In an efford to try to keep the firmware topics clean, this thread will discuss all questions and remarks regarding Wondershaper' QoS (or Bandwidth control).

Some must-read info:
Wondershaper info (http://www.docum.org/docum.org/docs/)

Oleg' FAQ for v1.7.5.9 firmwares (http://wl500g.dyndns.org/)

WIKI (dynamic information system) (http://wiki.wl500g.info/index.php/PackageWondershaper)

Styno, please remove bootCmd stuff, it's not correct.

Styno, please remove bootCmd stuff, it's not correct.

ghehe hit the EditText button then :)

ghehe hit the EditText button then :)
Too simple. :D

Hmm, i didn't add the bootCmd section at all :p, someone else did. It's a WIKI...

Okay ontopic now:
I configured the router with post-boot scripts to enable wondershaper and did a test:
On the router I did: 'ping www.tweakers.net -t' and the pings returned in approximately 15 ms.
Then I started a download and the pings went up to approximately 500 ms instantly.

I reviewed the wshaper script and it explicitly provides priority to ICMP (ping e.g.) over other traffic. Why is my ping going sky high then? Queueing on the ISP side?

Reduce traffic rate settings.
In fact, downloading should not make any impact on pings. Upload does make difference.

Thanks ,Oleg and everybody here first

I have read these 2 links as follow already,
Oleg' FAQ for v1.7.5.9 firmwares
WIKI (dynamic information system)

but I still confuse about the wshaper.

see my settings first.(I'm a newbie in linux)

1.telnet to the wl500g
2.mkdir /usr/local/init
3.cp /init/functions /usr/local/init/functions
4.add 1 line command /init/wshaper start "eth1" 1024 100
in the /usr/local/init/functions (at the bottom of this file)

5.flashfs save
6.flashfs commit
7.flashfs enable
7.reboot

is it correct?

and for example :
if I want to let 192.168.1.3 with (200k/10k)
192.168.1.4 with (150k/20k)
192.168.1.5 with (100k/10k)
192.168.1.6 with (300k/30k)
what should I do?

add 4 lines commands in the /usr/local/init/functions ??

/init/wshaper start "eth1" 200 10 192.168.1.3/32
/init/wshaper start "eth1" 150 20 192.168.1.4/32
/init/wshaper start "eth1" 100 10 192.168.1.5/32
/init/wshaper start "eth1" 300 30 192.168.1.6/32

I think it's wrong!
because when i use it but all ip run with 300k/30k
how I can do?? or it's impossible?

or I just can let 192.168.1.3 192.168.1.4 192.168.5 as low priority source?

like that command
/init/wshaper start "eth1" 1024 64 192.168.1.3/32,192.168.1.4/32,192.168.5/32

then the ip 192.168.1.6 can get the highest priority??

appreciate your answers in advanced.

Hi

I´m not that deep into wondershaper but to shap single ip´s i think you have to modify the script itself, after all its just an convenient front-ent to the kernel QoS services and intendet for single line usage on a router (shaps for all connektions then) or to be run on your local linux machine. Will look into it when my Asus arives (Antiloop, waiting was useless this morning ;)).

1.telnet to the wl500g
2.mkdir /usr/local/init
3.cp /init/functions /usr/local/init/functions
4.add 1 line command /init/wshaper start "eth1" 1024 100
in the /usr/local/init/functions (at the bottom of this file)
5.flashfs save
6.flashfs commit
7.flashfs enable
7.reboot

is it correct?
Step 3 is wrong:
3.create /usr/local/init/post-firewall with vi
4.add: /init/wshaper start "$1" 1024 100
4a.make script executable with chmod +x /usr/local/init/post-firewall


and for example :
if I want to let 192.168.1.3 with (200k/10k)
192.168.1.4 with (150k/20k)
192.168.1.5 with (100k/10k)
192.168.1.6 with (300k/30k)
what should I do?Do you really want this because if 192.168.1.4 is the only one generating traffic it can't use the full bandwidth.



add 4 lines commands in the /usr/local/init/functions ??

/init/wshaper start "eth1" 200 10 192.168.1.3/32
/init/wshaper start "eth1" 150 20 192.168.1.4/32
/init/wshaper start "eth1" 100 10 192.168.1.5/32
/init/wshaper start "eth1" 300 30 192.168.1.6/32

I think it's wrong!
because when i use it but all ip run with 300k/30k
how I can do?? or it's impossible?
Wrong again :)

You have to modify the /init/wshaper script to do this. How? I don't know yet.
Probably just copy it to /usr/local/init and edit it with vi to apply the rules. Don't forget to set the right path in the post-firewall script in this case.



or I just can let 192.168.1.3 192.168.1.4 192.168.5 as low priority source?

like that command
/init/wshaper start "eth1" 1024 64 192.168.1.3/32,192.168.1.4/32,192.168.5/32

then the ip 192.168.1.6 can get the highest priority??

appreciate your answers in advanced.
Thats the most realistic option.

Thanks ,Oleg and everybody here first

I have read these 2 links as follow already,
Oleg' FAQ for v1.7.5.9 firmwares
WIKI (dynamic information system)

but I still confuse about the wshaper.

see my settings first.(I'm a newbie in linux)

1.telnet to the wl500g
2.mkdir /usr/local/init
3.cp /init/functions /usr/local/init/functions
4.add 1 line command /init/wshaper start "eth1" 1024 100
in the /usr/local/init/functions (at the bottom of this file)

5.flashfs save
6.flashfs commit
7.flashfs enable
7.reboot

is it correct?

telnet to the wl500g


mkdir /usr/local/init
echo "/init/wshaper start \"\$1\" 1024 100" > /usr/local/init/post-firewall
chmod +x /usr/local/init/post-firewall
flashfs save
flashfs commit
flashfs enable
reboot




and for example :
if I want to let 192.168.1.3 with (200k/10k)
192.168.1.4 with (150k/20k)
192.168.1.5 with (100k/10k)
192.168.1.6 with (300k/30k)
what should I do?

rewrite the wshaper script completely, to put every IP in different class :)



add 4 lines commands in the /usr/local/init/functions ??

/init/wshaper start "eth1" 200 10 192.168.1.3/32
/init/wshaper start "eth1" 150 20 192.168.1.4/32
/init/wshaper start "eth1" 100 10 192.168.1.5/32
/init/wshaper start "eth1" 300 30 192.168.1.6/32

I think it's wrong!
Sure.

because when i use it but all ip run with 300k/30k
how I can do?? or it's impossible?

or I just can let 192.168.1.3 192.168.1.4 192.168.5 as low priority source?

like that command
/init/wshaper start "eth1" 1024 64 192.168.1.3/32,192.168.1.4/32,192.168.5/32



/init/wshaper start eth1 1024 64 "192.168.1.3 192.168.1.4 192.168.1.5"




then the ip 192.168.1.6 can get the highest priority??

yes
But this probably will not work due to NAT. You may want try shaping br0 instead, swapping upload/download.

I've updated the WIKI page and added a new page on howto migrate from BootCmd's to post-boot scripts (flashfs-boot).

I've never had the idea that Wondershaper worked for me but I didn't have problems with my bandwidth either so I didn't investigate it. This changed yesterday: I was playing an online first person shooter when someone started a download from my FTP server. The game became unplayable because of high pings (lag) so I had to disable te FTP server and start again. This problem should have been avoided by the Wondershaper script so I started looking into the problem:

I've done some tests where I was pinging to 'www.tweakers.net' while downloading a large file from 'www.chupa.nl' and this is what i've found out:

The following command placed at the first line in the post-firewall script does not work at all:

/init/wshaper start "$1" 976 460
But when I give the following command on the command-line, Wondershaper does work:

/init/wshaper start "br0" 976 460
as does:

/init/wshaper start "eth0" 976 460
So I've removed the command from the post-firewall script and placed the following command on the first line in the post-boot script:

/init/wshaper start "br0" 976 460
Now it does work for me :) , any ideas on the cause?

The idea to this to post-firewall was as following - 1) automagically determine WAN port name; 2) possible wshaper changes to properly handle NATed connections with mangle table.

As for you problems. You've effectively switched upload/download rates by starting shaping LAN side (yes, LAN, not WAN). So your config in terms of post-firewall is in fact become



/init/wshaper start "$1" 460 976


which is not, that is you expecting

Finally, as seems your download rate is not 1Mbit, it's lower. Try lowering it from 976 down to 460 looking for better results.

Hello,

is their a way to see if woundershaper is running and what is going on ?

I configured the post-firewall script, but it seems not to change anything.

Thx
Lionking

The idea to this to post-firewall was as following - 1) automagically determine WAN port name; 2) possible wshaper changes to properly handle NATed connections with mangle table.

As for you problems. You've effectively switched upload/download rates by starting shaping LAN side (yes, LAN, not WAN). So your config in terms of post-firewall is in fact become



/init/wshaper start "$1" 460 976


which is not, that is you expecting

Finally, as seems your download rate is not 1Mbit, it's lower. Try lowering it from 976 down to 460 looking for better results.
1) Ok, I see your point about inserting the wshaper script to the post-firewall script. I would indeed be a good point to start the wshaper script from.
2) I've made an 'error' by using br0 and eth0, the right device should have been eth1.

I've checked the $1 variable in the post-firewall script and it says: eth1. So the settings were correct all the time, but my tests clearly made visible that shaping does not take place when the script is started from post-firewall:

/init/wshaper start "$1" 976 460
(which is effectively: '/init/wshaper start "eth1" 976 460')
This line does not start shaping because the pings rocket sky high when I start downloading.

But when I place the following line in post-boot, the pings stay low during downloads:

/init/wshaper start "eth1" 976 460

So, unless this method is not suitable to test Wondershaper, this proves two things:
1) Somehow the same command in post-boot works different then post-firewall. So post-firewall is not suitable for starting the wshaper script.
2) I definitely have the 1Mb downlink and 512 uplink, otherwise shaping would never succeed in keeping the pings low.

Oleg, have you done tests with Wondershaper and the post-firewall scripts in order to check if shaping does really take place?

Oleg, have you done tests with Wondershaper and the post-firewall scripts in order to check if shaping does really take place?
Yes. I'm using it all the time.
You may want to check it using


wshaper status eth1

and compare the results for both methods.

Just done some extra checking. I've tested the real download bandwith, using the test on www.speedtest.nl multiple times, which gives me 820 Kbit usable download- and 350 Kbit usable upload speed (My ISP states I have a 1024/512 connection). I've adjusted the script parameters to 800 and 320 respectively and these are the results:

- Shaping from post-firewall while downloading a large file from a fast server:

--- www.tweakers.net ping statistics ---
120 packets transmitted, 120 packets received, 0% packet loss
round-trip min/avg/max = 12.4/27.8/98.7 ms
Download speed 89 Kbyte/sec.

- Shaping disabled while downloading a large file from a fast server:

--- www.tweakers.net ping statistics ---
60 packets transmitted, 60 packets received, 0% packet loss
round-trip min/avg/max = 12.2/97.3/554.1 ms
Download speed 103 KByte/sec.

- Shaping from post-firewall with high script parameters (976, 460 respectively) while downloading a large file from a fast server:

--- www.tweakers.net ping statistics ---
62 packets transmitted, 62 packets received, 0% packet loss
round-trip min/avg/max = 13.8/90.7/228.8 ms
Download speed 106 KByte/sec.

- CONCLUSION:
Starting the Wondershaper script from the post-firewall does work. It lowers the average ping times considerably at the cost of a slightly lower download speed. :)

Using script parameters which are too high clearly shows that it effectively disables it. So the lesson here is: Choose the parameters carefully and don't be too enthousiastic about the real performance of your internet connection.

Thanks for the help Oleg.

Using script parameters which are too high clearly shows that it effectively disables it. So the lesson here is: Choose the parameters carefully and don't be too enthousiastic about the real performance of your internet connection.

Yes, ISPs tends to fool their users. They're also run shapers, which are less intelligent than wondershaper. :)

Yes, ISPs tends to fool their users. They're also run shapers, which are less intelligent than wondershaper. :)
Yes, I forgot that the ATM protocol (which takes approximately 10%) has to be substracted from the theoretical values. This is a disadvantage for ADSL users... You pay for the whole package, but you get only 8/10 or 9/10.

Yes, I forgot that the ATM protocol (which takes approximately 10%) has to be substracted from the theoretical values. This is a disadvantage for ADSL users... You pay for the whole package, but you get only 8/10 or 9/10.
ISPs do sell an IP bandwidth (at least in France, but i don't think it is different in Europa), and the ATM VC is shapped at 640/160 for an IP bandwidth of 512/128 (20% higher due to ATM overhead). However ISPs speak only of peak values and they do not guarantee the bandwidth.


Otherwise, here is one wshaper configuration to limit the priority of p2p (soulseek & bittorrent) file transfers :

/mnt/ramfs/local/root # cat /usr/local/init/post-firewall
/init/wshaper start eth0 120 500 192.168.2.1/32 10.1.1.1/32 "20 3328 6881 6882 6883" "20 3328 6881 6882 6883"
/mnt/ramfs/local/root #


Oleg, thanks again for your good work...

I've build my own setup now. It differs quite a bit from the original script, but this is because of my specific requirements:

I have filesharing (KaZaA/Gnutella/OpenFT) and an FTP server running on my router. This often chokes my connection so browsing and playing games is slowing down.

Therefore three queues are created (just like the original):
- 1:10 (High priority)
- 1:20 (Normal priorit)
- 1:30 (Low/bulk priority)

The general rules are applied:
- All TCP traffic has bulk priority
- All UDP traffic has normal priority
- SSH and ICMP has high priority

The exceptions for TCP (default: bulk):
- Traffic to and from port 80 gets normal priority
- Game traffic gets high priority

The exceptions for UDP (default: normal):
- P2P UDP traffic gets bulk priority
- Game traffic gets high priority

Below are the changes against the original script:
- Installs a standard HTB, but everything goes to bulk by default.

tc qdisc add dev $DEV root handle 1: htb default 30

- The definition of the bulk queue get a minimum bandwith of 1/10 but can borrow unused bandwith up to 9/10 from other queues.

tc class add dev $DEV parent 1:1 classid 1:30 htb rate $(($UPLINK/10))kbit \
ceil $((9*$UPLINK/10))kbit burst 6k prio 2

- UDP packets in general get normal class priority (e.g. MSN)

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 17 0xff \
flowid 1:20

- Browsing traffic to and from port 80 get normal priority

tc filter add dev $DEV parent 1: protocol ip prio 13 u32 \
match ip sport 80 0xffff flowid 1:20

tc filter add dev $DEV parent 1: protocol ip prio 13 u32 \
match ip dport 80 0xffff flowid 1:20

- Put KaZaA UDP traffic into bulk

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip sport 1214 0xffff \
match ip protocol 17 0xff \
flowid 1:30

- Put Gnutella UDP traffic into bulk

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip sport 3444 0xffff \
match ip protocol 17 0xff \
flowid 1:30

- Put America's Army (Unreal Tournament engine) UDP traffic into high priority

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip dport 1718 0xffff \
match ip protocol 17 0xff \
flowid 1:10

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip dport 1717 0xffff \
match ip protocol 17 0xff \
flowid 1:10

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip sport 1716 0xffff \
match ip protocol 17 0xff \
flowid 1:10

These adjustments to the wshaper script ensure I can play online without any lag while my girlfriend is browsing/MSN happily and the rest of the bandwith is used by uploads from the router to the internet.

I still haven't figured all the parameters used in this script (like PRIO and u32) out, but I managed to get this up and running by just smart-copy-pasting and trial-and-error. I hope other users can use this info for their own scripts.

I've attached my customized script.

I've found a webpage with a lot of additional info on traffic shaping: http://www.docum.org/docum.org/
Good reading stuff :)

Below are the changes against the original script:

Good work Styno, but why do you put the port 430 (utmpsd Common service) into the medium queue ?

BTW, i have found that the wshaper script can be used both for input ($DEV=br0) and output ($DEV=ppp0). Thus my starting script is now :
/init/wshaper start ppp0 1000 120 10.1.1.1/32 10.1.1.1/32 "20 3328 6881 6882 6883" "20 3328 6881 6882 6883"
/init/wshaper start br0 120 1000 10.1.1.1/32 10.1.1.1/32 "20 3328 6881 6882 6883" "20 3328 6881 6882 6883"

Good work Styno, but why do you put the port 430 (utmpsd Common service) into the medium queue ?Well, I saw that in an example (It was associated with IExplorer) :-) Don't know what that port does though...


