What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

FlexQoS FlexQoS 1.0 - Flexible QoS Enhancement Script for Adaptive QoS

Can anyone explain to me the syntax for the custom rules please as I'm not sure what the meaning of the ! is in front of some of the examples or the /34 (for example) after the IP addresses? I'm assuming all this is to be able to create just one rule to assign multiple network devices to it. For instance, I was thinking of adding my Fire TV Stick and our televisions to the streaming category, which have fixed IP addresses of 10.0.4.203; 10.0.4.204 & 10.0.4.205.
This help?
  • Add support for inverted Mark in iptables rules using "!" (e.g. "!0400C1", "!04****" means NOT matching Amazon Video or NOT matching the Streaming
 
Can anyone explain to me the syntax for the custom rules please as I'm not sure what the meaning of the ! is in front of some of the examples or the /34 (for example) after the IP addresses? I'm assuming all this is to be able to create just one rule to assign multiple network devices to it. For instance, I was thinking of adding my Fire TV Stick and our televisions to the streaming category, which have fixed IP addresses of 10.0.4.203; 10.0.4.204 & 10.0.4.205.
The exclamation point means "NOT" as in "does NOT match..." so you can have a rule that matches everything EXCEPT this value.

/32 or less are the Mask bits for a CIDR block. Huh? Experiment with an online subnet calculator to determine what mask bits would cover your range of IPs (shown as Net: CIDR Notation in the screenshots).


1603999804000.png


So 10.0.4.200/30 would represent 200-203. If you went down from 30 to 29 it would include 200-207.

1603999867321.png
 
I created a rule to send all the voip tcp/udp traffic from a specific ip address on the lan to a specific classification... lets say it was video/audio streaming. In this case the device is a h/w ATA and the service is registering using SIP and NO encryption. How come the traffic ends up in 2 different classifications? I did set the mark to 000000 as recommended.

1604007876021.png


I have another h/w ATA that registers on the service using an encrypted TLS transport with SRTP and all the traffic ends up in 1 classification. I must have missed something?
 
heyy with the new version of flexqos it feels like that i have way lower latency ingame than before did you made any improvements on this way?. My connection for gaming feels a lot more response than before ;-)
 
I created a rule to send all the voip tcp/udp traffic from a specific ip address on the lan to a specific classification... lets say it was video/audio streaming. In this case the device is a h/w ATA and the service is registering using SIP and NO encryption. How come the traffic ends up in 2 different classifications? I did set the mark to 000000 as recommended.

View attachment 27290

I have another h/w ATA that registers on the service using an encrypted TLS transport with SRTP and all the traffic ends up in 1 classification. I must have missed something?
If the connection attributes match more than 1 rule in the iptables section, the last rule wins. Is that the case here?
 
heyy with the new version of flexqos it feels like that i have way lower latency ingame than before did you made any improvements on this way?. My connection for gaming feels a lot more response than before ;-)
I should say "yes" just to take the credit, but no major changes were done that should improve latency at all.
 
If the connection attributes match more than 1 rule in the iptables section, the last rule wins. Is that the case here?
Not sure what the means.. here is a screenshot. 105 is the TLS transport and encrypted, 106 is the UDP/ unencrypted. I did not adjust any other things on the page yet.
1604014576757.png
 
Last edited:
Not sure what the means.. here is a screenshot. 105 is the TLS transport and encrypted, 106 is the UDP/ unencrypted. I did not adjust any other things on the page yet.View attachment 27292
You are limiting the rule to only things undetected by the Adaptive QoS engine. Since it’s detected as SIP (mark 06000C) it doesn‘t match your rule for mark 000000. If you want all traffic from .105 or .106 to be captured no matter what, remove the 000000 from the rule.
 
If I look at your earlier screenshot of your rules, you've deleted some of the default AppDB rules that move web traffic out of Net Control. So perhaps that's causing a problem. I also notice you cap your Upload Classes at 60%. Why? Better to cap it in the QoS page if it's the same for all Classes.

You're right. Lag spikes are gone after putting back the appdb rules that I removed.

Im not sure if this is correct but apparently AppDB redirection works faster at re-classifying than IPtable Rules.

So every time someone loads YouTube or Netflix, it takes awhile before iptables rules to reclassify the ports to the lowest priority causing a brief moment of latency whereas with appdbRules it is instantly classified to the lowest priority.

