What's new

[Fork] FlexQoS - Flexible QoS Enhancement Script for Adaptive QoS

dave14305

Part of the Furniture
ill set this right now, but it didnt have those rules before i messed with it, was only devices i had set priorities to
I also tested dragging the "Default" icon to each device and hitting apply and it wrote all those devices to qos_rulelist after the default traditional rules. Not sure what's going on behind the scenes there.
 

rlj2

Occasional Visitor
I also tested dragging the "Default" icon to each device and hitting apply and it wrote all those devices to qos_rulelist after the default traditional rules. Not sure what's going on behind the scenes there.
same as i saw, i set everything that had previous priorities back to default, but they were still all listed there.
 

Milan

Regular Contributor
just for info - i am runnnig latest alpha :
Code:
class htb 10:256 parent 10:1 leaf 1256: prio 3 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
class htb 10:2 parent 10:1 leaf 1002: prio 2 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
class htb 10:3 parent 10:1 leaf 1003: prio 2 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
class htb 10:4 parent 10:1 leaf 1004: prio 2 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
class htb 10:5 parent 10:1 leaf 1005: prio 2 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
class htb 10:6 parent 10:1 leaf 1006: prio 2 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
class htb 10:7 parent 10:1 leaf 1007: prio 2 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
class htb 10:8 parent 10:1 leaf 1008: prio 2 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
class htb 10:9 parent 10:1 leaf 1009: prio 2 rate 16Kbit overhead 4 ceil 972800Kbit burst 3200b cburst 1216000b
 

andresmorago

Senior Member
For anyone with more than 10 devices on their network, and who do not use any form of device priority on the Bandwidth Monitor tab of the QoS webUI, I'm interested to know the output of this command on your router:
Code:
tc class show dev br0 | grep -E "parent 10:1 .* prio "
hello dave. i have around 12 to 16 devices (depending on the day)
Code:
[email protected]:/tmp/home/root# tc class show dev br0 | grep -E "parent 10:1 .* prio "
class htb 10:2 parent 10:1 leaf 1002: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:3 parent 10:1 leaf 1003: prio 3 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:4 parent 10:1 leaf 1004: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:5 parent 10:1 leaf 1005: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:6 parent 10:1 leaf 1006: prio 3 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:7 parent 10:1 leaf 1007: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:8 parent 10:1 leaf 1008: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:9 parent 10:1 leaf 1009: prio 3 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:11 parent 10:1 leaf 1011: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:256 parent 10:1 leaf 1256: prio 3 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:10 parent 10:1 leaf 1010: prio 3 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:13 parent 10:1 leaf 1013: prio 3 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:12 parent 10:1 leaf 1012: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:15 parent 10:1 leaf 1015: prio 3 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:14 parent 10:1 leaf 1014: prio 3 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:17 parent 10:1 leaf 1017: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
class htb 10:16 parent 10:1 leaf 1016: prio 2 rate 16Kbit overhead 18 ceil 148480Kbit burst 3200b cburst 185600b
[email protected]:/tmp/home/root#
 

fritzk3

Occasional Visitor
I am using OpenDNS servers for DNS Server 1 and 2. When I look at my QoS data for my work laptop, I see that most packets are identified with the OpenDNS server IP address and the category "Untracked".

I also connect to work through a Cisco VPN service, through which some of the traffic is routed.

Since much of my workday is conference calls using VOIP services like Skype and MS Teams, I would have expected to see much more of the Download pie graph taken up by the Work From Home category, but I see only 1.58 MB allocated there out of ~5 GB.

Short of dumping OpenDNS (can't do that for family filtering reasons), is there something else I can do to get FlexQoS to better recognize incoming packet types?
 

Morris

Regular Contributor
Hi Dave,

It looks like you confirmed the device priorities. How dose one identify the device and it's priority?

When I ran QOS on a large college network I found it best to:
- Have sufficient bandwidth for all the real time applications. Thus real time applications become a provisioning issue. If you don't provision enough bandwidth for the real time applications something is going to suffer.
- Consider most applications normal as they consume a limited amount of bandwidth. You don't need to worry about these applications as they will run with without consuming all your bandwidth unless there are too many of them and again this is a provisioning issue.
- Only worry about bandwidth hogs. That is applications that can consume all available bandwidth. If these applications are addressed via lower priority that limited them to any bandwidth left over by real time and normal applications. Examples are downloads, FTP, email with attachments. Clearly the pip's bandwidth must be provisioned with enough bandwidth to prevent indefinite postponement.