BTW, i have found that the wshaper script can be used both for input ($DEV=br0) and output ($DEV=ppp0). Thus my starting script is now :
/init/wshaper start ppp0 1000 120 10.1.1.1/32 10.1.1.1/32 "20 3328 6881 6882 6883" "20 3328 6881 6882 6883"
/init/wshaper start br0 120 1000 10.1.1.1/32 10.1.1.1/32 "20 3328 6881 6882 6883" "20 3328 6881 6882 6883"
Hmm, the authors of Wondershaper state that shaping the download does not much good, so they omit it. That does not mean that shaping the downstream is a bad thing though...

What's wrong though is the devices you use:
BR0 is the bridge between the WAN and LAN. AFAIK, you should use the "$1" parameter of your firewall as the device to shape for both up- and downstream, because this is the WAN device according to your router. This device is mostly ETH0, but you can find out which value "$1" is by echoing it to /tmp. You can do this by adding the following line to the post-firewall script:

echo "$1" > /temp/wan-deviceAfter booting you can 'cat wan-device' file to see what your WAN device is.

M8s, I have just downloaded Oleg's FW 1.7.5.9-5 and am ready to try Wshaper but would like to ask for confirmation for not doing someting stupid and mess up everything.

At the momment I am using FW 1.7.5.9-3 and use the command for fixing the WAN speed to 100full because the "WAN port dies" issue that I suffer. I have:



nvram set bootCmd0="/usr/sbin/et -i eth1 speed 100full"
nvram commit

Everything is working like a dream until I download some popular torrents, just one of these is enough for saturating my connection (it is really crazy but it is like this). I cannot even ping a host because all that I get is dropped packages. I think maybe WShaper can help me here.

WHAT I HAVE:
-Windows XP SP-2 with TCP/IP connection patch installed and fixed to 100 connections.
-Direct ADSL (No PPPoE) 2048/256. Speedtests in Norway report that I get 2030/220.
-Azureus Bittorrent java client on TCP port 54321 (traffic limiter on it is not helping). I am not sure if what is saturating the router is the upload stream or the number of connections, that is why I like to try WShaper.

WHAT I WANT:
I don't know which of these 2 options is more recomendable:

Option 1:
-Shape all the traffic that goes through the router to 1990/190

Option 2:
-That WShaper acts only on my bittorrent traffic limiting it to 1900/180 (TCP port 54321), machine (fixed IP) 192.168.74.100 and that this traffic gets LESS PRIORITY.
-I don't like that anything limmits the rest of my traffic (I like to have full speed if I need an HTTP download).

Please take in account that I DON'T HAVE ANY LINUX EXPERIENCE, I am basically copying / pasting from the examples given in this thread. It is very likely that there are big fails in basic commands (I have never used VI and that is why I am following the echo "xx" > yy path that Oleg has used, but it can have FAILS. I kindly ask you to correct me. Thanks.

STEPS:
1. After reseting the router to defaults (pressing the back button for 5 seconds) install the new firmware.
2. Migrating the speed command from BootCmd's to Flashfs-boot:



telnet to the WL500g
# create directory bcause router is in virgin state
mkdir -p /usr/local/init
# create post-boot script with the speed fix content
echo "/usr/sbin/et -i eth1 speed 100full" > /usr/local/init/post-boot
# made post-boot executable
chmod +x /usr/local/init/post-boot
# prepare image
flashfs save

3. Add the post-firewall script with WShaper content, saving all changes and rebooting:

Oprion 1:


# create post-firewall script with the WShaper content (following Oleg's
# example)
echo "/init/wshaper start \"\$1\" 1990 190" > /usr/local/init/post-firewall
# made post-firewall executable
chmod +x /usr/local/init/post-firewall
# prepare image
flashfs save
# commit it to flash
flashfs commit
# enable flashfs
flashfs enable
reboot

Option 2:


# create post-firewall script with the WShaper content (trying to follow Ark+
# example as I understand it in this sequence: "$1"-DOWNLINK-UPLINK-IP_OF
# MACHINE/32-PORTS (don't know if this last values are effective for both
# tcp and udp ports))
echo "/init/wshaper start \"\$1\" 1900 180 192.168.74.100/32 "54321" "54321"" > /usr/local/init/post-firewall
# made post-firewall executable
chmod +x /usr/local/init/post-firewall
# prepare image
flashfs save
# commit it to flash
flashfs commit
# enable flashfs
flashfs enable
reboot


THESE ARE MY QUESTIONS M8s:

1. Which option is better for my case Option 1 or Option 2?

2. Are there fails in this or is there a better way to do this? Please help me if there are, I don't want to turn my router in an expensive paperweight.

3. Are the ports of Option 2 both TCP and UDP?

THANK YOU VERY MUCH! I hope I can get this done and that it solves my problem.

Thorz,

The both scripts will work (except that you have forgotten the dest address parameter in the second one).

Personally, i would use the second one :

/init/wshaper start "$1" 1900 180 192.168.74.100/32 0.0.0.0/0 "54321" "54321"
since it put azureus in the low priority queue and accelerates other traffic such as http, pop...

However, wshaper will shape bittorrent to 0,8x1900=1520 kb/s, even if you have no other traffic whereas the first script will not...

Hi Torz, you've done quite some work allready!

The most simple solution to your problem would be option 2 but slighty different, see my post below this one.

This way:
- All traffic will get normal priority
- ICMP and SSH will get high priority (ICMP = ping and a number of other important internet tools)
- TCP ports given in the script parameters (Bittorrent in your case) will get low priority, this class will never get full bandwidth though. Even if there's no other traffic.

One thing though: Does Bittorrent transfer files using TCP or UDP? In the UDP case this option will not work...

If you feel confident and have tried option 2 for some time, you might start customizing the script to you own needs, like borrowing speed from normal class by the low priority class.

[Edit: Fixed a huge mistake]

Thank you both in advance for your answers.

First of all: How can I invoke a help command that shows me what commands are available when I am using telnet on the router? I would like to use vi instead of the "echo "xx" > yy" of the examples, but I am not sure of the options (I am not sure if having "$1" surrounded by "/" is correct, I have just copyed it as it was in the other example). As I am very new to linux and I was expecting some HELP command (like on DOS :) ) with some description of the commands that were possible to use on the router. I have been googling for "basic linux commands" but after trying some of them (like "man" f.e.) I found that they are not accepted by the router.



The both scripts will work (except that you have forgotten the dest address parameter in the second one).
It was a difficult one because I didn't know that they were source - destination addresses. You had 192.168.2.1/32 10.1.1.1/32, and then 10.1.1.1/32 10.1.1.1/32 :eek: I don't understand the concept of having 0.0.0.0/0 in the destination IP (maybe 0.0.0.0/0 means "all the external world" or something like that... :))


Personally, i would use the second one :

/init/wshaper start "$1" 1900 180 192.168.74.100/32 0.0.0.0/0 "54321" "54321"
since it put azureus in the low priority queue and accelerates other traffic such as http, pop...
Nice, but does this mean that the rest of the traffic (HTTP, POP, etc) doesn't get shaped at all?


However, wshaper will shape bittorrent to 0,8x1900=1520 kb/s, even if you have no other traffic whereas the first script will not...
:confused: That was a new thing, 1520kbps is pretty low. What is the reason for this? Does it mean that I have to use something like 2375 for that I get the 1900kbps shaping? Me: Very :confused:



This way:
- All traffic will get normal priority
- ICMP and SSH will get high priority (ICMP = ping and a number of other important internet tools)
Very nice.

- TCP ports given in the script parameters will get low priority, this class will never get full bandwidth though.
How do I put the ports in Option 1 m8? It becomes then Option 2, or am I missing something? Could you write the full "Wshaper start..." line of Option 1 that I should use as you are indicating?
When you say "TCP ports given in the script" does it mean that I have to modify the Wshaper script directly? I was thinking that the only thing to be done was to add the "Wshaper start..." line to post-firewall and nothing else. I have seen the script that you have attached, but it looks really scary m8. I don't even know were it is located in the router :(


One thing though: Does Bittorrent transfer files using TCP or UDP? In the UDP case this option will not work...
It only uses one port TCP:54321 (selected by me).


If you feel confident and have tried option 1 for some time, you might start customizing the script to you own needs, like borrowing speed from normal class by the low priority class.
That would be nice, but for now I just want to start with the basics and have the thing rolling. I have not even flashed the FW yet. I will wait for your answers about this post and from there I think I can get the confidence to do it.

THANKS A LOT M8S!

You've certainly got some things confused here. But no worries, couz we're gonna figure it out ;)

Read my previous post again please, I had to edit it because it contained an invalid advice. I must learn to read better...:cool:

First some basic stuff:
Linux does not have a HELP command. However, a lot of commands are in the busybox library. You can see which commands it contains by typing 'busybox' on the command line in a telnet session. There are other commands/scripts too (like the wshaper script) but you'll have to figure them out along the way because I'm not going to give you a whole summary here (It would give me RSI if I tried that!). If you use a custom firmware like 1.7.5.9 CR5 (recommended b.t.w.), vi will be on the box, just type 'vi'.

When using wondershaper, all traffic will be shaped. This sounds great but if all traffic ends up in the same priority class you won't get any speed up. Therefore the standard script will prioritize ICMP and SSH while everything else goes into normal priority (like HTTP and Bittorrent). This means that during a download with Bittorrent, your pings can look good while HTTP can be horribly slow. To solve this problem you need to send Bittorrent into bulk (low) priority class. Option 1 will leave Bittorrent traffic in the normal priority class, so you won't have any benifit in using wondershaper. Option 2 will put Bittorrent traffic into the low priority class, which is what you want.

You should go for Option 2.

Option 2 uses parameters given to the script to send Bittorrent data to low priority class. On the wiki page here: http://wiki.wl500g.info/index.php/PackageWondershaper you can see which parameters exist and what you can do with it. For your perpose the command to start wondershaper looks like this:


/init/wshaper start "$1" 1990 190 " " " " "54321" "54321"

In this example the 5th and 6th parameter are empty because you don't want to shape the source and destination IP addresses, as that would put ALL your traffic into the low priority class. The 7th and 8th parameters are the source- and destination port on your network for which all traffic should go into the low priority class.

You should put this command into your 'post-firewall' script. The best way to do that would be using 'vi'. Make sure you do 'flashfs save' and 'flashfs commit' after you're done editing. Note: You need flashfs-boot method for this (see the Wiki pages). A lesser solution is to put the commandline in your BootCmds.

A tip: To test/optimize the wshaper you can use the command line in a telnet session:
1) you can start wondershaper using:

/init/wshaper start "eth1" 1990 190 " " " " "54321" "54321"
2) Do some speed tests.
3) Stop wondershaper using the following command:

/init/wshaper stop "eth1"
4) Goto (1) and change parameters until you'r happy with the speed results.
..
5) Save the best option into the 'post-firewall' script as described in the previous paragraph.

Now Bob's you uncle m8...

A million thanks Styno, I will try this inmediatly and will post later with the results.

For all the Linux starters like me, I would like to share a nice vi guide. I still find vi very scary but hope that with the help of this guide I can acomplish the basic edition tasks related to Wondershaper.

http://www.gentoo.org/doc/en/vi-guide.xml

I hope it helps you too.

A tip: To test/optimize the wshaper you can use the command line in a telnet session:
1) you can start wondershaper using:

/init/wshaper start "eth1" 1990 190 " " " " "54321" "54321"
2) Do some speed tests.
3) Stop wondershaper using the following command:

/init/wshaper stop "eth1"
4) Goto (1) and change parameters until you'r happy with the speed results.
..
5) Save the best option into the 'post-firewall' script as described in the previous paragraph.

Now Bob's you uncle m8...

I have done it, but the results were not what I was expecting. I have upgraded FW, add the speed fix (100full) to post-boot and reconfigured my router again with the security settings and other things from the web interface.

I have used the exact command line that you wrote for testing Wshaper and I was very sorprised to see that the shaper was affecting ALL the traffic, not only bittorrent (port 54321). I have tested downloading 4 torrents and at the same time downloading from a web server that by itself I know it can fill all my bandwidth (256KB/s down or 2048kbps). I was checking the traffic monitor in taskmanager and saw that with an activated test shape that I was using (1000 100) I was using only little over half of my bandwidth. After stoping Wshaper from telnet inmediatly I could see how my bandwidth was totally used specially by the single HTTP download. This was not exactly the result that I was looking for, Wshaper is not effecting only traffic on port 54321, it is shaping all the traffic together.

I have doenloaded a shaper program for Windows XP (Netlimiter) and now I am trying with it. Very nice peace of software. Until I don't find a way to shape only Bittorrent on port 54321 I don't think that Wshaper will be useful for me. Or at least that it shapes all traffic but that let HTTP use almost all the channel and hold bittorrent on 1900 170 or something like that.

Thanks a lot for the help.

The behaviour you describe above is exactly what the default Wondershaper script does. It shapes all traffic and devides bandwith according to the priority of the traffic and the speed parameters.

I'll quote myself:


This way:
- All traffic will get normal priority
- ICMP and SSH will get high priority (ICMP = ping and a number of other important internet tools)
- TCP ports given in the script parameters (Bittorrent in your case) will get low priority, this class will never get full bandwidth though. Even if there's no other traffic.

If the normal priority class (HTTP mostly) requires more bandwith then the low priority class (Bittorrent) will give it. Also, Bittorrent will get 8/10 * 1990 kb/s maximum. Normal priority class will get 9/10 *1990 maximum. When using Wondershaper you will not get the maximum download speed because it reserves speed to be able to get those high priority packets through.

I suggest you use the '1990 190' parameters. '1000 100' are improper parameters and you should forget the results you got from that test.

Like I've said before: if you feel you're up to it, you can customize the script to your own needs. I've customized it in order to let the bulk priority class vary, depending on the load, between 3/10 and 9/10 of the max. download speed for example.

There are a lot of other shaping strategies possible, some of which will provide better results for you, some will not. The Wondershaper script is essentially an example of what traffic shaping can do. But in the end its up to you and your desicion...

Good luck.

@styno or other people who running ws
can you (or the others) adapt the wiki for the new firmware 1.8.1.7-1, i think there are only changes in file stuctur right?
for a newbie in ws(that i'm), it would be a big help if there is the new structur in.

@all
i've read the whole qos thread and the wiki, but i didn't understand the structur of the script parameters. the only thing i wanted to do is:
to set up my voip ip adapter (IP adresse: 192.168.1.4 in DMZ) to the high priority mode (most important the upload speed).
the other traffic (up and download) should get lower priority.
my connection is adsl (with 786down/128up). firmware on wl500g is 1.8.1.7-1 .

my file post-firewall:


#!/bin/sh
/sbin/wshaper start "$1" 700 100

i know that the setting above is not correct for the setting i wish. but i don't understand the parameters. and if i enter "wshaper status eth1" nothing happend.

if someone could help me, it would be nice
thx a lot.

ps: sry for my english ;-)

--edit--
if i enter

wshaper start "$1" 700 100

the following appears:


Cannot find device "root"
Error: Qdisc "1:" is classless.
Error: Qdisc "1:1" is classless.
Error: Qdisc "1:1" is classless.
Error: Qdisc "1:1" is classless.
Unknown qdisc "1:10", hence option "handle" is unparsable
Unknown qdisc "1:20", hence option "handle" is unparsable
Unknown qdisc "1:30", hence option "handle" is unparsable
Unknown filter "1:0", hence option "protocol" is unparsable
Unknown filter "1:0", hence option "protocol" is unparsable
Unknown filter "1:", hence option "protocol" is unparsable
Unknown filter "1:", hence option "protocol" is unparsable
Unknown qdisc "ffff:", hence option "ingress" is unparsable
Unknown filter "ffff:", hence option "protocol" is unparsable


did i something wrong?

pls help! ;-)

wshaper start "$1" 700 100

did i something wrong?

pls help! ;-)
To run interactively, you will need to replace $1 with your WAN interface name (eth1 for static/dhcp, ppp0 for pppoe/pptp).
$1 should be used inside post-firewall only.

thx oleg,

do you also know a fast way how i can set up my voip device(192.168.1.4) to the highest priority? and reserve (if its in use) a upload and download speed of 100kb for it.

i'm not a completly idiot, but it is so difficult to understand.

do you also know a fast way how i can set up my voip device(192.168.1.4) to the highest priority? and reserve (if its in use) a upload and download speed of 100kb for it.
You can put your voice traffic in the low delay queue by adding the following lines in the wshaper script
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip src 192.168.1.4 flowid 1:10

Best, you can consider creating a new voice class with high priority and put voice traffic into it. You wshaper script will be something like :



# voice class
tc class add dev $DEV parent 1:1 classid 1:100 htb rate 100kbit \
burst 6k prio 1

# low delay class
tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
burst 6k prio 2

# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $((9*$UPLINK/10))kbit \
burst 6k prio 3

tc class add dev $DEV parent 1:1 classid 1:30 htb rate $((8*$UPLINK/10))kbit \
burst 6k prio 3

# put voice traffic into high priority class
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip src 192.168.1.4 flowid 1:100

@ark+

thx a lot i will test it tomorrow.
good night to all

can anybody confirm that ingress actualy work at all?

i have tested it with options that make sense to my bandwidth and
default ingress settings from original wshaper

example #1:
### wshaper ###
...
DEV=eth0
DOWNLINK=460
tc qdisc add dev $DEV handle ffff: ingress
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
...

