What's new

CakeQOS CakeQoS-Merlin v2.1.1

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Are you using DNSFilter? You probably need to make sure the FireTV is using the router DNS. I’d also suggest using Diversion just to be able to turn on logging so you can watch the queries and responses from the FireTV.
I'm not using DNSFilter, but it's using the router's DNS, I'll take a look at Diversion thanks that will make it easier.
 
Last edited:
I canceled Netflix a few months ago, so I wasn't able to test it with real videos, but fast.com speedtests do belong under the nflxvideo.net domain.

See if anything is in the ipsets:
Code:
ipset list video_4
ipset list video_6
ipset list video
This may have found a problem for me

end output of "cat /etc/dnsmasq.conf":

Code:
dnssec
dnssec-no-timecheck
address=/use-application-dns.net/
dhcp-name-match=set:wpad-ignore,wpad
dhcp-ignore-names=tag:wpad-ignore
dhcp-script=/sbin/dhcpc_lease
script-arp
ipset=/googlevideo.com/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/dvd.netflix.com/aiv-cdn.net/r.cloudfront.net/aiv-delivery.net/video_4,video_6
ipset=/zoom.us/skype.com/voice_4,voice_6
ipset=/backblaze.com/backblazeb2.com/bulk_4,bulk_6
ipset=/ms-acdc.office.com/windowsupdate.com/update.microsoft.com/bulk_4,bulk_6
ipset=/onedrive.com/1drv.ms/1drv.com/bulk_4,bulk_6

> ipset list -n
> ipset v7.6: Kernel error received: Invalid argument
 
I canceled Netflix a few months ago, so I wasn't able to test it with real videos, but fast.com speedtests do belong under the nflxvideo.net domain.

See if anything is in the ipsets:
Code:
ipset list video_4
ipset list video_6
ipset list video
Thanks @dave14305 .
Here is my dnsmasq.conf.add:

Code:
clear-on-reload
addn-hosts=/jffs/addons/YazDHCP.d/.hostnames # YazDHCP_hostnames
dhcp-hostsfile=/jffs/addons/YazDHCP.d/.staticlist # YazDHCP_staticlist
dhcp-optsfile=/jffs/addons/YazDHCP.d/.optionslist # YazDHCP_optionslist
ipset=/googlevideo.com/nflxvideo.net/aiv-cdn.net/r.cloudfront.net/aiv-delivery.net/video_4,video_6
ipset=/zoom.us/skype.com/voice_4,voice_6
ipset=/backblaze.com/backblazeb2.com/bulk_4,bulk_6
ipset=/ms-acdc.office.com/windowsupdate.com/update.microsoft.com/bulk_4,bulk_6
ipset=/onedrive.com/1drv.ms/1drv.com/bulk_4,bulk_6

Here is the output of the commands:
Code:
ipset list video_4
Name: video_4
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536 timeout 86400
Size in memory: 18144
References: 1
Number of entries: 66
Members:
74.125.159.251 timeout 25871
142.250.191.174 timeout 25871
54.90.106.72 timeout 40764
172.217.129.72 timeout 18631
3.218.38.108 timeout 40764
173.194.24.138 timeout 18508
172.217.129.6 timeout 85919
50.17.31.17 timeout 40764
74.125.156.71 timeout 85917
173.194.162.136 timeout 18571
45.57.45.72 timeout 5918
45.57.44.73 timeout 8228
74.125.159.74 timeout 18525
45.57.44.170 timeout 8227
74.125.0.121 timeout 32949
45.57.44.130 timeout 8227
185.158.210.144 timeout 39980
173.194.191.9 timeout 85872
74.125.159.91 timeout 13647
74.125.9.201 timeout 85872
74.125.161.106 timeout 85884
208.194.16.15 timeout 22754
173.194.131.107 timeout 39980
74.125.156.10 timeout 85527
45.57.45.70 timeout 5931
45.57.44.132 timeout 29735
74.125.156.72 timeout 18505
142.250.191.238 timeout 85520
34.232.178.98 timeout 40764
209.85.164.233 timeout 18653
52.2.209.135 timeout 40764
45.57.45.68 timeout 5917
173.194.162.201 timeout 85925
209.85.164.231 timeout 18652
173.194.162.12 timeout 85520
23.246.7.181 timeout 5925
74.125.0.123 timeout 32949
45.57.45.69 timeout 5931
74.125.9.231 timeout 18581
45.57.44.133 timeout 8227
45.57.45.66 timeout 5920
45.57.44.172 timeout 8227
172.217.129.105 timeout 84625
74.125.159.8 timeout 85520
173.194.7.106 timeout 84624
74.125.9.38 timeout 85878
54.144.6.28 timeout 40764
173.194.162.10 timeout 85925
173.194.185.9 timeout 39982
74.125.156.38 timeout 18507
173.194.191.103 timeout 18581
45.57.44.141 timeout 8227
45.57.44.70 timeout 8232
74.125.9.167 timeout 18571
185.158.210.14 timeout 39980
23.246.7.204 timeout 5925
173.194.55.136 timeout 18652
173.194.142.107 timeout 85873
52.207.14.129 timeout 40764
173.194.55.135 timeout 85827
74.125.161.134 timeout 13641
52.0.227.50 timeout 40764
23.246.7.205 timeout 5925
74.125.161.74 timeout 18643
74.125.159.135 timeout 14542
Code:
ipset list video_6
ipset v7.6: The set with the given name does not exist
Code:
ipset list video
Name: video
Type: list:set
Revision: 3
Header: size 8
Size in memory: 136
References: 0
Number of entries: 1
Members:
video_4
 
