FlexQoS Iptables rules class classification not working

[HappyMonkey]

RT-AX86U, Merlin 386.2, FlexQoS v1.2.3.

Connection – VDSL 50Mbit down 9Mbit up

I’m a big user of the Shadow gaming service. By itself, with no, or little other traffic on my home network it runs superbly but this is often interrupted by other services in the home (Netflix etc.). Hence my attempted use of QoS to make this better. Essentially shadow is a big bandwidth, realtime gaming stream. I’ve tried to channel this into the “Gaming classification” by adding the ip of the machine using the service to the the iptables config in FlexQoS tab and according to the detailed “tracked connections” information at the bottom this has worked. However in the graphs (and similarly in the connections tab) it is still classified as Other.

I can also test this by limiting the bandwidth of the Other category and it does actually cut the bandwidth to this machine.

Similarly I can add a rule to categorise everything but one ip by using a rule as !192.168.1.8 which should in theory class all but that one ip. I do this, class everything a learning from home and again, in the tracked connections info, this appears to be the case but alternatively, in the graph and in real world performance this does not happen at all.

My ip tables rules on the FlexQoS are very simple, one ip, BOTH for protocol and no other definitions. What am I doing wrong or why is FlexQoS misbehaving?

 

[dave14305]

Please share a screenshot of your rules, the output showing the traffic in Other, and the output for flexqos debug run at the SSH command-line. Too many words and too few pictures makes it hard to follow. Thanks.

 

[HappyMonkey]

Debug and screenshots attached.

The shadow-ghost ( the machine connected to the gaming service) does not appear to be showing up at all on the rate graph right now. It will show up occasionally, but you can see on the overall rate screen it's currently pulling 20Mbit and when it does show up on the graph it shows up as other.

 

[dave14305]

Please also share the output of these commands when the machine is actively downloading.

tc -s class show dev br0 parent 1:
iptables -t mangle -nvL

If you check on the Classification tab, what Application labels are assigned to the traffic coming from this device?

Is there any VPN involved?

I usually recommend that Learn-From-Home be lower priority than Streaming and Web Surfing since LFH is an overlapping category, but I don’t think that’s related to your issue.

 

[HappyMonkey]

Files attached. In the classification tab it's a mix of Untracked, HTTP Protocol over TLS SSL and HTTP. All the MARKs are 0000000. So it's impossible to categorise it outside of using ports and/or ip addresses. There is no VPN involved.

 

[dave14305]

I see now what I missed in the initial debug output. You must be using the Game Accelerator feature which interferes with the expected behavior of FlexQoS. Remove your devices from that feature and test again.

 

[HappyMonkey]

Yes, they were in there and they are now removed. The service still seems to defy any type of classification however and does not show up on the FlexQoS graphs any more or the classification pies. (I'm currently running it at 23Mbit and there is nothing approaching that bandwidth use in either at the moment). Time to do a factory reset of settings?

 

[dave14305]

Yes, they were in there and they are now removed. The service still seems to defy any type of classification however and does not show up on the FlexQoS graphs any more or the classification pies. (I'm currently running it at 23Mbit and there is nothing approaching that bandwidth use in either at the moment). Time to do a factory reset of settings?

Is it also disabled on the Gear Accelerator page? You may have to disable the feature as well.

 

[HappyMonkey]

Disabling this disabled QoS entirely. There doesn't appear to be a way of separately disabling it. Reenabling QoS then reenables gear acceleration

 

[dave14305]

Try:

nvram set bwdpi_game_list=
nvram commit
service "restart_qos;restart_firewall"

Then please run another flexqos debug to see if Net Control is back to 1:10.

 

[HappyMonkey]

Net Control back to 1:10 now

 

[dave14305]

Net Control back to 1:10 now

How about the missing traffic?

 

[HappyMonkey]

But the service still fails to register as using any bandwidth on the FlexQoS tab and the Classification tab despite clearly using 20Mbit on the bandwidth monitor tab.

 

[dave14305]

Let’s get all the data fresh again:

iptables -t mangle -nvL
tc filter show dev br0
tc -s class show dev br0 parent 1:

 

[HappyMonkey]

Output attached

 

[dave14305]

Output attached

Last one:

tc -s qdisc ls

Thanks

 

[HappyMonkey]

attached

 

[dave14305]

Everything looks normal, so I might suspect some oddities with the AX86U with the current Asus GPL (I have no proof, just speculation). I had similar unresolved issues reported from @slidermike and never really found where the traffic is going.

 

[HappyMonkey]

Grrrr! Thank you very much for your time on this one. It's very appreciated. I might try resetting back to factory settings and see if that bumps things back into place. I'm sure it's not this simplistic though!

 

[dave14305]

I might suggest 3 steps to try to isolate / report this:

1. Uninstall FlexQoS and see if your traffic gets detected properly or not in the Classification tab. This would point to a FlexQoS issue.
2. Install the stock firmware which is also based on GPL 42095 and see if the traffic is showing up in the tc command output (assuming you set the same QoS priorities).
3. If it seems to work in #2, it might be an issue with Merlin’s build or the components he got from Asus. If it doesn’t work in the stock GPL, you can report it to Asus via their Feedback page.