RESULT #1
in that moment 76kbit/s

example #2
### wshaper ###
...
DEV=eth0
DOWNLINK=8
tc qdisc add dev $DEV handle ffff: ingress
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1
...

RESULT #2
in that moment 103kbit/s

:confused:

my settings:
FW: 1.7.5.9-5
WL500b with WL500g FW
WAN: eth2
LAN: eth0
NAT (so I am actually shaping my UL with ingress)
shaping dev: eth0

zox

#promenne
MAXDOWN=488 #dowload
MAXUP=82 #upload
IF=eth0 #private device
A=br0 #public device
TC=/sbin/tc
IPTABLES=/sbin/iptables

wshaper start $IF 422 82
wshaper start $A 422 82

#DELETE OLD QUEUES
$TC qdisc del dev $A root
$TC qdisc del dev $IF root

$IPTABLES -t mangle -F FORWARD


#DOWNLOAD

$TC qdisc add dev $IF root handle 1:0 htb

$TC class add dev $IF parent 1:0 classid 1:1 htb rate $MAXDOWN
$TC class add dev $IF parent 1:1 classid 1:11 htb rate 128kbit ceil $MAXDOWN #koma
$TC class add dev $IF parent 1:1 classid 1:12 htb rate 128kbit ceil $MAXDOWN #michal
$TC class add dev $IF parent 1:1 classid 1:13 htb rate 128kbit ceil $MAXDOWN #aaada
$TC class add dev $IF parent 1:1 classid 1:14 htb rate 128kbit ceil $MAXDOWN #viktor

$TC filter add dev $IF protocol ip parent 1:0 prio 1 handle 1 fw flowid 1:11 #koma
$TC filter add dev $IF protocol ip parent 1:0 prio 1 handle 2 fw flowid 1:12 #michal
$TC filter add dev $IF protocol ip parent 1:0 prio 1 handle 3 fw flowid 1:13 #aaada
$TC filter add dev $IF protocol ip parent 1:0 prio 1 handle 4 fw flowid 1:14 #viktor

$IPTABLES -t mangle -A FORWARD -i $IF -d 10.0.0.2 -j MARK --set-mark 1 #koma
$IPTABLES -t mangle -A FORWARD -i $IF -d 10.0.0.3 -j MARK --set-mark 2 #michal
$IPTABLES -t mangle -A FORWARD -i $IF -d 10.0.0.5 -j MARK --set-mark 3 #aaada
$IPTABLES -t mangle -A FORWARD -i $IF -d 10.0.0.6 -j MARK --set-mark 4 #viktor



#UPLOAD

$TC qdisc add dev $A root handle 1:0 htb

$TC class add dev $A parent 1:0 classid 1:1 htb rate $MAXUP
$TC class add dev $A parent 1:1 classid 1:11 htb rate 12kbit ceil $MAXUP prio 1 #koma
$TC class add dev $A parent 1:1 classid 1:12 htb rate 12kbit ceil $MAXUP prio 1 #michal
$TC class add dev $A parent 1:1 classid 1:13 htb rate 12kbit ceil $MAXUP prio 1 #aaada
$TC class add dev $A parent 1:1 classid 1:14 htb rate 12kbit ceil $MAXUP prio 1 #viktor

$TC filter add dev $A protocol ip parent 1:0 prio 1 handle 11 fw flowid 1:11 #koma
$TC filter add dev $A protocol ip parent 1:0 prio 1 handle 12 fw flowid 1:12 #michal
$TC filter add dev $A protocol ip parent 1:0 prio 1 handle 13 fw flowid 1:13 #aaada
$TC filter add dev $A protocol ip parent 1:0 prio 1 handle 14 fw flowid 1:14 #viktor

$IPTABLES -t mangle -A FORWARD -i $A -d 10.0.0.2 -j MARK --set-mark 11 #koma
$IPTABLES -t mangle -A FORWARD -i $A -d 10.0.0.3 -j MARK --set-mark 12 #michal
$IPTABLES -t mangle -A FORWARD -i $A -d 10.0.0.5 -j MARK --set-mark 13 #aaada
$IPTABLES -t mangle -A FORWARD -i $A -d 10.0.0.6 -j MARK --set-mark 14 #viktor

My idea i fair shaping bandwidth between 4 computers i my network, but something is wrong, but this doesnt work :[ Im linux newbie. Thanks for help.

Koma

Hi,

are you sure, that eth0 is privat and the br0 i the public side of 500g?
In my case (of course, using just a "one line" shaping) is the br0 is the LAN (private) side and eth0 is the INTERNET side ...

WiZiPoK

Hi,

are you sure, that eth0 is privat and the br0 i the public side of 500g?
In my case (of course, using just a "one line" shaping) is the br0 is the LAN (private) side and eth0 is the INTERNET side ...

WiZiPoK
This depends on the wl500g model: regular box uses eth1, Deluxe - eth0.

Hi,
And what about to try using this part of code:



wshaper start $IF 422 82
wshaper start $A 82 422


WiZiPoK

Hi,

are you sure, that eth0 is privat and the br0 i the public side of 500g?
In my case (of course, using just a "one line" shaping) is the br0 is the LAN (private) side and eth0 is the INTERNET side ...

WiZiPoK

well, i'm sure... :)

i don't know what is default eth on newer devices, on mine is eth0 for WAN, but I needed to change eth0 to LAN and eth2 to WAN, because my internet link is provided through wireless, and some of my clients are on LAN.

zox

Has anyone got Wondershaper working on WL-500gx?

When I run:

/sbin/wshaper start "eth0" 700 100
it sets download on LAN to 100kbps!!!

Furthermore, I've noticed that all of the download traffic on the LAN interface is measured as UPLOAD on the WAN (for WLAN everything is fine and wondershaper is working correctly only when there is no traffic on the LAN interface).

Please help

Has anyone got Wondershaper working on WL-500gx?

Seems like nobody read my question or nobody made Wondershaper to work on gx... well, it probably works if you're using ppp connection. But, I'm using static IP address.

I've done some research (with snmp) and found out that eth0 interface is logging all of the traffic on UTP ports, no matter if it comes from/to LAN or WAN.
On the other hand, interface eth0.1 (LAN) which is in fact a VLAN on interface eth0 is logging LAN traffic correctly. So my idea is to solve this:
1. make another VLAN interface on eth0 (with command: vconfig add eth0 2)
2. ifconfig eth0 0.0.0.0
3. ifconfig eth0.2 address 192.168.254.5 up (192.168.254.5 is my WAN ip address)
4. to flush all of the ip tables
5. to insert all of the rules again substituting eth0 with new eth0.2

now WAN port would be eth0.2 and not eth0. and wondershaper would work with /sbin/wshaper start "eth0.2" 700 100 .

Is there any way to switch eth0 with eth0.2 without flushing iptables?

So, I'm not a linux guru... just want to ask is this the way to do it?, before I try this (and possibly screw something).

Btw, I'm using firmware 1.9.2.7-5a.

is there a way to assign port to a vlan?

there is admcfg on openwrt but gx is not using same chip.

Wait for 1.9.2.7-6 release it would contain the same vlan interfaces, just like wrt54g has.

great, can't wait :)

I don't know what the Asus WL500G is (I assume it's an ADSL router/modem), but I googled for Wonder Shaper discussion groups, and since people here seem knowledgeable about Wonder Shaper, I thought I might as well ask here. (To be honest, there were a lot of posts, and I didn't read them all. The first post seemed to start in the middle of a discussion.)

I'm referring to the Wonder Shaper script published at http://lartc.org/wondershaper/.

I have two computers, a server (Fedora Core 3) that I use as an experimental apache server (http://marco75.no-ip.info) and a bit torrent client, and a workstation (Windows XP).
They connect through a 5 port switch to an ADSL router/modem.

My ADSL connection speed is 1500/256 kbps downstream/upstream

When I apply the /usr/bin/wshaper script, it prevents the bit torrent client (Azureus) from flooding the router's queue, stabilizing it. However, this makes samba traffic between server and workstation really slow, like Internet speeds in fact.

I have edited the top of the wshaper script like so:

DOWNLINK=1400
UPLINK=240
DEV=eth0

How do I prevent the script from throttling SAMBA packets (TCP port 401, I believe)?
Also, web server traffic should be given priority over P2P traffic.

Thanks for Reading.

Marco

Wait for 1.9.2.7-6 release it would contain the same vlan interfaces, just like wrt54g has.
would it be possible to implement support for all 16 vlans to be set through nvram?

When I set the following variables, vlan2 is not created, compared to OpenWRT.



[asus]$ nvram show | grep ^vlan
vlan2ports=1 5
vlan0ports=2 3 4 5*
vlan2hwname=et0
vlan_enable=1
vlan1hwname=et0
vlan1ports=0 5
vlan0hwname=et0

Just checked on this - it's there. Type ifconfig -a to check all available interfaces. Remember to ifconfig vlan2 up and assign IP address.

Can anybody point me where to find the WL500 WIKI pages?

I am trying yo figure out how to configure wondershaper. I've read the documentation I found on the script on othr places, but need to get more backgroung on its use on the WL500 (establish the difference between the different DEV's for example).

I'm not used to daily work with linux but try to keep an open mind. If there is any other well documented reference on wondershaper and related topics I would appreciate your feedback.


Thanks.

http://wiki.wl500g.info/

This part is absurdity, this part i removed. But i think in HTB which is implemented on my asus is not suported filter FW? is it posible?



Hi,
And what about to try using this part of code:



wshaper start $IF 422 82
wshaper start $A 82 422


WiZiPoK

I got it to work, but got a couple to questions so i can tweak it to suit my needs :)

According to docum.org rate is the garanteed bandwidth the class will get, so its easy to understand how the bandwidth will be devided when all the child classes adds up to a 100%. But can someone explain how it will be devided with the default setup ? As far as i can see class 1:10 gets 100%, 1:20 gets 90% and 1:30 gets 80%.

Also if you set a rate to 0kbit, will it then only get bandwidth when there is something to spare ?

I want to put Battlefield 2 into my high priority class. I sorta understand how i can define one and one port, but can you define a port range ? BF2 uses port 1500-4999 + a few others, defining each port one by one will take forever. Could something like this work ?


tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip dport 1500:4999 0xffff \
match ip protocol 17 0xff \
flowid 1:10

And im a bit puzzeled about the 0xffff part after the ports, its suppose to be a mask (?), so i figure its 255 something. Can anyone explain this a bit further or does anyone have a link so i can try to figure out by myself.
Is the "match ip protocol 17 0xff" to match UDP packets ? If so is there a link to where i can get some more info on the different option on this parameter ?

Thanks in advance for any help i can get :D

Edit:

I think i figured out the BF2 port issue, i added these two filters. Do they look ok ?

UPD ports

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip dport 1500:4999,27900,29900 0xffff \
match ip protocol 17 0xff \
flowid 1:10

TCP ports

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip dport 29900:29901,28910 0xffff \
match ip protocol tcp 0xff \
flowid 1:10

According to docum.org rate is the garanteed bandwidth the class will get, so its easy to understand how the bandwidth will be devided when all the child classes adds up to a 100%. But can someone explain how it will be devided with the default setup ? As far as i can see class 1:10 gets 100%, 1:20 gets 90% and 1:30 gets 80%.Where do you see that?

Also if you set a rate to 0kbit, will it then only get bandwidth when there is something to spare ?Dunno, see: http://www.docum.org/docum.org/docs/ :) But using the 'ceil' parameter you can let a class borrow bandwith (up to the 'ceil' value) from other classes who have unused bandwith.

I want to put Battlefield 2 into my high priority class. I sorta understand how i can define one and one port, but can you define a port range ? BF2 uses port 1500-4999 + a few others, defining each port one by one will take forever. Could something like this work ?See docum again ;)


tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip dport 1500:4999 0xffff \
match ip protocol 17 0xff \
flowid 1:10

And im a bit puzzeled about the 0xffff part after the ports, its suppose to be a mask (?), so i figure its 255 something. Can anyone explain this a bit further or does anyone have a link so i can try to figure out by myself. Yes, this is a bitmask and is used to tell which bits in the port number should match using logical AND operator (0xffff = all 32 bits, 0xff = 16 bits).

Is the "match ip protocol 17 0xff" to match UDP packets ? If so is there a link to where i can get some more info on the different option on this parameter ?Yes, afaik. For more info see docu again :)


I think i figured out the BF2 port issue, i added these two filters. Do they look ok ?

UPD ports

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip dport 1500:4999,27900,29900 0xffff \
match ip protocol 17 0xff \
flowid 1:10

TCP ports

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip dport 29900:29901,28910 0xffff \
match ip protocol tcp 0xff \
flowid 1:10
Sorry, it's been too long since I wrestled with wondershaper, I really can't see if this is bullocks or correct....

Where do you see that?
Dunno, see: http://www.docum.org/docum.org/docs/ :) But using the 'ceil' parameter you can let a class borrow bandwith (up to the 'ceil' value) from other classes who have unused bandwith.
See docum again ;)


docum.org says this about rate:

The rate of a class is the guaranteed bandwidth the class will get.
If you add more then 1 subclass, make sure that the sum of the rates of the child class is equal or smaller then the rate of the parent. You don't have to follow this rule, but it's easier to understand what will happen if you do so.

tc class add dev $DEV parent 1:1 classid 1:20 htb rate $((9*$UPLINK/10))kbit burst 6k prio 2 sets the rate to 90% or 9/10 of the UPLINK value, tc class add dev $DEV parent 1:1 classid 1:30 htb rate $((8*$UPLINK)/10)kbit burst 6k prio 2 sets the rate to 80% or 8/10 and tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit burst 6k prio 1 gets the full/100% UPLINK value as rate. As far as i can understand it 1:10, 1:20 and 1:30 are child classes or 1:, and the sum of the childs are greater than parent 1: UPLINK. Since docum.org didnt have any examples that covered this i just wondered how it would be devided.
But i guess it works, since most of the sites i found with google seem to use this basic script.

But i just started to read up on this a few days ago, so i could be all wrong :p

Hi,

it seems to be pretty quiet in this thread... :)

I'm still using my old WL-500g (at the moment with Oleg's 1.9.2.7-7e) and I'm very happy with it.

Now I wanted to teach my WL-500g to prioritize the VoIP traffic from an ATA connected to one of the LAN ports. My first try was to do it by using "Bandwith Management" (over the WEB interface) but I failed because of the upload policy. I have reserved 100 kb min. for the port 5004 (RTP) but it didn't work, I don't know why...

My second try was to do it by using the wondershaper script. So I did a copy from "/sbin/wshaper" to "/usr/local/sbin/wshaper", then I created a new executable script-file "/usr/local/sbin/post-firewall" and I filled it with

#!/bin/sh
/usr/local/sbin/wshaper start "$1" 1300 300
My internet connection has 1024/256 kbps, but starting the script with values like "1000 250" has reduced my download speed to 700 - 800 kbps.

