#5169 closed (invalid)

qos: service port rules not working, random dupe entries

Reported by: tatsuya46 Owned by:
Keywords: Cc:

Description

this is present almost constantly on ea8500 but on a dir-862L its much more rare, though still happens sometimes.

only a simple qos setup is needed to reproduce the problem:

  • Downlink (kbps): 29798 global
  • Uplink (kbps): 5068 global

for services in this example i use "steam_games" that i created for ports 27000~27055 udp. i set it to premium priority. no other services are entered yet.

for netmask i enter a pc connected by ethernet (same results over wifi) 10.150.10.2 with the following limits set:

  • WAN Max Down: 4096
  • WAN Max Up: 256

i start counter strike global offensive, join an idle server. i have net_graph 1 enabled in game so i can see my current ping on the fly, i open the in game browser & go to speedtest.net. go to any server & during the downlink test all is normal, on the uplink its also normal, game latency stays the same as it has priority. with this it works. now where the problem starts..

i enter another service such as "dns_port" set for 53~53 tcp & udp, as im matching by ports only not using layer7 which is broken anyway. i set it to ANY PRIORITY even if its less than the steam_games priority. it doesnt matter if this next service is entered after or before the steam_games one. upon applying doing the same test results in game ping spiking to over 400ms for the entire duration of the upload test as it saturates to the limit set of 256kbps. this is abnormal & the only way to fix it is to either keep applying settings on the qos page several times, or to delete all services entries, apply settings, then enter both again BEFORE applying settings. then it will work properly.

this is on the ea8500, on the dir-862L it will USUALLY work at any time when changes are applied, but sometimes the global downlink limit will get ignored & go way over what i have set. applying again will fix that. then all works fine. after a "failed apply settings" theres no signs in dmesg, syslog, or iptables -t mangle -vnL that any port rules are missing, theyre there & even have packets matched to them already, but simply just dont work. the more port services i add, the higher chance none will have effect when applying settings. 2 is the max, beyond 2 services entered it just wont work ever on the ea8500.

doesnt matter if using htb or hfsc.

summerized: qos port based services dont apply correctly, rules appear to be there but have no effect. ddwrt qos as another problem, also is AWEFUL at limiting uplink speeds under 1024 kbps, something is really wrong there, sfq, codel, fq_codel they all do it.

Attachments (3)

dir_862L_r28978_iptables -t mangle -vnL.txt (23.0 KB) - added by tatsuya46 19 months ago.
wndr4300_r29002_iptables -t mangle -vnL.txt (8.1 KB) - added by tatsuya46 19 months ago.
iptables-t_mangle-vnL.txt (9.7 KB) - added by rozwell 13 months ago.
iptables -t mangle -vnL with QoS and 1 netmask priority entry

Download all attachments as: .zip

Change History (26)

comment:1 Changed 19 months ago by tatsuya46

heres iptables -t mangle -vnL from the dir-862L, the 192.168.1.208/28 subnet is abnormally listed compared to the other /28 subnets. its also listing traffic from the 192.168.1.224/28 subnet even though no clients within that static ip range have been online since boot, & dhcp stops at .199.

Last edited 19 months ago by tatsuya46 (previous) (diff)

Changed 19 months ago by tatsuya46

comment:2 Changed 19 months ago by tatsuya46

Resolution: invalid
Status: newclosed

comment:3 Changed 19 months ago by tatsuya46

Resolution: invalid
Status: closedreopened

comment:4 Changed 19 months ago by tatsuya46

on wndr4300 v1 i just tested, bootup with qos off. i enabled qos, entered in my same custom ports as i usually use, apply settings. as seen in the .txt file below, the rules were entered twice. something is really up with our qos here..after a second apply settings the dupe issue was corrected

Changed 19 months ago by tatsuya46

comment:5 Changed 19 months ago by rozwell

What about reboot?