I just thought with the addition of the inverted marks I could dispense with some of the AppDB Redirection Rules. Anyways, Thanks for your help!
 
Im not sure if this is correct but apparently AppDB redirection works faster at re-classifying than IPtable Rules.
The iptables rules override the mark already assigned to a packet by the trend micro engine and then passes it through the list of tc filters (all A.QoS AppDB rules) to get into the correct priority level and queueing bucket.

AppDB rules take the mark already assigned by the trend micro engine and redirect it to a user-defined priority level. No mangling of the packet, just placing it in a different queueing bucket.
 
Do you know why it is this way? Normal behavior I'd expect would be: first match, stop examining further rules.
There are 2 reasons in particular for this script:
  1. The iptables MARK target is non-terminating (versus ACCEPT, DROP, REJECT which are terminating), meaning it changes the mark as specified in the rule, but proceeds on to the next rule in the chain for evaluation. That's normal Linux behavior. See https://serverfault.com/questions/1...the-next-rule-when-an-extension-target-is-use
  2. The original FreshJR script appended the hardcoded custom rules and user rules to the POSTROUTING chain, so I repeated the same behavior. That means they appear in iptables -t mangle -S POSTROUTING in the same order they appear in the iptables rules section of the webui. Therefore, the lowest rule in the webui determines the packet's fate (if more than one rule matches) since it would coincide with the lowest rule in the iptables chain.
I thought about changing the order or precedence in the UI, but everyone's existing rules would be turned upside down if they were working fine already. And since I don't have a good way to re-order rules in the webui, it's less disruptive to add more important rules to the bottom of the list than to try to get them higher up in the list by deleting and recreating existing rules in the desired order.
 
Looking for feedback from FlexQoS users about whether the FlexQoS scheduled check at 3:30 AM ever does anything on your router. It doesn't on mine, suggesting it could be removed.

Please run the command below to search your syslogs for the nightly check and let me know if it ever doesn't say "No TC modifications necessary"

Bash:
grep -E "^[A-Za-z]{3} [0-9]{1,2} 03:30:[0-9]{2} FlexQoS:" /tmp/syslog.log-1 /tmp/syslog.log

Code:
/tmp/syslog.log-1:Oct 20 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=5139) called with 1 args: -check
/tmp/syslog.log-1:Oct 20 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 21 03:30:01 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=31067) called with 1 args: -check
/tmp/syslog.log-1:Oct 21 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 22 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=15949) called with 1 args: -check
/tmp/syslog.log-1:Oct 22 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 23 03:30:01 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=8386) called with 1 args: -check
/tmp/syslog.log-1:Oct 23 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 24 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=30462) called with 1 args: -check
/tmp/syslog.log-1:Oct 24 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 25 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=12105) called with 1 args: -check
/tmp/syslog.log-1:Oct 25 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 26 03:30:01 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=23257) called with 1 args: -check
/tmp/syslog.log:Oct 26 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 27 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=5233) called with 1 args: -check
/tmp/syslog.log:Oct 27 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 28 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=28006) called with 1 args: -check
/tmp/syslog.log:Oct 28 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 29 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=9353) called with 1 args: -check
/tmp/syslog.log:Oct 29 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 30 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=27442) called with 1 args: -check
/tmp/syslog.log:Oct 30 03:30:02 FlexQoS: No TC modifications necessary
 
I remember that I had it once or twice within the last months reapplying settings at night (this also happened sometimes back in days when it was FreshQoS), but normally it's doing nothing. As my log is reset I can't prove it at the moment. As it doesn't hurt I'd let it be there, but it's your choice.
 
On an AX88U running 384.19, all I have seen are after the -check command is "No TC modifications necessary" .
BTW, us running syslog-ng, /opt/var/log/messages* show this string. The grep as above didn't work for me.
I just used

grep FlexQoS /opt/var/log/messages*
 
I remember that I had it once or twice within the last months reapplying settings at night (this also happened sometimes back in days when it was FreshQoS), but normally it's doing nothing. As my log is reset I can't prove it at the moment. As it doesn't hurt I'd let it be there, but it's your choice.
I think the original purpose in FreshJR_QOS would have been to account for the scheduled signature update for Trend Micro. Since I now have a hook to run check after "restart_wrs" I suspect the need for the fixed scheduled check is superfluous. I'm not in a hurry to remove it, but if it isn't doing anything there's no point in running it. Let's wait and see.
 