Then I modified (or let me say I tried to modify :o ) the wshaper script for a prioritization of the VoIP traffic. I didn't want to define som new priority clases, I just wanted to save some time and to use the script stuture as is. So I added following lines to the script:

# high priority for VoIP traffic
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x68 0xff \
match ip protocol 0x11 0xff \
flowid 1:10

tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0xb8 0xff \
match ip protocol 0x11 0xff \
flowid 1:10

I'm not really sure, if this lazy modification is enough for solving my problem or not. Wat do you think about this modification?

In fact, I couldn't solve my problem by using wondershaper yet. As soon as I start an upload (FTP, SMTP, ...) from my computer, my voice on the phone becomes stuttering. I also tried to reduce the upload speed at the script-call (like this: /usr/local/sbin wshaper start eth1 1000 180) and I tried alternatley to set the IP of my PC to low priority by using $5 and $6 (like this: /usr/local/sbin wshaper start eth1 1300 300 192.168.1.100 192.168.1.100) but it didn't work either.

Does wondershaper work on WL-500g at all? Do it probably work only on Deluxe version? Please help me to get it running correctly!

regards

Robert

Wondershaper does work on WL-500g. At first glance I suspect the problem to be with the bandwith parameters you provide (1300 and 300).

Lets focus on the upload stream only because that one is the most import:
You basically tell Wondershaper that your connection can do 300 kbit/s continuously, but in theory your connection can only do 256 kbit/s and in real life this would be only 200 - 220 kbit/s. This means that the script is planning more data on you line than it can handle, rendering the script useless.

Therefore you will have to change the script parameters to -lets say-: 1000 kb/s down and 200 kb/s up. This does indeed mean that you somewhat reduce the maximum speed of the line but gain a better responsiveness.

You can change the 'bulk' stream to use all available bandwith when none of the higher priority streams aren't using it (there are examples on how to do this in this thread) to improve efficiency.

Bottom line is: Bandwith management is a tradeoff between raw throughput and smooth streaming.

Hi Styno and thank you for the answer!


I also tried to reduce the upload speed at the script-call (like this: /usr/local/sbin wshaper start eth1 1000 180) and I tried ...

You can see, I've already tried your recommendation. It didn't work, my voice on the phone becomes stuttering, when I do some upload (FTP, SMTP, ...) in parallel. Do you probably have one more idea?

Regards

Robert

EDIT: in the meantime I tested all three possibilities (starting the script with "1000 200" down/upload):

1) filtering by the TOS

# high priority for VoIP traffic
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x68 0xff \
match ip protocol 0x11 0xff \
flowid 1:10

tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0xb8 0xff \
match ip protocol 0x11 0xff \
flowid 1:10

or alternatley 2) filtering by the port (5004, RTP)

# high priority for VoIP traffic
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip dport 5004 0xffff \
match ip protocol 0x11 0xff \
flowid 1:10

or alternatley 3) filtering by the IP

# high priority for VoIP traffic
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip src 192.168.38.2 flowid 1:10

it simply doesn't work - either 1) nor 2) nor 3). Is it time to buy an AVM FritzBox? :(

Ok, Sorry I missed the line where you said you tried low bitrates as well...I also credit you for trying different things yourself!

On topic now: What about the possibility that you try to filter the wrong protocol? Afaik there are several implementations of VoiP (I could be very wrong here).

You can check if you've defined your VoiP child class correctly by watching the packet count: "wshaper status eth1". If you can see that VoiP data is transferred using the VoiP child class and the bulk data is transported using a different class then it is only a matter of shaping the child classes correctly. But when you can see that the VoiP data is sent using the 'catch all/bulk' child class then you need to focus on the correct seperation of VoiP data.

I hope you know what I mean...

Hi Styno and thank you again :)

I seem to think (or to post) as fast as you - see my post above, the EDIT part from yesterday evening. ;) I thougth, that maybe my hardware or my provider didn't implement the service correctly. So I tried to filter depending on type of service, port number, IP address. No way.

Today evening I'll try to use the status parameter of the wshaper and I'll post the results.

So long

Robert

EDIT: after a short VoIP call and an email Tx "wshaper status eth1" shows following:


[admin@(none) sbin]$ wshaper status eth1
qdisc htb 1: r2q 10 default 12 direct_packets_stat 2
statistics truncated
qdisc ingress ffff:
statistics truncated
class htb 1:1 root rate 800Mbit ceil 800Mbit burst 1050044b cburst 1050044b
Sent 1169272 bytes 6044 pkts (dropped 0, overlimits 0)
rate 6702bps 5pps
lended: 0 borrowed: 0 giants: 0
tokens: 8204 ctokens: 8204

class htb 1:10 parent 1:1 prio 0 rate 100Kbit ceil 100000Kbit burst 1728b cburst
129587b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 110592 ctokens: 8294

class htb 1:12 parent 1:1 prio 0 rate 100000Kbit ceil 100000Kbit burst 129587b c
burst 129587b
Sent 1169272 bytes 6044 pkts (dropped 0, overlimits 0)
rate 6715bps 6pps
lended: 6044 borrowed: 0 giants: 0
tokens: 8291 ctokens: 8291

but to be honest, I have a problem to interpret this result... please help :confused:

Hi Akbor,

I just looked through the post-firewall script you attached to your first post. If the second line in this script really reads like:

/usr/local/sbin wshaper start "$1" 1300 320

then you're definately not calling your own customized wshaper script. It should look like this:

/usr/local/sbin/wshaper start "$1" 1300 320

Furthermore, I find the values in the output of the wshaper status eth1 command a bit strange... 800Mbit? 100000Kbit? Are you sure you're calling the script with correct parameters?

Good luck!

Hello martijnvr!

You are right, it's a typing error, I must be blind... OK, this script call from post-firewall has newer worked. But.

I called the script also manually for testing it after changes with:

cd /usr/local/sbin
and then

wshaper start eth1 1000 250
Which script have I called? My modified copy from /usr/local/sbin/ or the other one, unmodified from /sbin/? I think the first one.

Values like "800Mbit? 100000Kbit?" are very suspicious for me too, but I don't know what do they mean exactley.

Regards

Robert

I called the script also manually for testing it after changes with:

cd /usr/local/sbin
and then

wshaper start eth1 1000 250
Which script have I called? My modified copy from /usr/local/sbin/ or the other one, unmodified from /sbin/? I think the first one.If you want to run a script from the current directory then you need to put ./ in front of it. So to start the correct wshaper script, just type in /usr/local/sbin
./wshaper
or (maybe the best option to be sure)

/usr/local/sbin/whaper



Values like "800Mbit? 100000Kbit?" are very suspicious for me too, but I don't know what do they mean exactley.Well 1 MBit is ~1000 x 1kBit and because most internet connections are roughly in the range of 256 Kbit to 10 Mbit, the numbers shown here seem a bit over the top. Which could also be a good reason for your shaping problems.

OK, I seem to be very close to the solution!

I really don't know if I had this stupid error (a space instead of a slash) in the "post-firewall" at the begin, but today I just have made "cat post-firewal" and I've seen the correct path.

In the meantime I found out that a script-call from the command line like

cd /usr/local/sbin
./wshaper start eth1 1300 230
provides good results with my last modification of wshaper (filtering according to IP address). But I think my wshaper-script doesn't start from "post-firewall" correctly. If I change the directory to "/usr/local/sbin" directly after reboot and make "./wshaper status eth1" then I get some strange output like that


[admin@(none) root]$ cd /usr/local/sbin/
[admin@(none) sbin]$ ./wshaper status eth1
qdisc htb 1: r2q 10 default 11 direct_packets_stat 3
statistics truncated
qdisc ingress ffff:
statistics truncated
class htb 1:11 parent 1:1 prio 0 rate 100000Kbit ceil 100000Kbit burst 129587b
cburst 129587b
Sent 1949 bytes 31 pkts (dropped 0, overlimits 0)
rate 45bps
lended: 31 borrowed: 0 giants: 0
tokens: 8291 ctokens: 8291

class htb 1:1 root rate 800Mbit ceil 800Mbit burst 1050044b cburst 1050044b
Sent 1949 bytes 31 pkts (dropped 0, overlimits 0)
rate 45bps
lended: 0 borrowed: 0 giants: 0
tokens: 8204 ctokens: 8204

If I make once call like "./wshaper start eth1 1300 230" I get a correct output like


[admin@(none) sbin]$ ./wshaper start eth1 1300 230
[admin@(none) sbin]$ ./wshaper status eth1
qdisc ingress ffff:
statistics truncated
qdisc sfq 30: quantum 1514b perturb 10sec
statistics truncated
qdisc sfq 20: quantum 1514b perturb 10sec
statistics truncated
qdisc sfq 10: quantum 1514b perturb 10sec
statistics truncated
qdisc htb 1: r2q 10 default 20 direct_packets_stat 0
statistics truncated
class htb 1:1 root rate 230Kbit ceil 230Kbit burst 6Kb cburst 1893b
Sent 108 bytes 2 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 169404 ctokens: 51144

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 230Kbit ceil 230Kbit burst 6Kb cb
urst 1893b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 170962 ctokens: 52702

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 207Kbit ceil 207Kbit burst 6Kb cb
urst 1863b
Sent 108 bytes 2 pkts (dropped 0, overlimits 0)
lended: 2 borrowed: 0 giants: 0
tokens: 188229 ctokens: 55900

class htb 1:30 parent 1:1 leaf 30: prio 2 rate 184Kbit ceil 184Kbit burst 6Kb cb
urst 1834b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 213703 ctokens: 63825

Do I do something wrong? My "post-firewall" is in /usr/local/sbin/post-firewal, it's executable and it contains following code

#!/bin/sh
/usr/local/sbin/wshaper start $1 1300 230

my modified wshaper is in the same directory and it's executable too. See image below.

I've also tried to put $1 in quotation-marks

#!/bin/sh
/usr/local/sbin/wshaper start "$1" 1300 230 with the same result..

Anybody some idea?

Perhaps you still have some invalid shaping settings in the webinterface? The output of the script which you started by hand looks good.

Yes, I have removed all the rules from "Bandwith Management" in the web interface, but I forgot to set the radio button to "No" (Enable Bandwidth Management? (No) ). So I did it and now the startup from post-firewal is working fine.

Result: a slightly modificated wshaper runs on my WL-500g. I still use my last modification - filtering according to the IP of my VoIP device. I think, if I'll have some free time I'll try to filter the VoIP data according to the port or to TOS again. But for the first time I have enough from Wondershaper ;)

Styno, martijnvr I thank you a lot!

CU

Robert

Hello Guys that's me again...

I'll be blowed with the stupid thing. :( I think, wshaper starts now correctly from post-firewall but it still does not prioritize the traffic from my VoIP adapter :(

An example of the status information after reboot:

[admin@(none) sbin]$ ./wshaper status eth1
qdisc ingress ffff:
statistics truncated
qdisc sfq 30: quantum 1514b perturb 10sec
statistics truncated
qdisc sfq 20: quantum 1514b perturb 10sec
statistics truncated
qdisc sfq 10: quantum 1514b perturb 10sec
statistics truncated
qdisc htb 1: r2q 10 default 20 direct_packets_stat 0
statistics truncated
class htb 1:1 root rate 230Kbit ceil 230Kbit burst 6Kb cburst 1893b
Sent 15141 bytes 254 pkts (dropped 0, overlimits 0)
rate 8bps
lended: 0 borrowed: 0 giants: 0
tokens: 169850 ctokens: 51590

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 230Kbit ceil 230Kbit burst 6Kb cb
urst 1893b
Sent 132 bytes 2 pkts (dropped 0, overlimits 0)
lended: 2 borrowed: 0 giants: 0
tokens: 169182 ctokens: 50922

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 207Kbit ceil 207Kbit burst 6Kb cb
urst 1863b
Sent 15009 bytes 252 pkts (dropped 0, overlimits 0)
rate 8bps
lended: 252 borrowed: 0 giants: 0
tokens: 188723 ctokens: 56394

class htb 1:30 parent 1:1 leaf 30: prio 2 rate 184Kbit ceil 184Kbit burst 6Kb cb
urst 1834b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 213703 ctokens: 63825
You can see, few packets were sent in the "high" class 1:10 and in the "middle" class 1:20. Ok, now the same information after a short VoIP call about 3-4 munutes:

[admin@(none) sbin]$ ./wshaper status eth1
qdisc ingress ffff:
statistics truncated
qdisc sfq 30: quantum 1514b perturb 10sec
statistics truncated
qdisc sfq 20: quantum 1514b perturb 10sec
statistics truncated
qdisc sfq 10: quantum 1514b perturb 10sec
statistics truncated
qdisc htb 1: r2q 10 default 20 direct_packets_stat 0
statistics truncated
class htb 1:1 root rate 230Kbit ceil 230Kbit burst 6Kb cburst 1893b
Sent 2493109 bytes 11851 pkts (dropped 0, overlimits 0)
rate 10719bps 50pps
lended: 0 borrowed: 0 giants: 0
tokens: 149147 ctokens: 30887

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 230Kbit ceil 230Kbit burst 6Kb cb
urst 1893b
Sent 132 bytes 2 pkts (dropped 0, overlimits 0)
lended: 2 borrowed: 0 giants: 0
tokens: 169182 ctokens: 50922

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 207Kbit ceil 207Kbit burst 6Kb cb
urst 1863b
Sent 2492977 bytes 11849 pkts (dropped 0, overlimits 0)
rate 10720bps 50pps
lended: 11849 borrowed: 0 giants: 0
tokens: 165720 ctokens: 33391

class htb 1:30 parent 1:1 leaf 30: prio 2 rate 184Kbit ceil 184Kbit burst 6Kb cb
urst 1834b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 213703 ctokens: 63825
The number of packets sent in the "high" class is still the same. How can it be? I wrote the rule for filtering of the VoIP traffic in exactly the same way like the predefined rule for ICMP:

# My code: high priority for VoIP traffic (IP)
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip src 192.168.38.2 flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip protocol 1 0xff \
flowid 1:10
And the rule for ICMP is really working, if I call something like "ping -t www.google.com" after that I'll get following status:

[admin@(none) sbin]$ ./wshaper status eth1
qdisc ingress ffff:
statistics truncated
qdisc sfq 30: quantum 1514b perturb 10sec
statistics truncated
qdisc sfq 20: quantum 1514b perturb 10sec
statistics truncated
qdisc sfq 10: quantum 1514b perturb 10sec
statistics truncated
qdisc htb 1: r2q 10 default 20 direct_packets_stat 0
statistics truncated
class htb 1:1 root rate 230Kbit ceil 230Kbit burst 6Kb cburst 1893b
Sent 2495319 bytes 11885 pkts (dropped 0, overlimits 0)
rate 179bps 1pps
lended: 0 borrowed: 0 giants: 0
tokens: 169404 ctokens: 51144

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 230Kbit ceil 230Kbit burst 6Kb cb
urst 1893b
Sent 1464 bytes 20 pkts (dropped 0, overlimits 0)
rate 37bps
lended: 20 borrowed: 0 giants: 0
tokens: 168960 ctokens: 50700

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 207Kbit ceil 207Kbit burst 6Kb cb
urst 1863b
Sent 2493855 bytes 11865 pkts (dropped 0, overlimits 0)
rate 136bps
lended: 11865 borrowed: 0 giants: 0
tokens: 188229 ctokens: 55900

class htb 1:30 parent 1:1 leaf 30: prio 2 rate 184Kbit ceil 184Kbit burst 6Kb cb
urst 1834b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 213703 ctokens: 63825
ICMP (ping) packets appears in the "high" class and I've sent exactly 18 packets.

I'm really in despair. What can be wrong with my filter rule?

Regards

Robert

Still hung over from last night, I'll give it a silly try:
- Is there a rule above the VoiP rule which could have put the data in the default rule?
Even sillier probably:
- Is the src IP for the VoiP rule correct?

Hi Styno,

I hope you are already better ;) I wish I drank somthing last night, but instead of that I spent my time with Wondershaper :(

- Is there a rule above the VoiP rule which could have put the data in the default rule?
No, I've just inserted only one rule for the IP of my VoIP adapter. My earlier attempts to make a TOS-rule and a PORT-rule are commented out. Just have a look to the wshaper.txt in the attachment.


