* [Cake] Cake with Deep Packet Inspection @ 2016-11-11 1:55 Noah Causin 2016-11-11 2:06 ` Outback Dingo 2016-11-11 3:15 ` Konstantin Shalygin 0 siblings, 2 replies; 18+ messages in thread From: Noah Causin @ 2016-11-11 1:55 UTC (permalink / raw) To: cake I finally got my project working. I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I could prioritize applications using Cake. http://www.ntop.org/products/deep-packet-inspection/ndpi/ NDPI integrates into IPTables, which allows me to DSCP mark packets. Cake reads the DiffServ markings and puts the traffic into appropriate classes. I found a Makefile which successfully compiles: https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile The system works very well. Steam traffic is deprioritized to allow applications like YouTube, Netflix, and Skype to receive higher amounts of the available bandwidth. What I do for ingress is bridge two ports on an extra router, enable bridge firewalling, and create IPTables rules to mark downstream packets. The router I use is a D-Link DGL-5500, which is comparable to an Archer C7. IPv6 support is not available in this netfilter module, but the IPv4 support is great. Noah Causin ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 1:55 [Cake] Cake with Deep Packet Inspection Noah Causin @ 2016-11-11 2:06 ` Outback Dingo 2016-11-11 2:42 ` Noah Causin 2016-11-11 3:15 ` Konstantin Shalygin 1 sibling, 1 reply; 18+ messages in thread From: Outback Dingo @ 2016-11-11 2:06 UTC (permalink / raw) To: Noah Causin; +Cc: cake On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote: > I finally got my project working. > > I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I > could prioritize applications using Cake. > > http://www.ntop.org/products/deep-packet-inspection/ndpi/ > > NDPI integrates into IPTables, which allows me to DSCP mark packets. Cake > reads the DiffServ markings and puts the traffic into appropriate classes. > > I found a Makefile which successfully compiles: > https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile > > The system works very well. Steam traffic is deprioritized to allow > applications like YouTube, Netflix, and Skype to receive higher amounts of > the available bandwidth. > > What I do for ingress is bridge two ports on an extra router, enable bridge > firewalling, and create IPTables rules to mark downstream packets. The > router I use is a D-Link DGL-5500, which is comparable to an Archer C7. > > IPv6 support is not available in this netfilter module, but the IPv4 support > is great. > > Noah Causin very nice.... however, can you describe a bit better how you configured for ingress ? a second router? configuration file ? your high level description seems a bit confusing to me > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 2:06 ` Outback Dingo @ 2016-11-11 2:42 ` Noah Causin 2016-11-11 2:52 ` Outback Dingo 0 siblings, 1 reply; 18+ messages in thread From: Noah Causin @ 2016-11-11 2:42 UTC (permalink / raw) To: Outback Dingo; +Cc: cake [-- Attachment #1: Type: text/plain, Size: 3441 bytes --] I took an extra router I had and bridged two ports on the router's switch, so they just pass traffic. (eth0.2 and eth0.3) Clients >-[Main Router] --[Extra Router]--[Cable-Modem] The extra router is passive. It acts like it's part of the Ethernet cable between the main router and cable modem. It does not interfere. The extra router needs these packages: kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two packages compiled from the Makefile I showed below (iptables-mod-ndpi and iptables-mod-ndpi) I edited /etc/sysctl.conf and change the last two lines to this: net.bridge.bridge-nf-call-ip6tables=1 net.bridge.bridge-nf-call-iptables=1 This enables bridge firewalling, so the traffic between the two ports can be marked. I then added firewall rules to LuCIs custom firewall rules tab. Example Rules, modify classes as desired: iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source *Your Main Router's Mac Address* -j DSCP --set-dscp-class cs0 iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source *Your Main Router's Mac Address* -j DSCP --set-dscp-class cs2 iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source *Your Main Router's Mac Address* -j DSCP --set-dscp-class cs3 iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source *Your Main Router's Mac Address* -j DSCP --set-dscp-class cs4 Have your main router use some form of