Hmm, in looking at syslog.log after a FlexQoS restart, I saw this:

Oct 30 13:10:20 RT-AX88U-26A8 custom_script: Running /jffs/scripts/service-event (args: restart conntrack)
Oct 30 13:10:20 RT-AX88U-26A8 modprobe: module nf_conntrack_proto_gre not found in modules.dep
Oct 30 13:10:20 RT-AX88U-26A8 modprobe: module nf_nat_proto_gre not found in modules.dep
Oct 30 13:10:20 RT-AX88U-26A8 modprobe: module nf_conntrack_pptp not found in modules.dep
Oct 30 13:10:20 RT-AX88U-26A8 modprobe: module nf_nat_pptp not found in modules.dep
Oct 30 13:10:20 RT-AX88U-26A8 custom_script: Running /jffs/scripts/service-event-end (args: restart conntrack)

Am I missing some modules or is it noise?

Thx
 
Hmm, in looking at syslog.log after a FlexQoS restart, I saw this:

Oct 30 13:10:20 RT-AX88U-26A8 custom_script: Running /jffs/scripts/service-event (args: restart conntrack)
Oct 30 13:10:20 RT-AX88U-26A8 modprobe: module nf_conntrack_proto_gre not found in modules.dep
Oct 30 13:10:20 RT-AX88U-26A8 modprobe: module nf_nat_proto_gre not found in modules.dep
Oct 30 13:10:20 RT-AX88U-26A8 modprobe: module nf_conntrack_pptp not found in modules.dep
Oct 30 13:10:20 RT-AX88U-26A8 modprobe: module nf_nat_pptp not found in modules.dep
Oct 30 13:10:20 RT-AX88U-26A8 custom_script: Running /jffs/scripts/service-event-end (args: restart conntrack)

Am I missing some modules or is it noise?

Thx
Noise that Merlin fixed after 384.19 was released.

 
Looking for feedback from FlexQoS users about whether the FlexQoS scheduled check at 3:30 AM ever does anything on your router. It doesn't on mine, suggesting it could be removed.

Please run the command below to search your syslogs for the nightly check and let me know if it ever doesn't say "No TC modifications necessary"

Bash:
grep -E "^[A-Za-z]{3} [0-9]{1,2} 03:30:[0-9]{2} FlexQoS:" /tmp/syslog.log-1 /tmp/syslog.log

My logs go back to Sep 19, and they all say "No TC modifications necessary" for the 3:30am check.
 
Looking for feedback from FlexQoS users about whether the FlexQoS scheduled check at 3:30 AM ever does anything on your router. It doesn't on mine, suggesting it could be removed.

Please run the command below to search your syslogs for the nightly check and let me know if it ever doesn't say "No TC modifications necessary"

Bash:
grep -E "^[A-Za-z]{3} [0-9]{1,2} 03:30:[0-9]{2} FlexQoS:" /tmp/syslog.log-1 /tmp/syslog.log

Code:
/tmp/syslog.log-1:Oct 20 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=5139) called with 1 args: -check
/tmp/syslog.log-1:Oct 20 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 21 03:30:01 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=31067) called with 1 args: -check
/tmp/syslog.log-1:Oct 21 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 22 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=15949) called with 1 args: -check
/tmp/syslog.log-1:Oct 22 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 23 03:30:01 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=8386) called with 1 args: -check
/tmp/syslog.log-1:Oct 23 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 24 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=30462) called with 1 args: -check
/tmp/syslog.log-1:Oct 24 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log-1:Oct 25 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=12105) called with 1 args: -check
/tmp/syslog.log-1:Oct 25 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 26 03:30:01 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=23257) called with 1 args: -check
/tmp/syslog.log:Oct 26 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 27 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=5233) called with 1 args: -check
/tmp/syslog.log:Oct 27 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 28 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=28006) called with 1 args: -check
/tmp/syslog.log:Oct 28 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 29 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=9353) called with 1 args: -check
/tmp/syslog.log:Oct 29 03:30:02 FlexQoS: No TC modifications necessary
/tmp/syslog.log:Oct 30 03:30:00 FlexQoS: /jffs/addons/flexqos/flexqos.sh (pid=27442) called with 1 args: -check
/tmp/syslog.log:Oct 30 03:30:02 FlexQoS: No TC modifications necessary
I can also confirm that there are never any modifications done at 3:30am.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Back
Top