comment:6 Changed 19 months ago by tatsuya46

it does nothing

comment:7 Changed 19 months ago by tatsuya46

Resolution: invalid
Status: reopenedclosed

comment:8 Changed 19 months ago by tatsuya46

Resolution: invalid
Status: closedreopened

comment:9 Changed 19 months ago by tatsuya46

Resolution: invalid
Status: reopenedclosed

comment:10 Changed 19 months ago by tatsuya46

Resolution: invalid
Status: closedreopened

comment:11 Changed 18 months ago by tatsuya46

Resolution: invalid
Status: reopenedclosed

everything above is still present, for whatever reason ea8500 has it worse than the dir-862L or wndr4300 v1 but all are affected

comment:12 Changed 18 months ago by tatsuya46

Resolution: invalid
Status: closedreopened

comment:13 Changed 18 months ago by tatsuya46

Summary: qos: services port rules not having effectqos: service port rules not working, random dupe entries

comment:14 Changed 18 months ago by tatsuya46

Resolution: wontfix
Status: reopenedclosed

comment:15 Changed 18 months ago by tatsuya46

Resolution: wontfix
Status: closedreopened

comment:16 Changed 18 months ago by tatsuya46

Resolution: invalid
Status: reopenedclosed

comment:17 Changed 18 months ago by tatsuya46

Resolution: invalid
Status: closedreopened

comment:18 Changed 17 months ago by tatsuya46

Resolution: invalid
Status: reopenedclosed

comment:19 Changed 17 months ago by tatsuya46

Resolution: invalid
Status: closedreopened

comment:20 Changed 17 months ago by tatsuya46

Resolution: invalid
Status: reopenedclosed

comment:21 Changed 17 months ago by tatsuya46

Resolution: invalid
Status: closedreopened

comment:22 Changed 13 months ago by rozwell

I have similar issues with QoS and there is more to it. If I add 1 Netmask Priority entry (no matter how many IPs it will cover), QoS rules show up in SVQOS_SVCS only, FILTER_IN and FILTER_OUT gain only 2 entries each - which I think is correct: (those with 192.168.1.112/28)

# iptables -t mangle -vnL
(...)
Chain FILTER_IN (1 references)                                                                                                                                                           
 pkts bytes target     prot opt in     out     source               destination                                                                                                                      
6066K 2731M CONNMARK   0    --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore                                                                                             
 3897  240K MARK       0    --  *      *       192.168.1.112/28     0.0.0.0/0           mark match 0x0/0x7ffc00  MARK xset 0x35400/0x7ffc00                                                          
    0     0 MARK       0    --  *      *       0.0.0.0/0            192.168.1.112/28    mark match 0x0/0x7ffc00  MARK xset 0x35400/0x7ffc00                                                          
 139K   16M SVQOS_SVCS  0    --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0x7ffc00                                                                                     
6066K 2731M CONNMARK   0    --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save                                                                                                
6066K 2731M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0                                                                                                                        

Chain FILTER_OUT (1 references)
 pkts bytes target     prot opt in     out     source               destination
6030K 2730M CONNMARK   0    --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK restore
    0     0 MARK       0    --  *      *       192.168.1.112/28     0.0.0.0/0           mark match 0x0/0x7ffc00  MARK xset 0x35400/0x7ffc00
    1   335 MARK       0    --  *      *       0.0.0.0/0            192.168.1.112/28    mark match 0x0/0x7ffc00  MARK xset 0x35400/0x7ffc00
99354   14M SVQOS_SVCS  0    --  *      *       0.0.0.0/0            0.0.0.0/0           mark match 0x0/0x7ffc00
14328  744K CLASSIFY   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x02/0x02 length 0:64 CLASSIFY set 1:100
12674  532K CLASSIFY   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x01/0x01 length 0:64 CLASSIFY set 1:100
 3637  146K CLASSIFY   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x04/0x04 length 0:64 CLASSIFY set 1:100
6030K 2730M CONNMARK   0    --  *      *       0.0.0.0/0            0.0.0.0/0           CONNMARK save
6030K 2730M RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0
(...)

With 2 or more Netmask Priority entries, SVQOS_SVCS values appear in FILTER_IN and FILTER_OUT which doesn't seem right to me.

Is there anyone who understands iptables good enough to tell exactly how it should look?

I'm adding my iptables -t mangle -vnL output which I guess is working.

Last edited 13 months ago by rozwell (previous) (diff)

Changed 13 months ago by rozwell

Attachment: iptables-t_mangle-vnL.txt added

iptables -t mangle -vnL with QoS and 1 netmask priority entry

comment:23 Changed 10 months ago by BrainSlayer

Resolution: invalid
Status: reopenedclosed

out put is correct. it has to run though the defined services list after local rules

Note: See TracTickets for help on using tickets.