DiffServ for both upload and download on its WAN interface. For upload traffic, you just need the two packages from the makefile to be installed on the main router and create firewall rules like this: iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP --set-dscp-class cs3 iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP --set-dscp-class cs4 If you need help building a custom firmware image, just let me know. On 11/10/2016 9:06 PM, Outback Dingo wrote: > On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote: >> I finally got my project working. >> >> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I >> could prioritize applications using Cake. >> >> http://www.ntop.org/products/deep-packet-inspection/ndpi/ >> >> NDPI integrates into IPTables, which allows me to DSCP mark packets. Cake >> reads the DiffServ markings and puts the traffic into appropriate classes. >> >> I found a Makefile which successfully compiles: >> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile >> >> The system works very well. Steam traffic is deprioritized to allow >> applications like YouTube, Netflix, and Skype to receive higher amounts of >> the available bandwidth. >> >> What I do for ingress is bridge two ports on an extra router, enable bridge >> firewalling, and create IPTables rules to mark downstream packets. The >> router I use is a D-Link DGL-5500, which is comparable to an Archer C7. >> >> IPv6 support is not available in this netfilter module, but the IPv4 support >> is great. >> >> Noah Causin > very nice.... however, can you describe a bit better how you > configured for ingress ? a second router? configuration file ? your > high level description seems a bit confusing to me > > >> _______________________________________________ >> Cake mailing list >> Cake@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cake [-- Attachment #2: Type: text/html, Size: 5278 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 2:42 ` Noah Causin @ 2016-11-11 2:52 ` Outback Dingo 2016-11-11 4:28 ` Outback Dingo 0 siblings, 1 reply; 18+ messages in thread From: Outback Dingo @ 2016-11-11 2:52 UTC (permalink / raw) To: Noah Causin; +Cc: cake On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> wrote: > I took an extra router I had and bridged two ports on the router's switch, > so they just pass traffic. (eth0.2 and eth0.3) > > Clients >-[Main Router] --[Extra Router]--[Cable-Modem] > > The extra router is passive. It acts like it's part of the Ethernet cable > between the main router and cable modem. It does not interfere. > > The extra router needs these packages: > > kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two > packages compiled from the Makefile I showed below (iptables-mod-ndpi and > iptables-mod-ndpi) > > I edited /etc/sysctl.conf and change the last two lines to this: > > net.bridge.bridge-nf-call-ip6tables=1 > net.bridge.bridge-nf-call-iptables=1 > > This enables bridge firewalling, so the traffic between the two ports can be > marked. > > I then added firewall rules to LuCIs custom firewall rules tab. > > Example Rules, modify classes as desired: > > iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your > Main Router's Mac Address -j DSCP --set-dscp-class cs0 > iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source Your > Main Router's Mac Address -j DSCP --set-dscp-class cs2 > > iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source Your > Main Router's Mac Address -j DSCP --set-dscp-class cs3 > iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your > Main Router's Mac Address -j DSCP --set-dscp-class cs4 > > Have your main router use some form of DiffServ for both upload and download > on its WAN interface. For upload traffic, you just need the two packages > from the makefile to be installed on the main router and create firewall > rules like this: > > iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP > --set-dscp-class cs3 > iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP > --set-dscp-class cs4 > > If you need help building a custom firmware image, just let me know. > Ok got it, its in-line.... right now im fighting the GFW of China using shadowsocks and chinadns so im pretty customized already, i was having issues with sqm and kernel segfaults on 4.4.30 ill build a cake and DPI image and see how that goes, maybe Ill try this after i deem sqm is stable with cake on this build. It a ZBT-WG3526 router... so its