After playing with classifying and categorizing everything I quickly realized that the way I set things up at work in the past will work well at home. What I've done:

- Network Control is top priority and allocated up to 5%
- I place file transfer and game transfer at the bottom with 5% each. They will grow to fill what ever is left after all other classes consume what they need.
- The order and bandwidth allocation of the other classes dose not matter as I have sufficient bandwidth provisioned. Of cause I had to place them in an order in the list yet it dose not matter which one will come first as they will all get the bandwidth they need.

This simple approach has made managing the bandwidth on my home network a non issue. Should another application come along that consumes available bandwidth it will show up when I run reports of someone reports a performance issue. Then I simply categorize the application. That's rather uncommon.

I hope this helps you and others,

Morris
 

dave14305

Part of the Furniture
I am using OpenDNS servers for DNS Server 1 and 2. When I look at my QoS data for my work laptop, I see that most packets are identified with the OpenDNS server IP address and the category "Untracked".
I can't reproduce that behavior. I assume you mean you have put OpenDNS on the LAN DHCP Server DNS Server 1 and 2 fields? Why not just put it in WAN DNS 1 and 2 so everything talks to the router and the router uses DNS?
1600298121222.png

Since much of my workday is conference calls using VOIP services like Skype and MS Teams, I would have expected to see much more of the Download pie graph taken up by the Work From Home category, but I see only 1.58 MB allocated there out of ~5 GB.
There's a Skype/Teams custom rule in post #3 where you can help push more Skype traffic to Work-From-Home if undetected. But a boring Skype audio call doesn't consume much bandwidth if not using video.
EDIT: I lied, it wasn't there, but I just added mine.
 
Last edited:

dave14305

Part of the Furniture
It looks like you confirmed the device priorities. How dose one identify the device and it's priority?
Convolution is how. My rabbit trail for mapping a device to a tc leaf class:
  1. Find the full mark for a device's connection in /proc/bw_cte_dump.
    Code:
    # grep \.245 /proc/bw_cte_dump | head -5
    ipv4 tcp src=192.168.1.245 dst=52.242.211.89 sport=62057 dport=443 index=7128 mark=825400a7
    ipv4 tcp src=192.168.1.245 dst=52.85.224.50 sport=62775 dport=443 index=7309 mark=8253005e
    ipv4 tcp src=192.168.1.245 dst=52.242.211.89 sport=62056 dport=443 index=6387 mark=825400a7
    ipv4 tcp src=192.168.1.245 dst=165.225.60.27 sport=62700 dport=443 index=7655 mark=824b0044
    ipv4 tcp src=192.168.1.245 dst=54.183.140.32 sport=62096 dport=443 index=7651 mark=825400b9
  2. From above, mark 8253005e and 824b0044 are hiding the device bits "24". The 25 is combined with the 1 from application mark 1400a7. Masks masks masks.
  3. Having this 24 number, search for the tc filter that checks this mask.
    Code:
    # tc filter show dev br0 parent 10: | grep 0x824000 -B1
    filter protocol all pref 137 u32 fh 80c::800 order 2048 key ht 80c bkt 0 flowid 10:10
    mark 0x82400000 0xffc00000 (success 101)
  4. Now we know that this device will be mapped to class 10:10 under the Net Control class 1:10.
  5. 10:10 has a priority of 2.
    Code:
    # tc class show dev br0 parent 10: | grep 10:10
    class htb 10:10 parent 10:1 leaf 1010: prio 2 rate 16Kbit overhead 18 ceil 322560Kbit burst 3200b cburst 403200b
My main concern while studying what was going on in these leaf classes was finding a flaw that would force any modified traffic into the default 256 sub-class because the previous hardcoded marks in the script would overwrite those bits and force that traffic into a prio 3 class when non-modified traffic might be flowing through a higher prio 2 class. So that was important to fix for performance when 2 devices are competing within the same top-level class. But now seeing that some devices will be 2 and some will be 3 leaves me puzzled.