- Is the src IP for the VoiP rule correct?
The IP is in each case correct, see image below, my VoIP adapter gets the IP from WL-500g over DHCP, but according to its MAC that's always the same (Manually Assigned IP) IP address.

Well gentlemen,

after one more night with Wondershaper I said: "OK, then I'll build my own script with black jack and hookers" :D

So I began a critical review of the built-in wshaper from the Olegs FW 1.9.2.7-7e. I found out, that this script is identical to the HTB example from http://lartc.org/howto/lartc.cookbook.ultimate-tc.html#AEN2241. Of course, more parameters $5, $6, $7, $8 for an interactive script-call, a low-priority class "1:30" and four filter rules for this queue and something more were added by Oleg (or maybe somebody else?).

By the way, I wasn't able to use the class "1:30", I think the filter rules for this class don't work properly. If I called the script in this way:
./wshaper start eth1 1024 256 192.168.38.4 192.168.38.4 or
./wshaper start eth1 1024 256 "" "" "20 21" "20 21" (192.168.38.4 is the IP of my FTP server in my local network) I didn't observe any traffic in the class "1:30" at all. A status-call showed always "Sent 0 bytes 0 pkts (dropped 0, overlimits 0)" in this class. Do anybody disagree in this point?

Well, then I considered following points of the existing built-in script:

-> Why should we spend 100% bandwidth for pings, ssh and acknowledges? I think, for my purpose (1 channel VoIP) and these all things together 50% (128 kbit in my case) at least are enough.

-> Why we don't use "rate" and "ceil" for min. (guaranteed) and max. (if available) data rates?

-> How can it be, that we have a "stochastic fairness" and three concurrent classes with 100%+90%+80% (= 270% in worst case?!) guaranteed rate?

-> Why do the bulk class and the low-prio class have the same prio = 2?

-> Why do all rules in the high-prio class have the same prio = 10?

-> Why do the rules in the low-prio class have priorities 14, 15, 16, 17?

-> Why does the default rule for the bulk class have the prio = 18?

So I tried to redefine the three classes. The high-prio class will get prio 1 and a bandwidth of 50% to 100%, the bulk class will get prio 2 and 40% to 100% of the bandwidth, the low-prio class will get prio 3 and the rest (10%-100%) of the bandwidth. The sum of the (guaranteed) rates is 100% exactly:

+-------+
| qdisc |
+-------+
|
+---------------------------------------+
| root class 1:1 |
| rate 100% / ceil 100% |
+---------------------------------------+
| | |
+-------------+ +---------------+ +-------------+
|hi class 1:10| |main class 1:20| |lo class 1:30|
| rate 50% | | rate 40% | | rate 10% |
--| ceil 100% |--| ceil 100% |--| ceil 100% |--
| | prio 1 | | prio 2 | | prio 3 | |
| +-------------+ +---------------+ +-------------+ |
| ^ ^ ^ |
---------(------SFQ--------(-----------------(---------
| | |
+------------+ +------------+ +------------+
|filter rules| |filter rules| |filter rules|
|tc filter...| |tc filter...| |tc filter...|
+------------+ +------------+ +------------+

Then after countless experiments with different filter rules I found only one working way to prioritize my VoIP-tarffic:

# high priority for VoIP traffic (by Port)
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 5004 0xffff \
match ip protocol 0x11 0xff \
flowid 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 5060 0xffff \
match ip protocol 0x11 0xff \
flowid 1:10
My mistake (see recent posts) was, that I used the destination port "dport" in the rule. With the source port "sport" it works really. Now I use 5060 for SIP signalling and 5004 for RTP stream because my ATA really uses these ports. Of course they can vary depend on the VoIP hardware and provider. Now I can see an increasing number of packets in the status output when I phone! Yess!

The rule containing the TOS (0x68 for SIP, 0xb8 for RTP ??) doesn't work with my VoIP adapter. I don't know exactly why, but I suppose that my adapter doesn't write the TOS to the outgoing packets correctly. I left this rule in the script although, maybe it will work with an other adapter. EDIT 29.08.06:Today I found out, my supposition was correct. I found a configuration field for my VoIP adapter "QoS Layer3" initialized by default with 48 decimal. I didn't know that QoS Layer3 bases on TOS. Now I set this field to 184 (0xb8) and it seems to work correctly with Wondershaper.

The rule containing the source IP doesn't work at all. And I don't have any idea why. I removed this rule from my script.

I gave some different priorities for rules in the high-prio class: prio 1 for VoIP-rules and for ICMP, because I think ICMP produce only few traffic; prio 2 for acknowledges, etc.; prio 3 for ssh.

I corrected the rule priority in the bulk class to 1, but I think it doesn't matter, because there is only one rule.

I didn't have any time yet for experimenting with the low-prio class. I can only say, I couldn't get it working at all. I don't use any filesharing clients, maybe if I'll have some time, I'll write some rule for slowing down my FTP server in this class, so I'll get more priority for SMTP uploads...

I didn't have time for an intensive test yet, I can only say my modified script seems to work ;)

My values for bandwidth and prio may be suboptimal - so I am pleased about your (fair!) comments and suggestions!

be good

Robert

Nice to see you got the hang of it, akbor. Good job! :)

Hi, I want to add my bit to the description of "configuring" wondershaper.

Background


+-------------+
| cable modem |
+-------------+
|
+--------+
| wl500g |
+--------+
/ \
/ \ wire
/ \
+----+ +---------+
| PC | | NSLU2 |
+----+ | storage |
+---------+


on the NSLU2 storage, I have (among other services available only locally) a web server with PHP and MySQL visible from outside world. On the PC I sometimes want to use Skype while browsing the web or downloading or such. As my bandwidth is limited to 1024/128 (give or take), it was sometims impossible to keep a good connection for Skype. Also I wanted the web site to be reasonably accessible while I was doing something else.

Approach
I mainly used the approach of akbor (thanks a lot) with some modifications:



+-------+
| qdisc |
+-------+
|
+---------------------------------------+
| root class 1:1 |
| rate 100% / ceil 100% |
+---------------------------------------+
| | |
+-------------+ +---------------+ +-------------+
|hi class 1:10| |main class 1:20| |lo class 1:30|
| rate 50% | | rate 40% | | rate 10% |
--| ceil 100% |--| ceil 100% |--| ceil 100% |--
| | prio 1 | | prio 2 | | prio 3 | |
| +-------------+ +---------------+ +-------------+ |
| ^ ^ ^ |
---------(------SFQ--------(-----------------(---------
|
/ \-----------\
/ \
+-------------+ +-------------+
|subclass 1:11| |subclass 1:15|
| rate 40% | | rate 2kbit |
| ceil 100% | | ceil 12kbit |
+-------------+ +-------------+


* The class 1:11 is used for all high priority traffic as in akbor's example including the outgoing web service (well, my web traffic is very low, it's only for personal purposes, for friends and so)
* The class 1:15 is obviously the one used for Skype. I setup the Skype so it uses only the port 41100 and let this port in both UDP and TCP service go to this class (but I think the UDP would be enough)
* I also hardcoded a 54321 port for torrents to go to 1:30 part.

The code
only the additions for Skype are here


tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 41100 0xffff \
match ip protocol 17 0xff \
flowid 1:15
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 41100 0xffff \
match ip protocol 0x11 0xff \
flowid 1:15


and for the local web server:


tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 80 0xffff \
match ip src IPADDR \
flowid 1:11

where IPADDR is the IP address for the WAN side - that is the IP address assigned to you by your ISProvider. I have yet to figure out the way to update this address automatically with my DynDNS update, though. For the time being, the address is being hardcoded.

Result
So far, this seems to work rather well. I tried these proceses simultaneously:
* downloading a large file from the internet
* uploading a file to internet
* Skype-phoning a friend
* the friend being asked was accessing my website on the NSLU2 machine
* browsing the web

The Skype communication was without any significant drops (as was without wshaper), the pages served to my friend were almost as fast as without any other activity (the limiting factor here is the speed of the NSLU2, not the connection speed). The other activities were slowed accordingly. I'd describe that as a success.

I hope this will help someone coping with a similar task.

remarks
I'm greatly delighted by the possibilities of the small beast (wl500g). I've had it for more than a year, only 1month ago did I install Oleg's firmware. Just plain great. When combined with possibilities of custom firmware in NSLU2 www.nslu2-linux.org (http://www.nslu2-linux.org/), it is a combination with great potential on a very low short and long term budget

Jiri

Interesting setup. A question:
Why aren't you putting webserver traffic into 1:20 or even 1:30 and Skype into 1:10 and let it borrow bandwith from 1:10 when it's available. This seems to me like a much simpler approach and it doesn't limit Skype as much (it can then use as much as needed).

Also, putting webserver traffic into the high priority class will potentially slow down ICMP traffic I guess.

Styno,

the web server running on NSLU2 is just for personal purposes, there is nothing for general audience. Therefore the traffic there is very very low. Most of the time the bandwidth is consumed by different tasks (if at all). Yet I wanted to allow the pages being served to go out right away - so the high priority. The content of the pages is in rather small files, there is nothing larger then a hundred kb, so if it slows ICMP for awhile, it is not such a big problem.

But you might be right about the web traffic, I might consider moving it to prio 2 category, though... I'll see how the configuration behaves for a while...

Jiri

@poutnik

Hi Jiri and welcome to the "wshaper-club" ;)

I've only few points:


+-------------+
|subclass 1:15|
| rate 2kbit |
| ceil 12kbit |
+-------------+
I think, you are wasting a little bit of your uplink speed. In this sub-class the rate can be 10% or hard-coded ca. 11.5 kbit (10% from 128kbit*0.9).

Are 2 kbit really enough for using skype? That's guaranteed speed in your class 1:15!



tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 41100 0xffff \
match ip protocol 17 0xff \
flowid 1:15
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 41100 0xffff \
match ip protocol 0x11 0xff \
flowid 1:15
That's exactly the same rule twice. 17 = 0x11 = udp. If you wanted to filter the TCP traffic too, just use 6 = 0x6 = tcp.



tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 80 0xffff \
match ip src IPADDR \
flowid 1:11
Does that really work? I think, the source IP for you outgoing WEB traffic isn't your public IP, but the private IP of yours WEB server (NSLU2? I don't know this device). If you really need to filter the traffic according to your public IP, you can mask the IP in the same way like a port:

tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip sport 80 0xffff \
match ip src 215.145.75.0/24 \
flowid 1:11
that schould filter all packets from host (just for example!) 215.145.75.0 - 215.145.75.255, port 80. Or alternatley you can try to mark the packets from your IP with iptables:

tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 6 fw flowid 1:11
iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark 6

take a look at http://lartc.org/howto/lartc.qdisc.filters.html!

good luck!

Robert

akbor, thanks for your ideas and hints. In the meantime I modified the script a bit.

I made 4 classes:
1st - top priority, with 2 subclasses. 1:11 for ICMP, SSH is unlimited; 1:15 is for Skype. [the 1:15 has rate 16kbit ceil 32kbit - the 12kbit was too low and causing dropouts] akbor - what if I set the basic rate to 0 (zero) here? And as the traffic for Skype only grows when I actually phone and in this case the allocated bandwidth can grow, I think that I can set a very low basic rate. Or am I wrong?

2nd - almost top ;) - for the outgoing web pages. And yes, as I monitored the traffic on eth1 with iptraf, the traffic is correctly ascribed to the public IP. Because the NAT has already taken place and translated the packets from my private 192.168.1.xxx address to the public with 82.242.xxx.yyy. If I were monitoring (or limiting) the eth0 side, then I'd have to use the private 192... address. This approach is also verified by the output of "./wshaper status eth1" rising the count for correct class - I tried it from outside, while working through SSL tunnel (btw. over the most restrictive corporate password protected proxy allowing only ports 80 and 443 to go through).

3rd - general traffic

4th - the low priority traffic (like outgoing torrents. Btw., I limited it rather firmly for upload too - with ceil).

Thanks for hinting the cloud over my brain - I know 0x11 is 17, but sometimes even the thoughts-train has dropouts. The duplicity could be removed. But by this (unwanted) test I assured that only the UDP setting is necessary. Thanks again.

I also thought of the iptables filter, but in this field I'm still a beginner so I chose the easier approach. I'll test it in due time and post my impressions then...

akbor, sorry for not replying to your question. Again a cloudy brain after a long day :D

NSLU2 - that is another wonderful device - a NAT from LinkSys called NSLU2. It has a very low power consumption (around 1W according to measurements), is small (the size of a pack of cigarettes), has 2 USB2.0 ports and 1 100Mbit LAN port, a little more computing power than the WL500g (the bogoMIPS for wl500g is ~83, for NSLU2@266MHz is ~263), costs something like U$100 or 70€. And it can be taught Linux quite easily - and if you like, even in flavours like Debian or Gentoo. If you are interested, really do have a look at www.nslu2-linux.org (http://www.nslu2-linux.org/), but be prepared to spend a long time browsing the site. It as packed with ideas as these forums are.

For your idea, mine runs as samba/nfs storage, squid proxy server, lighttpd web server with PHP, MySQL database. And the webpages are complex and heavilly dependent on MySQL and PHP - it's a genealogy suite based on the phpGedView (http://www.phpgedview.net/).

The little beast is equiped with 32MB RAM, 4MB flash, an IXP420 processor running at 133MHz from factory. With a very very simple modification, you can de-underclock it to 266MHz (for more info on this, have a look at this site (http://www.nslu2-linux.org/wiki/HowTo/OverClockTheSlug)) - I had to do this modification. As of some recent reports, it will come running at 266MHz from the factory, so no modifications may be needed...

Jiri

what if I set the basic rate to 0 (zero) here? And as the traffic for Skype only grows when I actually phone and in this case the allocated bandwidth can grow, I think that I can set a very low basic rate. Or am I wrong?

Well, the problem is, that in this case your skype doesn't have any guaranteed bantwidth and the class 1:15 always borrows the bandwidth from the others. If all other classes are working to their full capacity, then 1:15 can only borow the bandwith 1:10 - 1:11. That's -I think- almost the same as when had a rate of 1:10 - 1:11. But with a little difference - this rate isn't guaranteed, I really don't know whether the HTB + SFQ work *perfectly* or not. That's my theory :)

Then, if your NAT really replaces the private IP in the outgoing packets trough the public IP, then you could try to mask the IP with /24 as I said. Maybe you helped me in this point, because I didn't have any success with filtering the traffic by the private source IP yet. Maybe that's caused by NAT of the devices in my private network. In each case I should check this issue, thank you for your idea!

Well, you've defined four top-classes in parallel. Are you sure that "prio 4" does work correctly? I think, I read somewhere, that the prio of the classes can only be 1 to 3. I don't know, whether this information is correct or not. Or maybe you have two classes with the same prio?

be good

Robert

I didn't know that only prio 1-3 are working, I defined the least priority as no.4. At the moment, there are no torrents being processed, so the 1:30 class is empty. I'll check that.

As for the NAT translation, I spent a whole evening figuring that out - different filter rules, iptraf running all the time. I recommend try also the iptraf utility, it's very useful if you want to figure what is going on...

Jiri

akbor, I have checked the documentation and examples on the lartc.org site and I wonder why you have changed all the policy rules from CBQ to HTB? I'm just starting to study these thinks so as to better define my QoS.

I've never changed the queue from CBQ to HTB! The HTB queue was used in wondershaper from the beginning!


As said before, CBQ is the most complex qdisc available, the most hyped, the least understood, and probably the trickiest one to get right.

I think, that was the reason for using the HTB queue.

Be good

Robert

Yeah, I read only the first chapter with CBQ, then I found out it had also the version with HTB...

In the meantime, I'm working on marking the packets with iptables, but it doesn't come out well so far. Please could you check my setup?



iptables -t mangle -A PREROUTING -p tcp -m tcp -s 192.168.1.xxx --sport 80 \
-j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p tcp -m tcp -s 192.168.1.xxx --sport 80 \
-j RETURN

where 192.168.1.xxx is the private IP address of my NSLU2 unit (see diagram in my previous posts). I do add the second command because I intend to set the same set of rules also for ports 8080 and 8000, and then assign all ports above 1000 mark 0x2 (apart from those 8080 and 8000 already marked 0x1)

then in wshaper I try this command


tc filter add dev $DEV parent 1:0 protocol ip prio 1 handle fw 1 flowid 1:21

but the output from the wshaper script for this particular line is


RTNETLINK answers: Invalid argument

What is wrong? What did I do wrong?