ralink based > > On 11/10/2016 9:06 PM, Outback Dingo wrote: > > On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote: > > I finally got my project working. > > I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I > could prioritize applications using Cake. > > http://www.ntop.org/products/deep-packet-inspection/ndpi/ > > NDPI integrates into IPTables, which allows me to DSCP mark packets. Cake > reads the DiffServ markings and puts the traffic into appropriate classes. > > I found a Makefile which successfully compiles: > https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile > > The system works very well. Steam traffic is deprioritized to allow > applications like YouTube, Netflix, and Skype to receive higher amounts of > the available bandwidth. > > What I do for ingress is bridge two ports on an extra router, enable bridge > firewalling, and create IPTables rules to mark downstream packets. The > router I use is a D-Link DGL-5500, which is comparable to an Archer C7. > > IPv6 support is not available in this netfilter module, but the IPv4 support > is great. > > Noah Causin > > very nice.... however, can you describe a bit better how you > configured for ingress ? a second router? configuration file ? your > high level description seems a bit confusing to me > > > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake > > ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 2:52 ` Outback Dingo @ 2016-11-11 4:28 ` Outback Dingo 2016-11-11 13:04 ` Noah Causin 0 siblings, 1 reply; 18+ messages in thread From: Outback Dingo @ 2016-11-11 4:28 UTC (permalink / raw) To: Noah Causin; +Cc: cake On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com> wrote: > On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> wrote: >> I took an extra router I had and bridged two ports on the router's switch, >> so they just pass traffic. (eth0.2 and eth0.3) >> >> Clients >-[Main Router] --[Extra Router]--[Cable-Modem] >> >> The extra router is passive. It acts like it's part of the Ethernet cable >> between the main router and cable modem. It does not interfere. >> >> The extra router needs these packages: >> >> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two >> packages compiled from the Makefile I showed below (iptables-mod-ndpi and >> iptables-mod-ndpi) >> >> I edited /etc/sysctl.conf and change the last two lines to this: >> >> net.bridge.bridge-nf-call-ip6tables=1 >> net.bridge.bridge-nf-call-iptables=1 >> >> This enables bridge firewalling, so the traffic between the two ports can be >> marked. >> >> I then added firewall rules to LuCIs custom firewall rules tab. >> >> Example Rules, modify classes as desired: >> >> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your >> Main Router's Mac Address -j DSCP --set-dscp-class cs0 >> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source Your >> Main Router's Mac Address -j DSCP --set-dscp-class cs2 >> >> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source Your >> Main Router's Mac Address -j DSCP --set-dscp-class cs3 >> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your >> Main Router's Mac Address -j DSCP --set-dscp-class cs4 >> >> Have your main router use some form of DiffServ for both upload and download >> on its WAN interface. For upload traffic, you just need the two packages >> from the makefile to be installed on the main router and create firewall >> rules like this: >> >> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP >> --set-dscp-class cs3 >> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP >> --set-dscp-class cs4 >> >> If you need help building a custom firmware image, just let me know. >> > > Ok got it, its in-line.... right now im fighting the GFW of China > using shadowsocks and chinadns so im pretty customized already, > i was having issues with sqm and kernel segfaults on 4.4.30 ill build > a cake and DPI image and see how that goes, maybe Ill try this > after i deem sqm is stable with cake on this build. It a ZBT-WG3526 > router... so its ralink based like i stated on LEDE major issues when sqm is enabled.... even with cake... is nobody else seeing these issues? [ 569.020000] 1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613 fqs=1 [ 569.020000] (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573) [ 569.020000] Task dump for CPU 1: [ 569.020000] swapper/1 R running 0 0 1 0x00100000 [ 569.020000] Stack : 00000000 00000001 00000015 00000000 