Adaptive QoS is probably overcomplicated with its 8 categories, much like the CAKE users bemoan using 8 tins as too much.

I think one of my next to-dos is going to be re-creating Learn-From-Home by publishing AppDB rules that will allow ASUS' announced Learn-From-Home categories (from the original Release Notes) to be prioritized separately from Web Surfing and Streaming.
- Online learning, including Khan academy®, Udemy®, Coursera®, TED®, VIPKiD®, 51Talk®, XDF®, Xueersi®
- Indoor training, including Zwift®, Peloton®, Onelap®
At some point we start dancing on the head of a pin so once you dial in to the right bandwidth numbers, it should be relatively smooth sailing.
When I ran QOS on a large college network...
When I was IN college, you may have found me and my roommate downloading dirty GIFs from USENET using YMODEM-G from the campus VAX. I hope I'm not carbon dating myself too much...
 
Last edited:

fritzk3

Occasional Visitor
I can't reproduce that behavior. I assume you mean you have put OpenDNS on the LAN DHCP Server DNS Server 1 and 2 fields? Why not just put it in WAN DNS 1 and 2 so everything talks to the router and the router uses DNS?

There's a Skype/Teams custom rule in post #2 where you can help push more Skype traffic to Work-From-Home if undetected. But a boring Skype audio call doesn't consume much bandwidth if not using video.
Thank you for this reply - it made the light bulb come on over my head to realize that I should be using the WAN DNS and not the LAN DNS. I'm going to switch that and see what happens with the pie chart.
 

BikeHelmet

Occasional Visitor
Code:
tc class show dev br0 | grep -E "parent 10:1 .* prio "

class htb 10:2 parent 10:1 leaf 1002: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:20 parent 10:1 leaf 1020: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:3 parent 10:1 leaf 1003: prio 3 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:4 parent 10:1 leaf 1004: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:5 parent 10:1 leaf 1005: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:6 parent 10:1 leaf 1006: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:7 parent 10:1 leaf 1007: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:8 parent 10:1 leaf 1008: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:9 parent 10:1 leaf 1009: prio 3 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:11 parent 10:1 leaf 1011: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:10 parent 10:1 leaf 1010: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:256 parent 10:1 leaf 1256: prio 3 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:13 parent 10:1 leaf 1013: prio 3 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:12 parent 10:1 leaf 1012: prio 3 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:15 parent 10:1 leaf 1015: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:14 parent 10:1 leaf 1014: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
class htb 10:17 parent 10:1 leaf 1017: prio 2 rate 16Kbit overhead 18 ceil 182272Kbit burst 3200b cburst 227156b
I have many dozens of devices, but a lot are not powered on at the moment. Not sure how much this will help.

Hey, back in the Tomato days I had a lot of rules that targeted subnets and ports. Tomato cuts out at the first rule, so by getting "big ones" like torrent/download-box IPs and ports at the top, you cut down on CPU load massively. Then you work down the list to the least common rules. But AdaptiveQOS seems to evaluate all of them against a connection and take the final match? Is there an elegant way to do something similar to this?

Code:
TeamViewer:
Remote Port 5938 TCP/UDP

217.146.23.128 - 217.146.23.191
162.250.0.0/21
159.7.0.0/16
159.8.0.0/16
169.32.0.0/11
I suppose just evaluate the port and nothing else? Those are some of the IP ranges that TeamViewer uses.

Also, does anyone have a link to somewhere that I can read up on marking and get a better understanding of how it works? I am wondering if I should be marking connections rather than just assigning them a class.

Cheers,
 

dave14305

Part of the Furniture
if the ports are classified to Gaming - the ports get classified to Gaming properly but if i set it to NetControl they just become untracked and shift to gamedownload classification
What's the IP of the device? It looks like the 4th rule is matching, and the last rule to match wins. Since rule 1 and 4 are very similar, there could be a bug, but need to know the IP.
 

killahgoat

Occasional Visitor
the ip of the devices under the rule 192.168.1.128/30 are 192.168.1.128, 192.168.1.129 and 192.168.1.130

ip/cidr range 192.168.1.0/25 is meant to cover 192.168.1.0 to 192.168.1.1.127
 

dave14305

Part of the Furniture
the ip of the devices under the rule 192.168.1.128/30 are 192.168.1.128, 192.168.1.129 and 192.168.1.130

ip/cidr range 192.168.1.0/25 is meant to cover 192.168.1.0 to 192.168.1.1.127
What's the IP of Rocky-Corsair?