My above problem solved. It is not possible to mix iptables mark with tc u32 match rules assignment for the same class.

But it still doesn't work well. Even if I try to mark packets as described above, the counter for the 1:21 class doesn't go up. Even if I change the marking rules to


iptables -t mangle -A OUTPUT -p tcp -m tcp -s 84.42.xxx.yyy --sport 80 -j MARK --set-mark 1
or anything different. In short either the iptables doesn't mark the packets, or the tc rules don't read the mark. I have spent more than 5 hours trying to solve this and still nothing...

Can anyone with working iptables marking and corresponding tc rules help? Thanks a lot

Jiri

Hey guys,

I have a quite separate question on QoS. I want to use my Asus wl500g(x) as a bridging mode device with QoS, ie I want to connect to the LAN side of an existing router and perform QoS without making any IP level 3 routing changes to the LAN. Is that possible ? I have prepared to make source level changes and introduce additonal packages.

To be specific and clearer, this shall be a one-LAN-in-one-LAN-out device, one end connected to the LAN-side of an existing Firewall/Router ( hopefully this can be the WL500g WAN port ), and the other end can either be connected to the HUB or can be connected straight to LAN computers.

Cheers.

Hmmm maybe this is what I will try :-

1) add vlan1 into bridge br0
2) perform shaping on vlan0 and vlan1 respectively.

Wish me good luck and appreciate your comments.

Hey,

I have a fully working wl500gx, with Oleg's 1.9.2.7 firmware, with an USB harddisk and swap partition. I'm running enhanced-ctorrent on it.

My problem is that enchanced ctorrent eats up all the bandwidth. If I limit the upload bandwidth (-U switch), it more or less works, however, there are big spikes every 4-5 seconds (~500ms ping time), then they go back to 20-40. These sudden spikes really makes skype go crazy, and also, I'm limiting torrent upload to 20Kbyte/s, while I have ~30Kbyte/s upload bandwidth (what a waste :( ). So I went and started wondershaper like this:

/sbin/wshaper vlan1 3600 220

(My net connection is 4M down, 256k up - I know, I know. It was chosen by the HR department)

Of course this alone doesn't help much, so I checked the wshaper script and saw that tagging TOS to 0x10 (lowest latency) puts everything into the 1st priority queue. So I inserted a rule on my desktop PC:

iptables -t mangle -A PREROUTING -j TOS --set-tos 0x10

This has helped a lot, ssh connections are blazing fast, ping is down to 20-40 all the time despite enchanced-ctorrent is uploading ~20Kbyte/s.

This is good, BUT:
If I start an upload (like scp'ing something to a remote server or send an email), enchanced-ctorrent stays at ~20Kbyte/s upload and scp/email is sent with ~10Kbyte/s, despite the TOS field mangling. I don't get it! All traffic from the desktop pc gets the 0x10 TOS bit set because of the mangling rule, and the wshaper puts every such packet into the first, high priority queue. How come it doesn't work then?

Any help would be appreciated!

I don't own a WL-500gx but what happens if you use eth0 or eth1 (whichever is the WAN port)?

I don't own a WL-500gx but what happens if you use eth0 or eth1 (whichever is the WAN port)?

Well, since the vlan1 interface has the WAN IP, I supposed putting the wondershaper there would work.
But yesterday I tried what you were suggesting (putting wondershaper on eth0, as eth1 had 0 rx and tx bytes), and it didn't work - it also slowed down the connection between my desktop and the router.

Any other ideas?

Hi all,
I wonder if it's just me or if some other people face the same issue.
When trying the script from
http://www.voip-info.org/wiki/view/QoS+with+Linux+using+PRIO+and+HTB
I run into the problem implementing PRIO qdisc.
The script line
tc qdisc add dev eth1 root handle 1: prio bands 2 priomap 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
fails stating
RTNETLINK answers: Invalid argument

I suspect the prio qdisc type is not implemented in our wl500g firmware. Can anybody
elaborate on this?

Tx,

Molsak

Hello everyone,

After some research, I've managed to create a script which actually works. Now enhanced-ctorrent client runs on wl500g without setting any upload limit, still, my pings are <100ms and my desktop has priority over bittorrent traffic (skype, ssh, etc... are fast).

I ended up modifying the wondershaper script heavily. It had a few bugs in it (did it ever work for anybody?).

So, here's how it's done.
First, I added 3 new lines to my /usr/local/sbin/post-firewall:



ip link set dev $1 qlen 30
iptables -A PREROUTING -t mangle -s 10.0.1.0/30 -j MARK --set-mark 6
/usr/local/sbin/wshaper start $1 3600 240


The first line sets the queue length to 30 - you can play around with this value, I found it to be good (though this is not a thorough experimentation).
The second line marks all packets coming from my desktops, so they can get a higher priority than the rest of the traffic (which is basically bittorrent running on the wl500g itself). Don't forget to adjust the netmask to match your desktops you want to prioritize.
The third line starts the modified wondershaper script, which I've put into /usr/local/sbin. The '3600' is the allowed download rate, and the '240' is the allowed upload rate. Set these values to roughly 5% less than your real network speed. There is _absolutely_ no need to go lower than 90% of your bandwidth (I'm saying this because I've found some sources on the net which say you should set it to 50% of your total bandwidth, but that's nonsense, most probably caused by not disabling bursting/throttling).

Now, here's the /usr/local/sbin/wshaper script:


#!/bin/sh

DOWNLINK=$3
UPLINK=$4
DEV=$2

if [ "$1" = "status" ]
then
tc -s qdisc ls dev $DEV
tc -s class ls dev $DEV
exit
fi


# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

if [ "$1" = "stop" ]
then
exit
fi

###### uplink
# install root HTB, point default traffic to 1:30:

tc qdisc add dev $DEV root handle 1: htb default 30 r2q 1

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:

tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 1 cburst 1

# high prio class 1:10:

tc class add dev $DEV parent 1:1 classid 1:10 htb rate $((6*$UPLINK/10))kbit ceil ${UPLINK}kbit burst 1 cburst 1 prio 0

# desktop class 1:20

tc class add dev $DEV parent 1:1 classid 1:20 htb rate $((3*$UPLINK/10))kbit ceil $((9*$UPLINK/10))kbit burst 1 cburst 1 prio 1

# bulk data/bittorrent class 1:30

tc class add dev $DEV parent 1:1 classid 1:30 htb rate $((1*$UPLINK/10))kbit ceil $((8*$UPLINK/10))kbit burst 1 cburst 1 prio 2

# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip tos 0x10 0x10 flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 1 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# prioritize small packets (<64 bytes)
tc filter add dev $DEV parent 1: protocol ip prio 1 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
flowid 1:10

# from desktops - mark 6
tc filter add dev $DEV parent 1: protocol ip prio 20 handle 6 fw flowid 1:20

########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:

tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1



It pretty much works.

A thing which has caused me quite a bit of trouble. By default, wondershaper does allow throttling (aka bursting), which is basically allows any queue (including the bittorrent one) to pass all the shaping and go directly to the network interface, until it's tokens are used up (read some docs about htb if you want to know more). This clogs the upload link, killing off any interactive traffic every 10-30 seconds (this is how much time the buckets need to refill). That's why I needed to add the cburst and burst options to the class definitions.

This shaper also honors the TOS minimize delay bit, and puts every packet which matches that to the highest priority queue. You can set the minimize delay bit in the prerouting chain, mangle table on your wl500g, or directly on your desktop.

What about local traffic?

When we set traffic shaping we set may upload/download limit. Is this also affecting local traffice (eg. local FTP or samba sharing)?

I want to set shaping only for internet link and don't want to shape local traffic. But anyway, how to set different roules for LAN and WAN? (maybe choose different interface??)


Thanks

What about local traffic?

When we set traffic shaping we set may upload/download limit. Is this also affecting local traffice (eg. local FTP or samba sharing)?

I want to set shaping only for internet link and don't want to shape local traffic. But anyway, how to set different roules for LAN and WAN? (maybe choose different interface??)


Thanks

As far as i can remember that is decided by the "port"/"adress" vlan0 or vlan1 or something simular, which i think is the adress to the physical wlan port on the router. Been over a year since i played around with this.

Hi guys and girls :-)

I am about to start playing with wondershaper to obtain the following result: VOIP must never be interrupted. P2P traffic must not significantly slow down webbrowsing.

As I see it I need three classes, one high priority for VOIP, one low priority for P2P and one normal priority for everything else. My internet connection is 2048/256. I can most probably put together the script that I need in order to do this from the different posts in this forum. But I still have a few questions regarding the script:

1) From what configuration file do I run the script?
2) Does it matter if it is loaded before or after other stuff (i.e. does the sequence during the boot matter)?
3) People are talking something about post-firewall. What does that mean?

BR,
René

Hi again,

I am still looking at the wondershaper stuff, I have gone trough a lot of information regarding the topic. Anyway, just a small question for the default /sbin/wshaper script. I am trying to decode it for my understanding. Anyway this line:

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20

tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
match ip dst 0.0.0.0/0 flowid 1:20
Is that at all neccessary? The HTB root qdisc is created earlier in the code:

tc qdisc add dev $DEV root handle 1: htb default 20
It already directs the packets that doesn't meet any filtering criteria to the 20 class, so isn't the filter doing what would have been done anyway? Maybe it is a leftover from a CBQ queing script?

I hope someone takes the time to answer, I am really trying hard to understand what is going on!

Thanks in advance :-)

BR,
René

Hi René,

you don't need this default filter rule, all not filtered packets should be routed to the defaut class automatically by the definition.

It's quite easy to test that - just comment out this filter rule and check your traffic with
wshaper status eth1 ;)

To your earlier questions - you will find all this information in this thread and on the WIKI page linked in the first post of this thread.

Be good

Robert

Hi again;


you don't need this default filter rule, all not filtered packets should be routed to the defaut class automatically by the definition.

OK, thats what I thought. I was just affraid that there were something I didn't understand (well there is something I don't understand, just not that).


To your earlier questions - you will find all this information in this thread and on the WIKI page linked in the first post of this thread.

I'm sure I will - but the wiki is down so I am a bit on my own here :-(
Anyway, thanks for your time :-)

BR,
René

Hi Guys,


As I see it I need three classes, one high priority for VOIP, one low priority for P2P and one normal priority for everything else.

I just figured out that putting P2P in the low priority class will be a bit difficult since there is nothing to filter it on. E.g. eMule will use all kinds of different ports, so I can't filter on that, and neither can I filter on IP since my PC then will be slowed down for everything. The way I see it is that I have to set the default class to the third priority, and the filter web traffic/mail/ftp etc. to the second priority. From my point of view that is not ideal either.

Actually I have also found a better way of filtering the p2p traffic. It is possible to mark p2p traffic using this: http://www.ipp2p.org/, and then filter it using fw. Does any of you guys have the possibility to compile this for the WL500g?

Thanks,
René

Hi again

I am trying to filter the traffic from one specific ip address on my LAN to go in the highest priority. I can't make it work, but I can't see that I am doing anything wrong. here is the code:

tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip src 192.168.1.2/32 flowid 1:10

I have made a tcpdump of the traffic:

20:16:44.965554 IP XXX.130.73.208.42826 > 192.168.1.2.16404: UDP, length: 32
20:16:44.972403 IP 192.168.1.2.16404 > XXX.130.73.208.42826: UDP, length: 32
20:16:44.987044 IP XXX.130.73.208.42826 > 192.168.1.2.16404: UDP, length: 32
20:16:44.992338 IP 192.168.1.2.16404 > XXX.130.73.208.42826: UDP, length: 32
20:16:45.005043 IP XXX.130.73.208.42826 > 192.168.1.2.16404: UDP, length: 32
This is the traffic going back and forth while I am making a VOIP call (ATA adapter on 192.168.1.2). Do you see any reason why this shouldn't work?

BR,
René

tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip src 192.168.1.2/32 flowid 1:10

Just as an aditional note: replacing "ip src 192.168.1.2/32" with "match ip dport 80 0xffff" will move outgoing web traffic to class 1:10, so I know the rest of the script works. So my question is, what is wrong with "match ip src 192.168.1.2/32"?

Thanks in advance!

BR,
Ren&#233;

Hi again,



This is the traffic going back and forth while I am making a VOIP call (ATA adapter on 192.168.1.2). Do you see any reason why this shouldn't work?

It looks like the source filter doesn't work for some reason. Anyway, I made it in another way now and this works:

iptables -t mangle -A POSTROUTING -s 192.168.1.2 -j MARK --set-mark 1

tc filter add dev $DEV parent 1: protocol ip handle 1 fw \
flowid 1:10
BR,
René

Hi Gents,

I think, I need your help again. Today I tried my wshaper-script (which is successfully running on my WL-500g) on a WL-500g Premium (WL-500gP).

Problem #1: the script seems to have problems with starting form "/usr/local/sbin/post-firewall". If I make a telnet-connection to the WL-500gP and type


cd /usr/local/sbin
./wshaper status eth1

nothing happens. But I can start the scripts manually from the command line by typing e.g.


./wshaper start eth1 1000 230

and then it responses the status.

Problem #2: the script is exactly the same, that is running on my WL-500g, but it doesn't prioritize the VoIP-traffic (from the same VoIP-HW of course) on the WL-500gP. In the status message the count of sent bytes/pakets trough the hi-prio class stays low and doesn't increase if I phone over IP.

I'm baffled... Does anybody have some experience with WL-500gP or at least some idea? Maybe the right interfaces name isn't "eth1" but something else for WL-500gP? I use a DHCP IP connection over the WAN port to my cable modem.

BR

Robert

./wshaper start eth1 1000 230

Are you sure you want to put in eth1 there? As far as I remember the interfaces have been moved around on the new WL500. Try to look at earlier post regarding this.

BR,
René

Ups, I've already solved it :D Wshaper was working all the time on the WL-500gP, but I asked the wrong interface for status! The right WAN interface is in my case vlan1, I got it out by using ifconfig. Don't panic... :)

BR

Robert

What would be the best way to limit 1 internal IP but keep the speed for the internal net?

# 192.168.0.9 should get an up/down like 10k/50k to the external net
# internal net - 192.168.0.x transfers (also to 192.168.0.9) have to run on 100MBit
# all other hosts will still run on defaults

edit the /sbin/wshaper or in the post-firewall?

running on WL500g default config
network changed to 192.168.0.x

Thanks in advance!

Mike

Hi Mike,

you cannot edit /sbin/wshaper, that part of the FS is read only. You should copy the wshaper "template" from /sbin/ to /usr/local/sbin and edit it there.

Theoretically you need a filter rule in the wshaper like that:

tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip src 192.168.0.9 \
flowid 1:30

But I am afraid that it will not work correctly. Alternatively you can try to use iptables for marking the pakets from 192.168.0.9.

Regards

Robert

I've started using wshaper and it works very well.

I have "only" one problem with it.

I don't know, really don't know how can I prioritize not only one, but a range of ports. I've searched by google, but only saw examples that really not do the same (as I see).

So, if I try (for example) to get FTP transfers work and I want to prioritize ports 1024-5000 (the ports 20 and 21 are already prioritized), what I have to do?

I tried:

tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
match ip sport 1024 0xf077 flowid 1:21

tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
match ip dport 1024 0xf077 flowid 1:21

and

tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
match ip sport 1024 0xf88 flowid 1:21

tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
match ip dport 1024 0xf88 flowid 1:21
But it seems they don't working.

The FTP client tried to connect on port 3xxx.

Please, somebody tell me how can I use that mask to get working.

I spent very much time on searching but I don't know what would I have to do.

Please, someone write me the method.
I'm not as stupid as it seems...

Just an example for masking:

1024 0xfc00 will prioritize a range of 1024... 2047
2048 0xf800 will prioritize a range of 2048... 4095
4096 0xfc00 will prioritize a range of 4096... 5119

If a mask bit is zero, then the corresponding port bit is "don't care" for filtering.

Regards

Robert

Thank you your answer.