00000000 00000001 8045a2a4 80410000 [ 569.020000] 8041275c 00000001 00000001 80412540 80412724 80410000 00000000 800132e8 [ 569.020000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 8005c870 1100fc03 00000001 [ 569.020000] 00000000 80410000 8045a2a4 8005c868 80410000 8001ade0 1100fc03 00000000 [ 569.020000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db aefffbff fff77fe7 dfffffef [ 569.020000] ... [ 569.020000] Call Trace: [ 569.020000] [<8000bba8>] __schedule+0x574/0x758 [ 569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 [ 569.020000] [ 569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798 f0x0 s3 ->state=0x1 [ 629.130000] INFO: rcu_sched detected stalls on CPUs/tasks: [ 629.130000] 1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613 fqs=1 [ 629.130000] (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653) [ 629.130000] Task dump for CPU 1: [ 629.130000] swapper/1 R running 0 0 1 0x00100000 [ 629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081 00000011 8045a2a4 80410000 [ 629.130000] 8041275c 00000001 00000001 80412540 80412724 80410000 000010d9 800132e8 [ 629.130000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 8005c870 1100fc03 00000001 [ 629.130000] 00000000 80410000 8045a2a4 8005c868 80410000 8001ade0 1100fc03 00000000 [ 629.130000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db aefffbff fff77fe7 dfffffef [ 629.130000] ... [ 629.130000] Call Trace: [ 629.130000] [<8000bba8>] __schedule+0x574/0x758 [ 629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 [ 629.130000] [ 629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800 f0x0 s3 ->state=0x1 [ 692.940000] INFO: rcu_sched detected stalls on CPUs/tasks: [ 692.940000] 1-...: (0 ticks this GP) idle=4c2/0/0 softirq=50613/50613 fqs=0 [ 692.940000] 2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460 fqs=0 [ 692.940000] 3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982 fqs=0 [ 692.940000] (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190) [ 692.940000] Task dump for CPU 1: [ 692.940000] swapper/1 R running 0 0 1 0x00100000 [ 692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f d2f1a9fc 8045a2a4 80410000 [ 692.940000] 8041275c 00000001 00000001 80412540 80412724 80410000 000010d9 800132e8 [ 692.940000] 00000000 00000001 8fc60000 8fc61ec0 80410000 8005c870 1100fc03 00000001 [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 8001ade0 1100fc03 00000000 [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db aefffbff fff77fe7 dfffffef [ 692.940000] ... [ 692.940000] Call Trace: [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 [ 692.940000] [ 692.940000] Task dump for CPU 2: [ 692.940000] swapper/2 R running 0 0 1 0x00100000 [ 692.940000] Stack : 00000000 00000001 00000010 00000000 00000000 00010001 8045a2a4 80410000 [ 692.940000] 8041275c 00000001 00000000 804125e0 80412724 80410000 00000000 800132e8 [ 692.940000] 1100fc03 00000002 8fc62000 8fc63ec0 80410000 8005c870 1100fc03 00000002 [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 8001ade0 1100fc03 00000000 [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fbffbfdf 7fff7b3b 7ffaeff8 67fbffff [ 692.940000] ... [ 692.940000] Call Trace: [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 [ 692.940000] [ 692.940000] Task dump for CPU 3: [ 692.940000] swapper/3 R running 0 0 1 0x00100000 [ 692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f 00000020 8045a2a4 80410000 [ 692.940000] 8041275c 00000001 00000001 80412680 80412724 80410000 000010d9 800132e8 [ 692.940000] 1100fc03 00000003 8fc64000 8fc65ec0 80410000 8005c870 1100fc03 00000003 [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 8001ade0 1100fc03 00000000 [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fefffbdb aefffbfb fff77fe7 dfffffef [ 692.940000] ... [ 692.940000] Call Trace: [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 [ 692.940000] [ 692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823 f0x0 s3 ->state=0x1 root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: Broken pipe > >> >> On 11/10/2016 9:06 PM, Outback Dingo wrote: >> >> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote: >> >> I finally got my project working. >> >> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I >> could prioritize applications using Cake. >> >> http://www.ntop.org/products/deep-packet-inspection/ndpi/ >> >> NDPI integrates into IPTables, which allows me to DSCP mark packets. Cake >> reads the DiffServ markings and puts the traffic into appropriate classes. >> >> I found a Makefile which successfully compiles: >> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile >> >> The system works very well. Steam traffic is deprioritized to allow >> applications like YouTube, Netflix, and Skype to receive higher amounts of >> the available bandwidth. >> >> What I do for ingress is bridge two ports on an extra router, enable bridge >> firewalling, and create IPTables rules to mark downstream packets. The >> router I use is a D-Link DGL-5500, which is comparable to an Archer C7. >> >> IPv6 support is not available in this netfilter module, but the IPv4 support >> is great. >> >> Noah Causin >> >> very nice.... however, can you describe a bit better how you >> configured for ingress ? a second router? configuration file ? your >> high level description seems a bit confusing to me >> >> >> _______________________________________________ >> Cake mailing list >> Cake@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/cake >> >> ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 4:28 ` Outback Dingo @ 2016-11-11 13:04 ` Noah Causin 2016-11-11 14:08 ` Outback Dingo 0 siblings, 1 reply; 18+ messages in thread From: Noah Causin @ 2016-11-11 13:04 UTC (permalink / raw) To: Outback Dingo; +Cc: cake Do you build your firmware from the git repository? On 11/10/2016 11:28 PM, Outback Dingo wrote: > On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com> wrote: >> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> wrote: >>> I took an extra router I had and bridged two ports on the router's switch, >>> so they just pass traffic. (eth0.2 and eth0.3) >>> >>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem] >>> >>> The extra router is passive. It acts like it's part of the Ethernet cable >>> between the main router and cable modem. It does not interfere. >>> >>> The extra router needs these packages: >>> >>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two >>> packages compiled from the Makefile I showed below (iptables-mod-ndpi and >>> iptables-mod-ndpi) >>> >>> I edited /etc/sysctl.conf and change the last two lines to this: >>> >>> net.bridge.bridge-nf-call-ip6tables=1 >>> net.bridge.bridge-nf-call-iptables=1 >>> >>> This enables bridge firewalling, so the traffic between the two ports can be >>> marked. >>> >>> I then added firewall rules to LuCIs custom firewall rules tab. >>> >>> Example Rules, modify classes as desired: >>> >>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your >>> Main Router's Mac Address -j DSCP --set-dscp-class cs0 >>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source Your >>> Main Router's Mac Address -j DSCP --set-dscp-class cs2 >>> >>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source Your >>> Main Router's Mac Address -j DSCP --set-dscp-class cs3 >>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your >>> Main Router's Mac Address -j DSCP --set-dscp-class cs4 >>> >>> Have your main router use some form of DiffServ for both upload and download >>> on its WAN interface. For upload traffic, you just need the two packages >>> from the makefile to be installed on the main router and create firewall >>> rules like this: >>> >>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP >>> --set-dscp-class cs3 >>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP >>> --set-dscp-class cs4 >>> >>> If you need help building a custom firmware image, just let me know. >>> >> Ok got it, its in-line.... right now im fighting the GFW of China >> using shadowsocks and chinadns so im pretty customized already, >> i was having issues with sqm and kernel segfaults on 4.4.30 ill build >> a cake and DPI image and see how that goes, maybe Ill try this >> after i deem sqm is stable with cake on this build. It a ZBT-WG3526 >> router... so its ralink based > like i stated on LEDE major issues when sqm is enabled.... even with > cake... is nobody else seeing these issues? > > [ 569.020000] 1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613 fqs=1 > [ 569.020000] (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573) > [ 569.020000] Task dump for CPU 1: > [ 569.020000] swapper/1 R running 0 0 1 0x00100000 > [ 569.020000] Stack : 00000000 00000001 00000015 00000000 00000000 > 00000001 8045a2a4 80410000 > [ 569.020000] 8041275c 00000001 00000001 80412540 80412724 > 80410000 00000000 800132e8 > [ 