I'd also like to see the output of flexqos debug since I'm wondering if the special chars your rule names are breaking something. You shouldn't be seeing Untracked if it's matching the Non-Gaming UDP rule.
 

killahgoat

Occasional Visitor
What's the IP of Rocky-Corsair?

I'd also like to see the output of flexqos debug since I'm wondering if the special chars your rule names are breaking something. You shouldn't be seeing Untracked if it's matching the Non-Gaming UDP rule.
The ip of Rocky-Corsair is 192.168.1.130

Debug:

Log date: 2020-09-19 00:26:38+0800
Router Model: RT-AC68U
Firmware Ver: 384.19_0
tc WAN iface: eth0
Undf Prio: 2
Undf FlowID:
Classes Present: 8
Down Band: 51200
Up Band : 20480
***********
Net Control: 1:10
Work-From-Home: 1:16
Gaming: 1:11
Others: 1:12
Web Surfing: 1:14
Streaming: 1:15
File Downloads: 1:13
Game Downloads: 1:17
***********
Downrates: 2560, 15360, 2560, 2560, 2560, 2560, 2560, 2560
Downceils: 51200, 51200, 51200, 51200, 51200, 51200, 51200, 40960
Downbursts: 3200b, 12800b, 6400b, 3200b, 3199b, 3199b, 3200b, 3200b
DownCbursts: 64000b, 64000b, 64000b, 64000b, 64000b, 64000b, 64000b, 64000b
DownQuantums: default, default, default, default, default, default, default, default
***********
Uprates: 1024, 6144, 1024, 1024, 1024, 1024, 1024, 1024
Upceils: 14336, 14336, 14336, 14336, 14336, 14336, 14336, 14336
Upbursts: 3200b, 4799b, 3199b, 3200b, 3199b, 3199b, 3199b, 3200b
UpCbursts: 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb
UpQuantums: default, default, default, default, default, default, default, default
***********
iptables settings: <192.168.1.128/30>>udp>>!80,443>000000>0<>>tcp>>!80,443>000000>7<>>both>>80,443>>7<192.168.1.0/25>>udp>>!80,443>000000>7
-o br0 -d 192.168.1.128/30 -p udp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x8009ffff/0x3fffff
-o eth0 -s 192.168.1.128/30 -p udp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x4009ffff/0x3fffff
-o br0 -p tcp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -p tcp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x403fffff/0x3fffff
-o br0 -p tcp -m multiport --sports 80,443 -j MARK --set-mark 0x803fffff/0x3fffff
-o br0 -p udp -m multiport --sports 80,443 -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 0x403fffff/0x3fffff
-o eth0 -p udp -m multiport --dports 80,443 -j MARK --set-mark 0x403fffff/0x3fffff
-o br0 -d 192.168.1.0/25 -p udp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -s 192.168.1.0/25 -p udp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x403fffff/0x3fffff
***********
appdb rules: <000000>6<00****>7<09****>7<12****>7<0D****>7<14****>7<04****>7<06****>7<05****>7<13****>7<03****>7<18****>7
filter add dev br0 protocol all prio 2 u32 match mark 0x80000000 0xc000ffff flowid 1:12
filter add dev eth0 protocol all prio 2 u32 match mark 0x40000000 0xc000ffff flowid 1:12
filter change dev br0 prio 3 protocol all handle 822::800 u32 flowid 1:17
filter change dev eth0 prio 3 protocol all handle 822::800 u32 flowid 1:17
filter change dev br0 prio 12 protocol all handle 803::800 u32 flowid 1:17
filter change dev eth0 prio 12 protocol all handle 803::800 u32 flowid 1:17
filter change dev br0 prio 21 protocol all handle 801::800 u32 flowid 1:17
filter change dev eth0 prio 21 protocol all handle 801::800 u32 flowid 1:17
filter change dev br0 prio 16 protocol all handle 81e::800 u32 flowid 1:17
filter change dev eth0 prio 16 protocol all handle 81e::800 u32 flowid 1:17
filter change dev br0 prio 23 protocol all handle 804::800 u32 flowid 1:17
filter change dev eth0 prio 23 protocol all handle 804::800 u32 flowid 1:17
filter change dev br0 prio 7 protocol all handle 821::800 u32 flowid 1:17
filter change dev eth0 prio 7 protocol all handle 821::800 u32 flowid 1:17
filter change dev br0 prio 9 protocol all handle 824::800 u32 flowid 1:17
filter change dev eth0 prio 9 protocol all handle 824::800 u32 flowid 1:17
filter change dev br0 prio 8 protocol all handle 823::800 u32 flowid 1:17
filter change dev eth0 prio 8 protocol all handle 823::800 u32 flowid 1:17
filter change dev br0 prio 22 protocol all handle 802::800 u32 flowid 1:17
filter change dev eth0 prio 22 protocol all handle 802::800 u32 flowid 1:17
filter change dev br0 prio 6 protocol all handle 80c::800 u32 flowid 1:17
filter change dev eth0 prio 6 protocol all handle 80c::800 u32 flowid 1:17
filter change dev br0 prio 27 protocol all handle 81f::800 u32 flowid 1:17
filter change dev eth0 prio 27 protocol all handle 81f::800 u32 flowid 1:17
[/CODE][/SPOILER]
[email protected]:/tmp/home/root#
 