Hmm...

Then I think

1024 0xf077 will prioritize a range of ports 1024...5000
...as it was in my first try. Is it O.K.?

...but I don't know why didn't it work.

I tried again but it seems still not working.

I think I will work on it yesterday.
I hope I am not too far from the solution...

Then I think

1024 0xf077 will prioritize a range of ports 1024...5000
...as it was in my first try. Is it O.K.?

Definitely not! Let me explain:

1024 = 0x400, so we have

port 0x0400
mask 0xf077

or in binary

port 0000.0100.0000.0000
mask 1111.0000.0111.0111

===> 0000.xxxx.x000.x000 will match the rule (x = "don't care")

now let me demonstrate you a couple of ports matching your rule:

0000.0000.0000.0000 = 0x0
0000.0000.0000.1000 = 0x8
0000.0000.1000.1000 = 0x88 = 136

and the largest one is:

0000.1111.1000.1000 = 0xf88 = 3976

Do you undestand?

Regards

Robert

This is more complicated than I thought. :-(

You said:

1024 0xfc00 will prioritize a range of 1024... 2047
so:

0000 0100 0000 0000
1111 1100 0000 0000

0000 00xx xxxx xxxx
0000 0011 1111 1111 is a max port of 1023
Is that for ports 1024 to (1024+1023=2047)?

2048 0xf800 will prioritize a range of 2048... 4095
so:

0000 1000 0000 0000
1111 1000 0000 0000

0000 0xxx xxxx xxxx
0000 0111 1111 1111 is a max port of 2047
Is that for ports 2048 to (2048+2047=4095)?

4096 0xfc00 will prioritize a range of 4096... 5119

0001 0000 0000 0000
1111 1100 0000 0000

0000 00xx xxxx xxxx
0000 0011 1111 1111 is a max port of 1023
Is that for ports 2048 to (4096+1023=5119)?

I tried:
1024 0xf000 (ports 1024 to 5119?)
so:

0000 0100 0000 0000
1111 0000 0000 0000

0000 xxxx xxxx xxxx

I'm don't understand how is the port range depends on the specified port number.

I think :) my mask is from 0 to 4095.

How is the lower '1024' ports limit working?

Is the 1024 to (4095+1024=5119) formula ok?

I hope you have enough patiente for me...

I said, if the mask bit is zero, the port bit is "don't care"

1024 0xfc00 will prioritize a range of 1024... 2047, so:

port 0000 0100 0000 0000
mask 1111 1100 0000 0000

===> 0000 01xx xxxx xxxx

so the min. range is
0000 0100 0000 0000 = 0x400 = 1024

the max. range is
0000 0111 1111 1111 = 0x7ff = 2047

you have made the same error in all three examples!


I tried:
1024 0xf000 (ports 1024 to 5119?)
so:
0000 0100 0000 0000
1111 0000 0000 0000

0000 xxxx xxxx xxxx

That doesn't make sense! You have masked the '1' of 1024 out, so the min. range cannot be 1024. And you are right, it's really zero.

What I tried to explain you, you cannot define a range of 1024... 5000 in only one rule by using masking. You will need a couple of rules, to do it exactly. But you can go the "lazy way" and define a range of 1024... 5119 with only three rules ;)

Regards

Robert

P.S.: Did you already read http://lartc.org/howto/ ? Maybe there is a syntactic way to define a "real" port range like "from <min. port> to <max. port>"...

Hello!

I'm using wonder shaper script, but I have 2 problems.
1. whaper script doesn't start automatically
2. all traffic goes to default class 1:30

I 've costumized it for myself. Template was Akbor's script.

So, my steps were
1. mkdir -p /usr/local/sbin
2. "copy wshaper to /usr/local/sbin and edit it"
3. touch /usr/local/sbin/post-firewall
4. chmod +x /usr/local/sbin/post-firewall
5. "edit post-firewall"
6. flashfs save
7. flashfs commit
8. flashfs enable
9. reboot

post-firewall script
#!/bin/sh
/usr/local/sbin/wshaper start "$1" 1000 230

But when I type /usr/local/sbin/wshaper status eth1 nothing is happend.
If I start wshaper manually /usr/local/sbin/wshaper start "eth1" 1000 230 wshaper starts, but there is another problem: all traffic goes to class 1:30, which is my default class. If I send ping or if I'm browsing there is still no traffic in class 1:10 or 1:20 (I look sent and lended; is this rigth? both numbers are zero) . I tried to change my default class to 1:20 and then all traffic goes there, so some part of my script is working.
I don't know what I'm doing wrong.

I've read all links about wshaper, discussion about wshaper and still cannot figure what is wrong.
Dont' look numbers for speed, I'll play later with them, when everything else will work fine.

So, I have WL500g with Oleg's FW 1.9.2.7-6b. Connection is ADSL 1Mbit/256Kbit.
I turned off bandwith managment in web interface and delete all rules.

My wshaper script:


#!/bin/sh
# Wonder Shaper, last modified by Doc
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be shaped.

DOWNLINK=$3
UPLINK=$4
DEV=$2

# low priority OUTGOING traffic - you can leave this blank if you want
# low priority source netmasks
NOPRIOHOSTSRC="$5"

# low priority destination netmasks
NOPRIOHOSTDST="$6"

# low priority source ports
NOPRIOPORTSRC="$7"

# low priority destination ports
NOPRIOPORTDST="$8"

if [ "$1" = "status" ]
then
tc -s qdisc ls dev $DEV
tc -s class ls dev $DEV
exit
fi

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

if [ "$1" = "stop" ]
then
exit
fi

########## uplink ##########

# install root HTB, point default traffic to 1:30:
tc qdisc add dev $DEV root handle 1: htb default 30

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit \
ceil ${UPLINK}kbit burst 6k

# high prio class 1:10 - gets 50 to 100% traffic and highest priority:
tc class add dev $DEV parent 1:1 classid 1:10 htb rate $((5*$UPLINK/10))kbit \
ceil ${UPLINK}kbit burst 6k prio 1

# normal class 1:20 - gets 40 to 100% traffic and lower priority:
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $((4*$UPLINK/10))kbit \
ceil ${UPLINK}kbit burst 6k prio 2

# lowest priority class (bulk) 1:30 - gets 10 to 100% traffic and lowest priority:
tc class add dev $DEV parent 1:1 classid 1:30 htb rate $((1*$UPLINK/10))kbit \
ceil ${UPLINK}kbit burst 6k prio 3

# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10


# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 2 u32 \
match ip tos 0x10 0xff \
flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 1:10\
match ip protocol 1 0xff \
flowid 1:10

# Browsing
tc filter add dev $DEV parent 1: protocol ip prio 2 u32 \
match ip sport 80 0xffff \
flowid 1:20

tc filter add dev $DEV parent 1: protocol ip prio 2 u32 \
match ip dport 80 0xffff \
flowid 1:20

tc filter add dev $DEV parent 1: protocol ip prio 2 u32 \
match ip sport 430 0xffff \
flowid 1:20

tc filter add dev $DEV parent 1: protocol ip prio 2 u32 \
match ip dport 430 0xffff \
flowid 1:20
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 4 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# some traffic however suffers a worse fate
for a in $NOPRIOPORTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
match ip dport $a 0xffff flowid 1:30
done

for a in $NOPRIOPORTSRC
do
tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \
match ip sport $a 0xffff flowid 1:30
done

for a in $NOPRIOHOSTSRC
do
tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
match ip src $a flowid 1:30
done

for a in $NOPRIOHOSTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \
match ip dst $a flowid 1:30
done

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
#tc filter add dev $DEV parent 1: protocol ip prio 1 u32 \
# match ip dst 0.0.0.0/0 flowid 1:20

########## downlink ##########

# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

Please, help me to figure out what I'm doing wrong.
Thank you in advance.

PS: I noticed that there are no backslashes (\) in my posted script where they should be, but I have them in my "real" script.

@dholliday

Maybe you should use
wshaper status ppp0 for asking the status? Which interface is used for WAN, "eth1" or "ppp0"? Use "ifconfig" to find it out.

Regards

Robert

Akbor,
thank you for your reply.

Yes, it looks like that wan interface is ppp0. Everyone were talking about eth1 and I wasn't thinking too much.

So wshaper is working on ppp0 and rules for classes are also working properly. Now I have to test it well.
But I still don't know which line at ifconfig interfaces tell you, which interface is wan.:confused:


br0 Link encap:Ethernet HWaddr 00:11:1A:D3:G7:9A
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::121:2fff:fde9:a23f/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:332389 errors:0 dropped:0 overruns:0 frame:0
TX packets:279712 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:138723300 (132.2 MiB) TX bytes:182985245 (174.5 MiB)

eth0 Link encap:Ethernet HWaddr 00:11:1A:D3:G7:9A
inet6 addr: fe80::121:2fff:fde9:a23f/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:316202 errors:0 dropped:0 overruns:0 frame:0
TX packets:270799 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:138343464 (131.9 MiB) TX bytes:177984779 (169.7 MiB)
Interrupt:3 Base address:0x2000

eth1 Link encap:Ethernet HWaddr 00:11:1A:D3:G7:9A
inet6 addr: fe80::121:2fff:fde9:a23f/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:252696 errors:0 dropped:0 overruns:0 frame:0
TX packets:279040 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:177370024 (169.1 MiB) TX bytes:135983232 (129.6 MiB)
Interrupt:4 Base address:0x8000

eth2 Link encap:Ethernet HWaddr 00:11:1A:D3:G7:9A
inet6 addr: fe80::121:2fff:fde9:a23f/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17767 errors:0 dropped:0 overruns:0 frame:529
TX packets:103078 errors:194 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:6456856 (6.1 MiB) TX bytes:15657176 (14.9 MiB)
Interrupt:6 Base address:0x2000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:14144 errors:0 dropped:0 overruns:0 frame:0
TX packets:14144 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1200947 (1.1 MiB) TX bytes:1200947 (1.1 MiB)

ppp0 Link encap:Point-Point Protocol
inet addr:195.210.243.164 P-t-P:213.250.18.90 Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:251513 errors:0 dropped:0 overruns:0 frame:0
TX packets:277856 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:170756422 (162.8 MiB) TX bytes:129834799 (123.8 MiB)

wds0.4915 Link encap:Ethernet HWaddr 00:11:1A:D3:G7:9A
inet6 addr: fe80::121:2fff:fde9:a23f/10 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

I also tried

nvram show |grep "ifname"
and get this:

printer_ifname=usb
wan0_ifname=eth1
wl0_ifname=eth2
wan0_pppoe_ifname=ppp0
lan_ifnames_t=eth0 eth2 eth3 eth4
lan_ifnames=eth0 eth2 eth3 eth4
wan_ifnames=eth1
size: 10683 bytes (22085 left)
lan_ifname=br0
wan_ifname_t=ppp0
wl_ifname=
wan_ifname=eth1
wan0_ifnames=eth1
wan_pppoe_ifname=

and didn't find out which line is saying, that wan is ppp0, because there are many "wan" lines. :confused:

I also looked in log file:

Jan 1 01:00:04 kernel: Algorithmics/MIPS FPU Emulator v1.5
Jan 1 01:00:04 kernel: eth0: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.7.0
Jan 1 01:00:04 kernel: eth1: Broadcom BCM47xx 10/100 Mbps Ethernet Controller 3.90.7.0
Jan 1 01:00:04 kernel: PCI: Enabling device 01:02.0 (0004 -> 0006)
Jan 1 01:00:04 kernel: eth2: Broadcom BCM4320 802.11 Wireless Controller 3.90.23.0
Jan 1 01:00:04 kernel: device eth0 entered promiscuous mode
Jan 1 01:00:04 kernel: device eth2 entered promiscuous mode
Jan 1 01:00:04 kernel: device wds0.49153 entered promiscuous mode
Jan 1 01:00:04 kernel: br0: port 3(wds0.49153) entering listening state
Jan 1 01:00:04 kernel: br0: port 2(eth2) entering listening state
Jan 1 01:00:04 kernel: br0: port 1(eth0) entering listening state
Jan 1 01:00:04 kernel: br0: port 3(wds0.49153) entering learning state
Jan 1 01:00:04 kernel: br0: port 2(eth2) entering learning state
Jan 1 01:00:04 kernel: br0: port 1(eth0) entering learning state
Jan 1 01:00:04 kernel: br0: port 3(wds0.49153) entering forwarding state
Jan 1 01:00:04 kernel: br0: topology change detected, propagating
Jan 1 01:00:04 kernel: br0: port 2(eth2) entering forwarding state
Jan 1 01:00:04 kernel: br0: topology change detected, propagating
Jan 1 01:00:04 kernel: br0: port 1(eth0) entering forwarding state
Jan 1 01:00:04 kernel: br0: topology change detected, propagating
Jan 1 01:00:05 kernel: usb.c: registered new driver usbdevfs
Jan 1 01:00:05 kernel: usb.c: registered new driver hub
Jan 1 01:00:05 kernel: usb-ohci.c: USB OHCI at membase 0xb8004000, IRQ 2
Jan 1 01:00:05 kernel: usb-ohci.c: usb-00:05.0, PCI device 13e4:4815
Jan 1 01:00:05 kernel: usb.c: new USB bus registered, assigned bus number 1
Jan 1 01:00:05 kernel: hub.c: USB hub found
Jan 1 01:00:05 kernel: hub.c: 2 ports detected
Jan 1 01:00:06 kernel: lp0: using parport0 (polling).
Jan 1 01:00:06 kernel: usb.c: registered new driver usblp
Jan 1 01:00:06 kernel: printer.c: v0.13: USB Printer Device Class driver
Jan 1 01:00:08 kernel: usb.c: registered new driver audio
Jan 1 01:00:08 kernel: audio.c: v1.0.0:USB Audio Class driver
Jan 1 01:00:09 kernel: Linux video capture interface: v1.00
Jan 1 01:00:09 kernel: SCSI subsystem driver Revision: 1.00
Jan 1 01:00:10 kernel: Initializing USB Mass Storage driver...
Jan 1 01:00:10 kernel: usb.c: registered new driver usb-storage
Jan 1 01:00:10 kernel: USB Mass Storage support registered.
Jan 1 01:00:11 pppd[83]: Plugin rp-pppoe.so loaded.
Jan 1 01:00:11 pppd[83]: RP-PPPoE plugin version 3.3 compiled against pppd 2.4.2
Jan 1 01:00:11 pppd[84]: pppd 2.4.2 started by fbjklstm, uid 0
Jan 1 01:00:11 kernel: lp driver: get device ID
Jan 1 01:00:11 kernel: neg fail
Jan 1 01:00:17 kernel: lp driver: get device ID
Jan 1 01:00:17 kernel: neg fail
Jan 1 01:00:17 kernel: neg fail
Jan 1 01:00:26 pppd[84]: PPP session is 5092
Jan 1 01:00:26 pppd[84]: Using interface ppp0
Jan 1 01:00:26 pppd[84]: Connect: ppp0 <--> eth1
Jan 1 01:00:27 pppd[84]: CHAP authentication succeeded


In last case one line is saying Using interface ppp0. OK, this could I undestand if line is really talking about wan, but I'm not sure. What is then eth1 interface? :confused: :confused: :confused:

Sorry on my quite stupid questions, but I'm a noob in this and would like to understand some things, not just take it as a fact.

Thank you again for ansvers.

dholliday,

you have posted a lot of logs ;) But that's pretty easy to identify - your wl-500g is using ppp0 as WAN interface. ifconfig said:

ppp0 Link encap:Point-Point Protocol
inet addr:xxx.xxx.xxx.xxx P-t-P:yyy.yyy.yyy.yyy Mask:255.255.255.255
UP POINTOPOINT RUNNING MULTICAST MTU:1492 Metric:1
RX packets:251513 errors:0 dropped:0 overruns:0 frame:0
TX packets:277856 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:170756422 (162.8 MiB) TX bytes:129834799 (123.8 MiB)

ppp0 has therefore crrently your public IP address. BTW did you really want to announce it?

Regards

Robert

Thank you akbor,

now I see. :) I could say that I wasn't reading enaugh carefully..., but I think it's to late... :D

My public IP is not a problem, because it is not static. So, carefully with "shooting" on this IP. :D

Now I have to play with "numbers" and rules in wshaper to get out maximum of my connection.