Code:
tc qdisc | grep cake
qdisc cake 846b: dev eth0 root refcnt 2 bandwidth 10240Kbit diffserv3 dual-srchost nat nowash ack-filter split-gso rtt 100ms noatm overhead 18 mpu 64
qdisc cake 846c: dev ifb4eth0 root refcnt 2 bandwidth 215040Kbit diffserv4 dual-dsthost nat wash ingress no-ack-filter split-gso rtt 100ms noatm overhead 18 mpu 64

Ran on both dev ifb4eth0 and eth0

no output

Here is the output of cake-qos Status General
Code:
[$] /opt/bin/cake-qos status general

#########################################################

CakeQOS-Merlin: > Download Status:
qdisc cake 846e: dev ifb4eth0 root refcnt 2 bandwidth 215040Kbit diffserv4 dual-dsthost nat wash ingress no-ack-filter split-gso rtt 100ms noatm overhead 18 mpu 64

CakeQOS-Merlin: > Upload Status:
qdisc cake 846d: dev eth0 root refcnt 2 bandwidth 10240Kbit diffserv3 dual-srchost nat nowash ack-filter split-gso rtt 100ms noatm overhead 18 mpu 64

#########################################################

I am running Unbound and an OpenVPN client if that makes any difference.
 
Also, output from Cake-qos Debug Info

Code:
[$] /opt/bin/cake-qos debug

#########################################################

Prio: diffserv4 diffserv3
Flow Iso: dual-dsthost dual-srchost
NAT: nat nat
Wash: wash nowash
ACK: no-ack-filter ack-filter
Custom:

#########################################################
 
em_ipset is loaded:
Code:
lsmod | grep ipset
em_ipset                1717  0
ip_set                 28899  5 ip_set_bitmap_port,em_ipset,xt_set,ip_set_hash_ip,ip_set_list_set
 
em_ipset is loaded:
Code:
lsmod | grep ipset
em_ipset                1717  0
ip_set                 28899  5 ip_set_bitmap_port,em_ipset,xt_set,ip_set_hash_ip,ip_set_list_set
Code:
tc filter add dev ifb4eth0 parent 846e: protocol all prio 30 basic match  ipset(video src) action skbedit priority 846e:3
Any errors? Make sure the cake handle 846e: didn’t change since your previous status output.
 
Last edited:
The cake handle changed to 846f, should I use that handle?
Actually the handle just changed again.
Should I use the handle cake-qos status shows (and quickly!)?
 
The cake handle changed to 846f, should I use that handle?
Actually the handle just changed again.
Should I use the handle cake-qos status shows (and quickly!)?
What’s in your syslog? qos shouldn’t be restarting so often.
 
Your right, just looked. Im getting quite a few "page allocation" failures.

Time to reboot. I saw these last week. Changed from a swap file to a swap device. Seemed to go away.
I might be starting to see some kind of hardware problem (hopefully only the USB stick Im using).
Back later...
 
Ok, did a reboot, and now tc -s filter show looks better:

Code:
tc -s filter show dev ifb4eth0
filter parent 8002: protocol all pref 10 basic
filter parent 8002: protocol all pref 10 basic handle 0x1
  ipset(bulk src)

        action order 1: skbedit  priority 8002:1 pipe
         index 1 ref 1 bind 1 installed 481 sec used 111 sec firstused 1889786921 sec
        Action statistics:
        Sent 66306 bytes 114 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0

filter parent 8002: protocol all pref 20 basic
filter parent 8002: protocol all pref 20 basic handle 0x1
  ipset(besteffort src)

        action order 1: skbedit  priority 8002:2 pipe
         index 2 ref 1 bind 1 installed 481 sec used 481 sec firstused 1889786921 sec
        Action statistics:
        Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0

filter parent 8002: protocol all pref 30 basic
filter parent 8002: protocol all pref 30 basic handle 0x1
  ipset(video src)

        action order 1: skbedit  priority 8002:3 pipe
         index 3 ref 1 bind 1 installed 481 sec used 2 sec firstused 1889786921 sec
        Action statistics:
        Sent 146411872 bytes 105583 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0

filter parent 8002: protocol all pref 40 basic
filter parent 8002: protocol all pref 40 basic handle 0x1
  ipset(voice src)

        action order 1: skbedit  priority 8002:4 pipe
         index 4 ref 1 bind 1 installed 481 sec used 481 sec firstused 1889786921 sec
        Action statistics:
        Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0

filter parent 8002: protocol all pref 99 matchall
filter parent 8002: protocol all pref 99 matchall handle 0x1
        action order 1: skbedit  priority 8002:2 pipe
         index 5 ref 1 bind 1 installed 481 sec firstused 8519 sec
        Action statistics:
        Sent 431656780 bytes 406487 pkt (dropped 0, overlimits 0 requeues 0)
        backlog 0b 0p requeues 0

Look ok?

Still need to hunt down these intermittent "swapper page allocation failures". Will try a new USB storage device next.
 
Can someone explain how I should add my local pihole server to this setup. I put the pihole ip under WAN dns, which gets added to /tmp/resolv.conf, which it looks like dnsmasq uses. But then my ipset rules seem to quit working.
Use local caching server as system resolver is on.
 
Can someone explain how I should add my local pihole server to this setup. I put the pihole ip under WAN dns, which gets added to /tmp/resolv.conf, which it looks like dnsmasq uses. But then my ipset rules seem to quit working.
Use local caching server as system resolver is on.
The WAN DNS settings shouldn’t matter. But the LAN clients generating the traffic need to use the router as their DNS for the ipsets to populate. If they use PiHole directly, it doesn’t work.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top