Last edited:

killahgoat

Occasional Visitor
What's the IP of Rocky-Corsair?

I'd also like to see the output of flexqos debug since I'm wondering if the special chars your rule names are breaking something. You shouldn't be seeing Untracked if it's matching the Non-Gaming UDP rule.
the rule works perfect if i set it up for Gaming instead of net control. This is the debug when its classified to Gaming


Debug:

Log date: 2020-09-19 00:31:59+0800
Router Model: RT-AC68U
Firmware Ver: 384.19_0
tc WAN iface: eth0
Undf Prio: 2
Undf FlowID: 1:12
Classes Present: 8
Down Band: 51200
Up Band : 20480
***********
Net Control: 1:10
Work-From-Home: 1:16
Gaming: 1:11
Others: 1:12
Web Surfing: 1:14
Streaming: 1:15
File Downloads: 1:13
Game Downloads: 1:17
***********
Downrates: 2560, 15360, 2560, 2560, 2560, 2560, 2560, 2560
Downceils: 51200, 51200, 51200, 51200, 51200, 51200, 51200, 40960
Downbursts: 3200b, 12796b, 6400b, 3200b, 3198b, 3198b, 3200b, 3200b
DownCbursts: 64000b, 64000b, 64000b, 64000b, 64000b, 64000b, 64000b, 63994b
DownQuantums: default, default, default, default, default, default, default, default
***********
Uprates: 1024, 6144, 1024, 1024, 1024, 1024, 1024, 1024
Upceils: 14336, 14336, 14336, 14336, 14336, 14336, 14336, 14336
Upbursts: 3200b, 4798b, 3198b, 3200b, 3198b, 3198b, 3198b, 3200b
UpCbursts: 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb
UpQuantums: default, default, default, default, default, default, default, default
***********
iptables settings: <192.168.1.128/30>>udp>>!80,443>000000>1<>>tcp>>!80,443>000000>7<>>both>>80,443>>7<192.168.1.0/25>>udp>>!80,443>000000>7
-o br0 -d 192.168.1.128/30 -p udp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x8008ffff/0x3fffff
-o eth0 -s 192.168.1.128/30 -p udp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x4008ffff/0x3fffff
-o br0 -p tcp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -p tcp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x403fffff/0x3fffff
-o br0 -p tcp -m multiport --sports 80,443 -j MARK --set-mark 0x803fffff/0x3fffff
-o br0 -p udp -m multiport --sports 80,443 -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 0x403fffff/0x3fffff
-o eth0 -p udp -m multiport --dports 80,443 -j MARK --set-mark 0x403fffff/0x3fffff
-o br0 -d 192.168.1.0/25 -p udp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -s 192.168.1.0/25 -p udp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x403fffff/0x3fffff
***********
appdb rules: <000000>6<00****>7<09****>7<12****>7<0D****>7<14****>7<04****>7<06****>7<05****>7<13****>7<03****>7<18****>7
filter add dev br0 protocol all prio 2 u32 match mark 0x80000000 0xc000ffff flowid 1:12
filter add dev eth0 protocol all prio 2 u32 match mark 0x40000000 0xc000ffff flowid 1:12
filter change dev br0 prio 3 protocol all handle 822::800 u32 flowid 1:17
filter change dev eth0 prio 3 protocol all handle 822::800 u32 flowid 1:17
filter change dev br0 prio 12 protocol all handle 803::800 u32 flowid 1:17
filter change dev eth0 prio 12 protocol all handle 803::800 u32 flowid 1:17
filter change dev br0 prio 21 protocol all handle 801::800 u32 flowid 1:17
filter change dev eth0 prio 21 protocol all handle 801::800 u32 flowid 1:17
filter change dev br0 prio 16 protocol all handle 81e::800 u32 flowid 1:17
filter change dev eth0 prio 16 protocol all handle 81e::800 u32 flowid 1:17
filter change dev br0 prio 23 protocol all handle 804::800 u32 flowid 1:17
filter change dev eth0 prio 23 protocol all handle 804::800 u32 flowid 1:17
filter change dev br0 prio 7 protocol all handle 821::800 u32 flowid 1:17
filter change dev eth0 prio 7 protocol all handle 821::800 u32 flowid 1:17
filter change dev br0 prio 9 protocol all handle 824::800 u32 flowid 1:17
filter change dev eth0 prio 9 protocol all handle 824::800 u32 flowid 1:17
filter change dev br0 prio 8 protocol all handle 823::800 u32 flowid 1:17
filter change dev eth0 prio 8 protocol all handle 823::800 u32 flowid 1:17
filter change dev br0 prio 22 protocol all handle 802::800 u32 flowid 1:17
filter change dev eth0 prio 22 protocol all handle 802::800 u32 flowid 1:17
filter change dev br0 prio 6 protocol all handle 80c::800 u32 flowid 1:17
filter change dev eth0 prio 6 protocol all handle 80c::800 u32 flowid 1:17
filter change dev br0 prio 27 protocol all handle 81f::800 u32 flowid 1:17
filter change dev eth0 prio 27 protocol all handle 81f::800 u32 flowid 1:17
[/CODE][/SPOILER]
[email protected]:/tmp/home/root#
[email protected]:/tmp/home/root#
 

dave14305

Part of the Furniture
The ip of Rocky-Corsair is 192.168.1.130

Debug:

