FlexQoS FlexQoS 1.5.2 - Flexible QoS Enhancement Script for Adaptive QoS

[dave14305]

and OpenVPN download classification/accounting may be inaccurate.

Can you see the download bytes increasing on the 1:2 class on br0? They have to go somewhere, and I’m guessing they end up here because the firmware reporting ignores this class. And adding a new rule would probably not be a good idea.

 

[dave14305]

I wonder now if this VPN thing is the re-incarnation of the ancient “VPN download as upload” issue that used to be handled in the firmware until this reverted it:

libovpn: remove old AdaptiveQoS patch for upload marking that causes … · RMerl/asuswrt-merlin.ng@91d74fb

…the GT-AXE16000 to reboot

github.com

The question would be, do you see traffic going into the br0 qdisc with a 0x40000000/0xC0000000 mark, when it should be an 0x8…?

I hadn’t considered this a possibility because I assumed this was solved for good. But then the crashes came when trying to modify the marks on HND5.04 routers…

Some good history lessons if you search the FreshJR or FlexQoS threads for “0x40000000/0xc0000000”

 

[ExtremeFiretop]

Can you see the download bytes increasing on the 1:2 class on br0? They have to go somewhere, and I’m guessing they end up here because the firmware reporting ignores this class. And adding a new rule would probably not be a good idea.

I did a clean counter reset (service restart_qos) and captured deltas for all br0 classes plus the br0 root qdisc around a full speedtest.

The result was that br0 class 1:2 barely moves (+12 KB / +31 pkts) and no other br0 class increments meaningfully.
But the br0 root qdisc htb 1: increases by ~340 MB / ~296k pkts during the same run.

(I have nothing else connected to this router but my phone and running speedtests through the app)

So the OpenVPN download traffic is definitely going through br0 (root HTB bytes/packets jump), but it’s not being accounted in any HTB leaf class (including 1:2).
This suggests it’s bypassing per-class classification/accounting (unclassified/fastpath/direct), which could explain why firmware/FlexQoS download can show ~0.

Adding a “catch-all unclassified download out br0” rule could classify it, but I agree it may be risky.

The question would be, do you see traffic going into the br0 qdisc with a 0x40000000/0xC0000000 mark, when it should be an 0x8…?

I also did a before/after snapshot of tc mark-hit counters (no counter resets; just deltas).

Test code used:

snap_tc_marks() {
  dev="$1"
  tc -s filter show dev "$dev" 2>/dev/null | awk '
    / mark 0x/ {
      mark=$2; mask=$3; suc=0
      for(i=1;i<=NF;i++) if($i=="(success") { suc=$(i+1); gsub(/\)/,"",suc) }
      printf "%s %s %s\n", mark, mask, suc
    }
  ' | sort
}

diff_tc_marks() {
  awk 'NR==FNR { b[$1 FS $2]=$3; next }
       { k=$1 FS $2; d=$3-(b[k]+0); if(d) printf "%-12s %-12s %+d\n",$1,$2,d }' \
    "$1" "$2" | sort -k3,3nr
}

tcwan="$(cat /sys/module/tdts_udb/parameters/qos_wan 2>/dev/null || nvram get wan_ifname)"
snap_tc_marks br0    > /tmp/m.br0.before
snap_tc_marks "$tcwan" > /tmp/m.tcwan.before
# (speedtest ran here)
snap_tc_marks br0    > /tmp/m.br0.after
snap_tc_marks "$tcwan" > /tmp/m.tcwan.after
diff_tc_marks /tmp/m.br0.before /tmp/m.br0.after
diff_tc_marks /tmp/m.tcwan.before /tmp/m.tcwan.after

Output:

• br0 mark hit deltas: 0x0000/0xC0000000 +53
• tcwan mark hit deltas: 0x0000/0xC0000000 +113313

So on the WAN QoS interface I’m seeing a large amount of traffic hitting the “no direction bits set” bucket (0x0/0xC0000000), and I’m not seeing it counted under an 0x8… download-direction bucket.
That makes it look less like “download marked as upload (0x400…)” and more like “direction bits aren’t present / get cleared” by the time packets reach tcwan (which might also explain why FlexQoS download accounting can go to ~0).

 

[dave14305]

So on the WAN QoS interface I’m seeing a large amount of traffic hitting the “no direction bits set” bucket (0x0/0xC0000000)

So it doesn’t even end up in the special Router VPN upload class?

 

[ExtremeFiretop]

So it doesn’t even end up in the special Router VPN upload class?

Upload test does show up under "Upload", but not the download test, no.
If the download test packets was put in the VPN upload class, I'm assuming I would see the download tests show up under Upload in the Graph? No?

For OpenVPN, it really does look like this below.
Upload is found and correctly put in the Router/VPN Client Outbound Traffic Class, but download test is not detected at all.

 

[dave14305]

Upload test does show up under "Upload", but not the download test, no.
If the download test packets was put in the VPN upload class, I'm assuming I would see the download tests show up under Upload in the Graph? No?

I’m just confused what traffic you saw hitting the tcwan “no direction bits set” bucket (0x0/0xC0000000). You should only see upload traffic hitting tcwan, which is why I got confused.

I fully believe that download traffic exiting the VPN Client tunnel on the router skips over the bwdpi classification, but I’m wondering why it’s not even hitting the unclassified bucket on br0.

Just another good example how the closed-source QoS doesn’t like to be poked at.

 

[ExtremeFiretop]

I’m just confused what traffic you saw hitting the tcwan “no direction bits set” bucket (0x0/0xC0000000). You should only see upload traffic hitting tcwan, which is why I got confused.