569.020000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 > 8005c870 1100fc03 00000001 > [ 569.020000] 00000000 80410000 8045a2a4 8005c868 80410000 > 8001ade0 1100fc03 00000000 > [ 569.020000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db > aefffbff fff77fe7 dfffffef > [ 569.020000] ... > [ 569.020000] Call Trace: > [ 569.020000] [<8000bba8>] __schedule+0x574/0x758 > [ 569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 > [ 569.020000] > [ 569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798 > f0x0 s3 ->state=0x1 > [ 629.130000] INFO: rcu_sched detected stalls on CPUs/tasks: > [ 629.130000] 1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613 fqs=1 > [ 629.130000] (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653) > [ 629.130000] Task dump for CPU 1: > [ 629.130000] swapper/1 R running 0 0 1 0x00100000 > [ 629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081 > 00000011 8045a2a4 80410000 > [ 629.130000] 8041275c 00000001 00000001 80412540 80412724 > 80410000 000010d9 800132e8 > [ 629.130000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 > 8005c870 1100fc03 00000001 > [ 629.130000] 00000000 80410000 8045a2a4 8005c868 80410000 > 8001ade0 1100fc03 00000000 > [ 629.130000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db > aefffbff fff77fe7 dfffffef > [ 629.130000] ... > [ 629.130000] Call Trace: > [ 629.130000] [<8000bba8>] __schedule+0x574/0x758 > [ 629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 > [ 629.130000] > [ 629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800 > f0x0 s3 ->state=0x1 > [ 692.940000] INFO: rcu_sched detected stalls on CPUs/tasks: > [ 692.940000] 1-...: (0 ticks this GP) idle=4c2/0/0 > softirq=50613/50613 fqs=0 > [ 692.940000] 2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460 fqs=0 > [ 692.940000] 3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982 fqs=0 > [ 692.940000] (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190) > [ 692.940000] Task dump for CPU 1: > [ 692.940000] swapper/1 R running 0 0 1 0x00100000 > [ 692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f > d2f1a9fc 8045a2a4 80410000 > [ 692.940000] 8041275c 00000001 00000001 80412540 80412724 > 80410000 000010d9 800132e8 > [ 692.940000] 00000000 00000001 8fc60000 8fc61ec0 80410000 > 8005c870 1100fc03 00000001 > [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 > 8001ade0 1100fc03 00000000 > [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db > aefffbff fff77fe7 dfffffef > [ 692.940000] ... > [ 692.940000] Call Trace: > [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 > [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 > [ 692.940000] > [ 692.940000] Task dump for CPU 2: > [ 692.940000] swapper/2 R running 0 0 1 0x00100000 > [ 692.940000] Stack : 00000000 00000001 00000010 00000000 00000000 > 00010001 8045a2a4 80410000 > [ 692.940000] 8041275c 00000001 00000000 804125e0 80412724 > 80410000 00000000 800132e8 > [ 692.940000] 1100fc03 00000002 8fc62000 8fc63ec0 80410000 > 8005c870 1100fc03 00000002 > [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 > 8001ade0 1100fc03 00000000 > [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fbffbfdf > 7fff7b3b 7ffaeff8 67fbffff > [ 692.940000] ... > [ 692.940000] Call Trace: > [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 > [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 > [ 692.940000] > [ 692.940000] Task dump for CPU 3: > [ 692.940000] swapper/3 R running 0 0 1 0x00100000 > [ 692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f > 00000020 8045a2a4 80410000 > [ 692.940000] 8041275c 00000001 00000001 80412680 80412724 > 80410000 000010d9 800132e8 > [ 692.940000] 1100fc03 00000003 8fc64000 8fc65ec0 80410000 > 8005c870 1100fc03 00000003 > [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 > 8001ade0 1100fc03 00000000 > [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fefffbdb > aefffbfb fff77fe7 dfffffef > [ 692.940000] ... > [ 692.940000] Call Trace: > [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 > [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 > [ 692.940000] > [ 692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823 > f0x0 s3 ->state=0x1 > root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: Broken pipe > > >>> On 11/10/2016 9:06 PM, Outback Dingo wrote: >>> >>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote: >>> >>> I finally got my project working. >>> >>> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I >>> could prioritize applications using Cake. >>> >>> http://www.ntop.org/products/deep-packet-inspection/ndpi/ >>> >>> NDPI integrates into IPTables, which allows me to DSCP mark packets. Cake >>> reads the DiffServ markings and puts the traffic into appropriate classes. >>> >>> I found a Makefile which successfully compiles: >>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile >>> >>> The system works very well. Steam traffic is deprioritized to allow >>> applications like YouTube, Netflix, and Skype to receive higher amounts of >>> the available bandwidth. >>> >>> What I do for ingress is bridge two ports on an extra router, enable bridge >>> firewalling, and create IPTables rules to mark downstream packets. The >>> router I use is a D-Link DGL-5500, which is comparable to an Archer C7. >>> >>> IPv6 support is not available in this netfilter module, but the IPv4 support >>> is great. >>> >>> Noah Causin >>> >>> very nice.... however, can you describe a bit better how you >>> configured for ingress ? a second router? configuration file ? your >>> high level description seems a bit confusing to me >>> >>> >>> _______________________________________________ >>> Cake mailing list >>> Cake@lists.bufferbloat.net >>> https://lists.bufferbloat.net/listinfo/cake >>> >>> ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 13:04 ` Noah Causin @ 2016-11-11 14:08 ` Outback Dingo 2016-11-11 14:22 ` Noah Causin 0 siblings, 1 reply; 18+ messages in thread From: Outback Dingo @ 2016-11-11 14:08 UTC (permalink / raw) To: Noah Causin; +Cc: cake On Fri, Nov 11, 2016 at 9:04 PM, Noah Causin <n0manletter@gmail.com> wrote: > Do you build your firmware from the git repository? > > Yes it is built from a recent trunk, as of yesterday > > On 11/10/2016 11:28 PM, Outback Dingo wrote: >> >> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com> >> wrote: >>> >>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> >>> wrote: >>>> >>>> I took an extra router I had and bridged two ports on the router's >>>> switch, >>>> so they just pass traffic. (eth0.2 and eth0.3) >>>> >>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem] >>>> >>>> The extra router is passive. It acts like it's part of the Ethernet >>>> cable >>>> between the main router and cable modem. It does not interfere. >>>> >>>> The extra router needs these packages: >>>> >>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two >>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi >>>> and >>>> iptables-mod-ndpi) >>>> >>>> I edited /etc/sysctl.conf and change the last two lines to this: >>>> >>>> net.bridge.bridge-nf-call-ip6tables=1 >>>> net.bridge.bridge-nf-call-iptables=1 >>>> >>>> This enables bridge firewalling, so the traffic between the two ports >>>> can be >>>> marked. >>>> >>>> I then added firewall rules to LuCIs custom firewall rules tab. >>>> >>>> Example Rules, modify classes as desired: >>>> >>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your >>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0 >>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source >>>> Your >>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2 >>>> >>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source >>>> Your >>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3 >>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your >>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4 >>>> >>>> Have your main router use some form of DiffServ for both upload and >>>> download >>>> on its WAN interface. For upload traffic, you just need the two >>>> packages >>>> from the makefile to be installed on the main router and create firewall >>>> rules like this: >>>> >>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP >>>> --set-dscp-class cs3 >>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP >>>> --set-dscp-class cs4 >>>> >>>> If you need help building a custom firmware image, just let me know. >>>> >>> Ok got it, its in-line.... right now im fighting the GFW of China >>> using shadowsocks and chinadns so im pretty customized already, >>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build >>> a cake and DPI image and see how that goes, maybe Ill try this >>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526 >>> router... so its ralink based >> >> like i stated on LEDE major issues when sqm is enabled.... even with >> cake... is nobody else seeing these issues? >> >> [ 