Log date: 2020-09-19 00:26:38+0800
Router Model: RT-AC68U
Firmware Ver: 384.19_0
tc WAN iface: eth0
Undf Prio: 2
Undf FlowID:
Classes Present: 8
Down Band: 51200
Up Band : 20480
***********
Net Control: 1:10
Work-From-Home: 1:16
Gaming: 1:11
Others: 1:12
Web Surfing: 1:14
Streaming: 1:15
File Downloads: 1:13
Game Downloads: 1:17
***********
Downrates: 2560, 15360, 2560, 2560, 2560, 2560, 2560, 2560
Downceils: 51200, 51200, 51200, 51200, 51200, 51200, 51200, 40960
Downbursts: 3200b, 12800b, 6400b, 3200b, 3199b, 3199b, 3200b, 3200b
DownCbursts: 64000b, 64000b, 64000b, 64000b, 64000b, 64000b, 64000b, 64000b
DownQuantums: default, default, default, default, default, default, default, default
***********
Uprates: 1024, 6144, 1024, 1024, 1024, 1024, 1024, 1024
Upceils: 14336, 14336, 14336, 14336, 14336, 14336, 14336, 14336
Upbursts: 3200b, 4799b, 3199b, 3200b, 3199b, 3199b, 3199b, 3200b
UpCbursts: 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb, 25Kb
UpQuantums: default, default, default, default, default, default, default, default
***********
iptables settings: <192.168.1.128/30>>udp>>!80,443>000000>0<>>tcp>>!80,443>000000>7<>>both>>80,443>>7<192.168.1.0/25>>udp>>!80,443>000000>7
-o br0 -d 192.168.1.128/30 -p udp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x8009ffff/0x3fffff
-o eth0 -s 192.168.1.128/30 -p udp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x4009ffff/0x3fffff
-o br0 -p tcp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -p tcp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x403fffff/0x3fffff
-o br0 -p tcp -m multiport --sports 80,443 -j MARK --set-mark 0x803fffff/0x3fffff
-o br0 -p udp -m multiport --sports 80,443 -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -p tcp -m multiport --dports 80,443 -j MARK --set-mark 0x403fffff/0x3fffff
-o eth0 -p udp -m multiport --dports 80,443 -j MARK --set-mark 0x403fffff/0x3fffff
-o br0 -d 192.168.1.0/25 -p udp -m multiport ! --sports 80,443 -m mark --mark 0x80000000/0xc03fffff -j MARK --set-mark 0x803fffff/0x3fffff
-o eth0 -s 192.168.1.0/25 -p udp -m multiport ! --dports 80,443 -m mark --mark 0x40000000/0xc03fffff -j MARK --set-mark 0x403fffff/0x3fffff
***********
appdb rules: <000000>6<00****>7<09****>7<12****>7<0D****>7<14****>7<04****>7<06****>7<05****>7<13****>7<03****>7<18****>7
filter add dev br0 protocol all prio 2 u32 match mark 0x80000000 0xc000ffff flowid 1:12
filter add dev eth0 protocol all prio 2 u32 match mark 0x40000000 0xc000ffff flowid 1:12