I fully believe that download traffic exiting the VPN Client tunnel on the router skips over the bwdpi classification, but I’m wondering why it’s not even hitting the unclassified bucket on br0.

Just another good example how the closed-source QoS doesn’t like to be poked at.

I'm at the office now, but let me take another poke at it tonight and see if I can find any other clues.

It is really part of the "fun" of working on closed source stuff, all I can do is run different tests to try and get a better idea of what the "black box" is doing.

 

[ExtremeFiretop]

I’m just confused what traffic you saw hitting the tcwan “no direction bits set” bucket (0x0/0xC0000000). You should only see upload traffic hitting tcwan, which is why I got confused.

I fully believe that download traffic exiting the VPN Client tunnel on the router skips over the bwdpi classification, but I’m wondering why it’s not even hitting the unclassified bucket on br0.

Just another good example how the closed-source QoS doesn’t like to be poked at.

@dave14305
Did you toss your ASUS router when you migrated to your GL-iNet GL-MT6000?

 

[dave14305]

@dave14305
Did you toss your ASUS router when you migrated to your GL-iNet GL-MT6000?

It’s in the “black box” it came in sitting in my basement.

 

[Gravityz]

i am currently using flexqos v1.4.6

i notice that when i stream a livetv stream the stream is noticed and a steady graphic with the current bitrate is displayed
however when i start streaming a tv serie(not live) the stream is detected at first and i see the right graphic and bitrate but after a while the bitrate declines to zero. there is no other category which increases so it looks like no data is transferrred but the stream is still running
anybody else discovered this problem.

HW acceleration is off

 

[ExtremeFiretop]

i am currently using flexqos v1.4.6

i notice that when i stream a livetv stream the stream is noticed and a steady graphic with the current bitrate is displayed
however when i start streaming a tv serie(not live) the stream is detected at first and i see the right graphic and bitrate but after a while the bitrate declines to zero. there is no other category which increases so it looks like no data is transferrred but the stream is still running
anybody else discovered this problem.

HW acceleration is off

While I don't believe your issue is related to the version you have installed, as a rule of thumb I do not normally assist in troubleshooting outdated add-ons.
Any reason your not up to date? That being said for now I'll ask this; do you notice a similar issue with the built-in bandwidth monitor pictured below?

 

[Gravityz]

Hi,
i upgraded to v1.5.2
when it happens the bandwidth monitor also does not show the stream bitrate anymore
so the stream does not show up anywhere, not as video streaming but also not as other, it is as there is not streaming at all at the moment

i added an ip rule for my device and now it seems to recognize it as video stream but this is weird.

live tv stream is recognized, tv series stream is recognized at first but stream bitrate declines to zero as if there is no stream

RT-AX88u is my main. router running FlexQOS
RT-AX86 pro i my aimesh node
device is hard wired to my main router

 

[dave14305]

tv series stream is recognized at first but stream bitrate declines to zero as if there is no stream

Can you identify the connections for the stream in the Tracked Connections list? Do they also disappear, or does the category change when the traffic disappears from the graphs? Best to test without the iptables rule.

It’s very odd that it disappears especially since HW acceleration is off.

 

[Gravityz]

OK remove IP rule.

When streaming live TV:
bandwidth monitor show bitrate stream
app analysis show AppleTV is streaming Web Streaming
FlexQOS tracked connections is showing 1 or 2 connections to remote port 80 Web Streaming ~

When streaming series:
bandwidth monitor show bitrate stream
app analysis show AppleTV is streaming Web Streaming
FlexQOS tracked connections is showing 1-10 connections to remote port 80 Web Streaming ~

then after a while everything disappears
no more stream in the bandwidth monitor
app analysis shows no asctivity anymore

FlexQOS tracked connections disappear, only 1 Webstream seems to stay active but without any bandwidth usage.

when i add an ip rule everything works
if i remove the ip rule it keeps on working until a reboot

 

[Gravityz]

just tested when i switched back to cake.
stream keeps on showing.
so somehow FlexQOS looses it's stream/bitrate.

could it be that the stream concists of multiple stream sessios and that flexqos looses track or only keeps track of 1-2 streams, not like 10

 

[dave14305]

Web Streaming ~

Is this how the Application looks in the connection list? With the tilde at the end? That indicates an AppDB rule changed the Class, but that would have been changed at the beginning of the stream. Probably not related, but just trying to think of any possible anomaly.

could it be that the stream concists of multiple stream sessios and that flexqos looses track or only keeps track of 1-2 streams, not like 10

You could also test this after uninstalling FlexQoS, because most of the work is done by Adaptive QoS anyway. FlexQoS allows you to change certain traffic, and draws nicer graphs, but most of the behavior you describe should also appear using only the built-in Classification page without FlexQoS.

 

[Gravityz]

i switched to cake and everyhing was like it should.
then i switched back to FlexQOS and everything also workd like it should.
i removed the appdb redirecrtion entry for webstream(did not know if i needed it) and now the ~ is gone also.
so for now it seems to work like intended and will test for a while

should i remove the other appdb entries as well?

the only other ones i see with a tilde are google play and snapchat which indeed have appdb rules

 

[dave14305]

i switched to cake and everyhing was like it should.

CAKE is usually the best answer if you have modest ISP bandwidth (less than 400 Mbit).

should i remove the other appdb entries as well?

Probably not necessary. I thought “Web Streaming” was unusual only because I don’t remember seeing that one when I used to use Adaptive QoS.

Sadly, as the last few days have shown, even when problems are observed with FlexQoS or Adaptive QoS, there are few options to actually fix anything.