.sh -update
You can also update via the "Check for Update" button in the WebUI.

User documentation available on Github:
Donations
Donations are graciously accepted via Paypal.
All I can say is its it's absolutely beautiful.
 

BoostOver

Regular Contributor
There is something wrong.
I have chaged class priority and now all videos stream are top!!
 

Attachments

  • 94DF216D-8D52-4F05-848B-33DB640914D1.png
    94DF216D-8D52-4F05-848B-33DB640914D1.png
    268.4 KB · Views: 184

BikeHelmet

Regular Contributor
There is something wrong.
I have chaged class priority and now all videos stream are top!!
Change your category order around on the QOS page - not the FlexQOS page. Go with something like this: (You want Learn-From-Home at the bottom, in Brown.)

1636409528831.png
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top