filter change dev br0 prio 3 protocol all handle 822::800 u32 flowid 1:17
filter change dev eth0 prio 3 protocol all handle 822::800 u32 flowid 1:17
filter change dev br0 prio 12 protocol all handle 803::800 u32 flowid 1:17
filter change dev eth0 prio 12 protocol all handle 803::800 u32 flowid 1:17
filter change dev br0 prio 21 protocol all handle 801::800 u32 flowid 1:17
filter change dev eth0 prio 21 protocol all handle 801::800 u32 flowid 1:17
filter change dev br0 prio 16 protocol all handle 81e::800 u32 flowid 1:17
filter change dev eth0 prio 16 protocol all handle 81e::800 u32 flowid 1:17
filter change dev br0 prio 23 protocol all handle 804::800 u32 flowid 1:17
filter change dev eth0 prio 23 protocol all handle 804::800 u32 flowid 1:17
filter change dev br0 prio 7 protocol all handle 821::800 u32 flowid 1:17
filter change dev eth0 prio 7 protocol all handle 821::800 u32 flowid 1:17
filter change dev br0 prio 9 protocol all handle 824::800 u32 flowid 1:17
filter change dev eth0 prio 9 protocol all handle 824::800 u32 flowid 1:17
filter change dev br0 prio 8 protocol all handle 823::800 u32 flowid 1:17
filter change dev eth0 prio 8 protocol all handle 823::800 u32 flowid 1:17
filter change dev br0 prio 22 protocol all handle 802::800 u32 flowid 1:17
filter change dev eth0 prio 22 protocol all handle 802::800 u32 flowid 1:17
filter change dev br0 prio 6 protocol all handle 80c::800 u32 flowid 1:17
filter change dev eth0 prio 6 protocol all handle 80c::800 u32 flowid 1:17
filter change dev br0 prio 27 protocol all handle 81f::800 u32 flowid 1:17
filter change dev eth0 prio 27 protocol all handle 81f::800 u32 flowid 1:17
[/CODE][/SPOILER]
[email protected]:/tmp/home/root#
It's because you have a wildcard AppDB rule for 09**** which is where the traffic in your iptables rule gets redirected to for Net Control (09FFFF). Since 09**** is redirected to Game Downloads, that's where the traffic will end up.
 

killahgoat

Occasional Visitor
It's because you have a wildcard AppDB rule for 09**** which is where the traffic in your iptables rule gets redirected to for Net Control (09FFFF). Since 09**** is redirected to Game Downloads, that's where the traffic will end up.
I removed it and it solved the problem. Thanks! Sorry for the mistake i didnt know that 09**** would completely all transfer netcontrol packets to wherever i direct them
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top