Thanks again for your quick and good help, akbor.

Sorry, sorry.

Now, I think I understand it.
Thank you very much.

So if I want to mask ports 27000 to 28031 Then I can use rules something like this:

27000 0xfff8
port: 0110 1001 0111 1000
mask: 1111 1111 1111 1000
(27000-27007)


27008 0xff80
port: 0110 1001 1000 0000
mask: 1111 1111 1000 0000
(27008-27135)


27136 0xfe00
port: 0110 1010 0000 0000
mask: 1111 1110 0000 0000
(27136-27647)


27648 0xff00
port: 0110 1100 0000 0000
mask: 1111 1111 0000 0000
(27648-27903)


27904 0xff80
port: 0110 1101 0000 0000
mask: 1111 1111 1000 0000
(27904-28031)

Yes, I have read http://lartc.org/howto/, but I didn't find another method to define port ranges.


Thank you very, very much again.


I said, if the mask bit is zero, the port bit is "don't care"

1024 0xfc00 will prioritize a range of 1024... 2047, so:

port 0000 0100 0000 0000
mask 1111 1100 0000 0000

===> 0000 01xx xxxx xxxx

so the min. range is
0000 0100 0000 0000 = 0x400 = 1024

the max. range is
0000 0111 1111 1111 = 0x7ff = 2047

I've been battling issues with bandwidth shaping on the wl-700ge with a custom firmware installed using wondershaper (the GUI bandwidth doesn't work). The objective is "simple". I am trying to limit outbound FTP traffic so that I can use my network without having FTP transfers (from the server) choke my network and also allow my network activities (email, web, torrent) to take priority over FTP when needed (while allowing FTP a minimum amount). I don't want to touch my download speeds.

My bandwidth is 5000kbps down and 650kbps up (pretty constant on multiple checks)

The goal for the FTP is a minimum of 120kbps with a max of 480kbps and a lower priority so that if I'm doing other uploading then FTP is forced towards its minimum rate.

Now when I start wondershaper, I get the end result of BOTH my up speed and down speeds capping to 600kbps (checking using speedtest.net). If I increase the uplink parameter to some crazy level (like 7000kbps) and increase the ceil (on classid 1:20) up to any number higher than 600kbps my downloads are restored (to a max of whatever number was entered eg 700 > 700kbps, 6000 > 5000kbps [my actual max])... but the uploads are no longer capped (they go to uncapped max of 650kbps).

I'm guessing that something in the script is not right and I'm hoping someone might be able to help.

I've tried many edits and also just turned off the ingress filter altogether (trying to reduce variables).

Here are my launch command, script, launch response and status results.

launch command

wshaper start eth0 4800 600 "" "" "20 21" ""
wshaper script (had to hard code the rates that involved math as I got syntax errors for some reason).

#!/bin/sh
# Wonder Shaper, last modified by Robert Koch (aka akbor)
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be shaped.

DOWNLINK=$3
UPLINK=$4
DEV=$2

# low priority OUTGOING traffic - you can leave this blank if you want
# low priority source netmasks
NOPRIOHOSTSRC="$5"

# low priority destination netmasks
NOPRIOHOSTDST="$6"

# low priority source ports
NOPRIOPORTSRC="$7"

# low priority destination ports
NOPRIOPORTDST="$8"

if [ "$1" = "status" ]
then
tc -s qdisc ls dev $DEV
tc -s class ls dev $DEV
exit
fi

# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

if [ "$1" = "stop" ]
then
exit
fi

########## uplink ##########

# install root HTB, point default traffic to 1:20:
tc qdisc add dev $DEV root handle 1: htb default 20

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit \
ceil ${UPLINK}kbit burst 6k

# high prio class 1:10 - gets 40 to 100% traffic and highest priority:
# tc class add dev $DEV parent 1:1 classid 1:10 htb rate $((4*$UPLINK/10))kbit \
# ceil ${UPLINK}kbit burst 6k prio 1

tc class add dev $DEV parent 1:1 classid 1:10 htb rate 240kbit \
ceil 600kbit burst 6K prio 1

# bulk & default class 1:20 - gets 40 to 100% traffic and lower priority:
# tc class add dev $DEV parent 1:1 classid 1:20 htb rate $((4*$UPLINK/10))kbit \
# ceil ${UPLINK}kbit burst 6k prio 2

tc class add dev $DEV parent 1:1 classid 1:20 htb rate 240kbit \
ceil 600kbit burst 6k prio 2

# lowest priority class 1:30 - gets 20 to 80% traffic and lowest priority:
# tc class add dev $DEV parent 1:1 classid 1:30 htb rate $((2*$UPLINK/10))kbit \
# ceil $((8*$UPLINK/10))kbit burst 6k prio 3

tc class add dev $DEV parent 1:1 classid 1:30 htb rate 120kbit \
ceil 480kbit burst 6k prio 3

# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10

# high priority for VoIP traffic (by TOS)
# tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
# match ip tos 0x68 0xff \
# match ip protocol 0x11 0xff \
# flowid 1:10
# tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
# match ip tos 0xb8 0xff \
# match ip protocol 0x11 0xff \
# flowid 1:10

# high priority for VoIP traffic (by source port)
# tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
# match ip sport 5004 0xffff \
# match ip protocol 0x11 0xff \
# flowid 1:10
# tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
# match ip sport 5060 0xffff \
# match ip protocol 0x11 0xff \
# flowid 1:10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:
tc filter add dev $DEV parent 1:0 protocol ip prio 3 u32 \
match ip tos 0x10 0xff \
flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 1 u32 \
match ip protocol 1 0xff \
flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
tc filter add dev $DEV parent 1: protocol ip prio 2 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10

# some traffic however suffers a worse fate
for a in $NOPRIOPORTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
match ip dport $a 0xffff flowid 1:30
done

for a in $NOPRIOPORTSRC
do
tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \
match ip sport $a 0xffff flowid 1:30
done

for a in $NOPRIOHOSTSRC
do
tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
match ip src $a flowid 1:30
done

for a in $NOPRIOHOSTDST
do
tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \
match ip dst $a flowid 1:30
done

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
# tc filter add dev $DEV parent 1: protocol ip prio 1 u32 \
# match ip dst 0.0.0.0/0 flowid 1:20

########## downlink ##########

# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
# tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
# tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
# 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

launch results (the errors are I think in the sfq commands)

req.n.nlmsg_len:36
req.n.nlmsg_flags:1537
req.n.nlmsg_type:36
argv[7]: 20
argv[6]: default
argv[5]: htb
argv[4]: 1:
argv[3]: handle
argv[2]: root
argv[1]: eth0
argv[0]: dev
LOOP: argc: 8, argv: dev
LOOP: argc: 6, argv: root
LOOP: argc: 5, argv: handle
LOOP: argc: 3, argv: htb
_________________________
argv[1]: 20
argv[0]: default
test4-1
req.n.nlmsg_len:36
req.n.nlmsg_flags:1537
req.n.nlmsg_type:36
argv[8]: 10
argv[7]: perturb
argv[6]: sfq
argv[5]: 10:
argv[4]: handle
argv[3]: 1:10
argv[2]: parent
argv[1]: eth0
argv[0]: dev
LOOP: argc: 9, argv: dev
LOOP: argc: 7, argv: parent
LOOP: argc: 5, argv: handle
LOOP: argc: 3, argv: sfq
_________________________
argv[1]: 10
argv[0]: perturb
test4-1
RTNETLINK answers: Invalid argument
test3-1
req.n.nlmsg_len:36
req.n.nlmsg_flags:1537
req.n.nlmsg_type:36
argv[8]: 10
argv[7]: perturb
argv[6]: sfq
argv[5]: 20:
argv[4]: handle
argv[3]: 1:20
argv[2]: parent
argv[1]: eth0
argv[0]: dev
LOOP: argc: 9, argv: dev
LOOP: argc: 7, argv: parent
LOOP: argc: 5, argv: handle
LOOP: argc: 3, argv: sfq
_________________________
argv[1]: 10
argv[0]: perturb
test4-1
RTNETLINK answers: Invalid argument
test3-1
req.n.nlmsg_len:36
req.n.nlmsg_flags:1537
req.n.nlmsg_type:36
argv[8]: 10
argv[7]: perturb
argv[6]: sfq
argv[5]: 30:
argv[4]: handle
argv[3]: 1:30
argv[2]: parent
argv[1]: eth0
argv[0]: dev
LOOP: argc: 9, argv: dev
LOOP: argc: 7, argv: parent
LOOP: argc: 5, argv: handle
LOOP: argc: 3, argv: sfq
_________________________
argv[1]: 10
argv[0]: perturb
test4-1
RTNETLINK answers: Invalid argument
test3-1


Status results

qdisc htb 1: r2q 10 default 20 direct_packets_stat 0
statistics truncated
class htb 1:1 root rate 600Kbit ceil 600Kbit burst 6Kb cburst 2367b
Sent 12224 bytes 148 pkts (dropped 0, overlimits 0)
rate 204bps 2pps
lended: 0 borrowed: 0 giants: 0
tokens: 62638 ctokens: 22360

class htb 1:10 parent 1:1 prio 1 rate 240Kbit ceil 600Kbit burst 6Kb cburst 2367b
Sent 1196 bytes 18 pkts (dropped 0, overlimits 0)
rate 2bps
lended: 18 borrowed: 0 giants: 0
tokens: 162134 ctokens: 24576

class htb 1:20 parent 1:1 prio 2 rate 240Kbit ceil 600Kbit burst 6Kb cburst 2367b
Sent 9348 bytes 112 pkts (dropped 0, overlimits 0)
rate 202bps 2pps
lended: 112 borrowed: 0 giants: 0
tokens: 156589 ctokens: 22360

class htb 1:30 parent 1:1 prio 3 rate 120Kbit ceil 480Kbit burst 6Kb cburst 2213b
Sent 1680 bytes 18 pkts (dropped 0, overlimits 0)
rate 2bps
lended: 18 borrowed: 0 giants: 0
tokens: 322560 ctokens: 28240


Any help would be greatly appreciated.

Thanx in advance.

Hi all,

thanks to this huge thread i mnaged to modify the wshaper script in order to prioritize VoIP trafic, but i'm confused by some things.

First of all here is my setup :
1 Bewan ADSL2+ Modem on a 512/128 DSL connection
1 Wl500g, connecting to the internet with PPPoE
2 computers, both are connected through wireless. One of them is running P2P software (eMule)
1 Linksys ATA adapter connected through cable to the WL500

I'm note sur which interface i should set up for bandwidth management. I tried to use eth1, but it seems that this not sort of a solution since wshaper is shaping the connection underlying the PPPoE connection i.e. the data being shaped is the data moving through the modem and the router....
So i made some tests using ppp0 and br0, trafic shaping seems to occur but when i make a VoIP call communication is not of a good quality.
I can see that P2P trafic is being slowed down, but not enough and not fast enough i.e.: the longer the voIP call is, the better the quality will be. I have to wait about 2 minutes tio get acceptable quality.
What should i do to have all other trafic drop immediatly when i make a VoIP call ?

here is what i added to the script



# VOIP SIP
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x68 0xff \
flowid 1:10

# VOIP RTSP
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0xb8 0xff \
flowid 1:10


i also commented all the upload stuff at the end of the script...

Any advices ?

thank you... ;)

Thanks to this thread and the script written by Akbor (wow) I have now implemented WonderShaper in the WL-500g to take care of my VOIP. The quality of the conversations is now good also when surfing, down- or uploading or looking at my webcam from outside the LAN.

Although I was a real newbie without a single experience in Linux, I was able to implement this script in the WL500g with some extra efforts. To help others I have put a simple How-To for newbies on the wiki-page:

http://wiki.wl500g.info/index.php/PackageWondershaper

Please have a look to see if I forgot something or correct errors.

Thank you all!

Alexander

Finally I was able to make it work for VOIP! The problem was that the copy-paste did not work for me well, I had many empty spaces in the code...

here is the log:

qdisc sfq 30: quantum 1518b perturb 10sec
statistics truncated
qdisc sfq 20: quantum 1518b perturb 10sec
statistics truncated
qdisc sfq 10: quantum 1518b perturb 10sec
statistics truncated
qdisc htb 1: r2q 10 default 20 direct_packets_stat 6
statistics truncated
class htb 1:1 root rate 900Kbit ceil 900Kbit burst 6Kb cburst 2751b
Sent 14134137 bytes 19607 pkts (dropped 0, overlimits 0)
rate 38502bps 96pps
lended: 5989 borrowed: 0 giants: 0
tokens: 34076 ctokens: 9955

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 240Kbit ceil 600Kbit burst 6Kb cburst 2367b
Sent 353026 bytes 6064 pkts (dropped 0, overlimits 0)
rate 3404bps 62pps
lended: 6064 borrowed: 0 giants: 0
tokens: 162134 ctokens: 24576

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 240Kbit ceil 600Kbit burst 6Kb cburst 2367b
Sent 13801556 bytes 13555 pkts (dropped 0, overlimits 0)
rate 35767bps 34pps backlog 17p
lended: 7548 borrowed: 5989 giants: 0
tokens: -34449 ctokens: -9546

class htb 1:30 parent 1:1 leaf 30: prio 3 rate 120Kbit ceil 480Kbit burst 6Kb cburst 2213b
Sent 722 bytes 6 pkts (dropped 0, overlimits 0)
lended: 6 borrowed: 0 giants: 0
tokens: 324268 ctokens: 28667

I would be interested to know if these lines are correct for the Bitlord to place it under bulk priority?

tc filter add dev $DEV parent 1: protocol ip prio 10 u32
match ip sport 65534 0xffff
flowid 1:30

Can anyone post his working config again?

Thanks.

(Ïåðåâåë òî ÷òî ñíèçó!)

Íàêîíåö çàðàáîòàë QoS- wshaper! VOIP êà÷åñòâî ïîäíÿëîñü íåò âîîáùå ïðîïîäàíèé ñëîâ!

ß îáíàðóæèë ïðîáëåìó- ñêîïèðîâàëèñü ëèøíèå ïðîáåëû â êîä ïðè copy-paste, ïîýòîìó áûëè îøèáêè ïðè çàïóñêå ïðèøëîñü "÷èñòèòü" ñêðèïò...

Âîïðîñ-ïðîïèñàë äëÿ Bitlord ñòðî÷êè íî íå çíàþ ïðàâèëüíî èëè íåò-

tc filter add dev $DEV parent 1: protocol ip prio 10 u32
match ip sport 65534 0xffff
flowid 1:30

à ñìîã áû êòî ñêèíóòü êîíôèã ó êîãî ðàáîòàåò?

Ñïàñèáî!

I have set it up as it was shown below and do not have any traffic going over my low priority class-

class htb 1:30 root leaf 30: prio 3 rate 120Kbit ceil 480Kbit burst 6Kb cburst 2213b
Sent 0 bytes 0 pkts (dropped 0, overlimits 0)
lended: 0 borrowed: 0 giants: 0
tokens: 327680 ctokens: 29519

Any idea why?

at the same time-

class htb 1:10 root leaf 10: prio 1 rate 240Kbit ceil 600Kbit burst 6Kb cburst 2367b
Sent 16868735 bytes 78519 pkts (dropped 0, overlimits 0)
rate 2984bps 17pps
lended: 78519 borrowed: 0 giants: 0
tokens: 162561 ctokens: 24746

class htb 1:20 root leaf 20: prio 2 rate 240Kbit ceil 600Kbit burst 6Kb cburst 2367b
Sent 187917149 bytes 194261 pkts (dropped 32273, overlimits 0)
rate 30835bps 34pps backlog 108p
lended: 194153 borrowed: 0 giants: 0
tokens: -31678 ctokens: 10837

Hi,

does anyone use wondershaper in combination with a download channel > 4 Mbit? Does it work?

After a long time with a working (ok, not fully working, but good enough for my purposes ;)) Wondershaper I upgraded my bandwidth from 3Mbit to Mkbit. Now, the problem is, with active Wondershaper I'm not able to run downloads with >3.5Mbit. Further increase of the speed setting ($3) for down channel doesn't have any impact, I've just tried to configure Wondershaper for 20M downstream. I can get the full speed of my down-channel only if I turn off the Wondershaper.

Anybody some idea?

Regards

Robert