569.020000] 1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613 >> fqs=1 >> [ 569.020000] (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573) >> [ 569.020000] Task dump for CPU 1: >> [ 569.020000] swapper/1 R running 0 0 1 0x00100000 >> [ 569.020000] Stack : 00000000 00000001 00000015 00000000 00000000 >> 00000001 8045a2a4 80410000 >> [ 569.020000] 8041275c 00000001 00000001 80412540 80412724 >> 80410000 00000000 800132e8 >> [ 569.020000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 >> 8005c870 1100fc03 00000001 >> [ 569.020000] 00000000 80410000 8045a2a4 8005c868 80410000 >> 8001ade0 1100fc03 00000000 >> [ 569.020000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >> aefffbff fff77fe7 dfffffef >> [ 569.020000] ... >> [ 569.020000] Call Trace: >> [ 569.020000] [<8000bba8>] __schedule+0x574/0x758 >> [ 569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >> [ 569.020000] >> [ 569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798 >> f0x0 s3 ->state=0x1 >> [ 629.130000] INFO: rcu_sched detected stalls on CPUs/tasks: >> [ 629.130000] 1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613 >> fqs=1 >> [ 629.130000] (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653) >> [ 629.130000] Task dump for CPU 1: >> [ 629.130000] swapper/1 R running 0 0 1 0x00100000 >> [ 629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081 >> 00000011 8045a2a4 80410000 >> [ 629.130000] 8041275c 00000001 00000001 80412540 80412724 >> 80410000 000010d9 800132e8 >> [ 629.130000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 >> 8005c870 1100fc03 00000001 >> [ 629.130000] 00000000 80410000 8045a2a4 8005c868 80410000 >> 8001ade0 1100fc03 00000000 >> [ 629.130000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >> aefffbff fff77fe7 dfffffef >> [ 629.130000] ... >> [ 629.130000] Call Trace: >> [ 629.130000] [<8000bba8>] __schedule+0x574/0x758 >> [ 629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >> [ 629.130000] >> [ 629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800 >> f0x0 s3 ->state=0x1 >> [ 692.940000] INFO: rcu_sched detected stalls on CPUs/tasks: >> [ 692.940000] 1-...: (0 ticks this GP) idle=4c2/0/0 >> softirq=50613/50613 fqs=0 >> [ 692.940000] 2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460 >> fqs=0 >> [ 692.940000] 3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982 >> fqs=0 >> [ 692.940000] (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190) >> [ 692.940000] Task dump for CPU 1: >> [ 692.940000] swapper/1 R running 0 0 1 0x00100000 >> [ 692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f >> d2f1a9fc 8045a2a4 80410000 >> [ 692.940000] 8041275c 00000001 00000001 80412540 80412724 >> 80410000 000010d9 800132e8 >> [ 692.940000] 00000000 00000001 8fc60000 8fc61ec0 80410000 >> 8005c870 1100fc03 00000001 >> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >> 8001ade0 1100fc03 00000000 >> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >> aefffbff fff77fe7 dfffffef >> [ 692.940000] ... >> [ 692.940000] Call Trace: >> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >> [ 692.940000] >> [ 692.940000] Task dump for CPU 2: >> [ 692.940000] swapper/2 R running 0 0 1 0x00100000 >> [ 692.940000] Stack : 00000000 00000001 00000010 00000000 00000000 >> 00010001 8045a2a4 80410000 >> [ 692.940000] 8041275c 00000001 00000000 804125e0 80412724 >> 80410000 00000000 800132e8 >> [ 692.940000] 1100fc03 00000002 8fc62000 8fc63ec0 80410000 >> 8005c870 1100fc03 00000002 >> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >> 8001ade0 1100fc03 00000000 >> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fbffbfdf >> 7fff7b3b 7ffaeff8 67fbffff >> [ 692.940000] ... >> [ 692.940000] Call Trace: >> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >> [ 692.940000] >> [ 692.940000] Task dump for CPU 3: >> [ 692.940000] swapper/3 R running 0 0 1 0x00100000 >> [ 692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f >> 00000020 8045a2a4 80410000 >> [ 692.940000] 8041275c 00000001 00000001 80412680 80412724 >> 80410000 000010d9 800132e8 >> [ 692.940000] 1100fc03 00000003 8fc64000 8fc65ec0 80410000 >> 8005c870 1100fc03 00000003 >> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >> 8001ade0 1100fc03 00000000 >> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fefffbdb >> aefffbfb fff77fe7 dfffffef >> [ 692.940000] ... >> [ 692.940000] Call Trace: >> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >> [ 692.940000] >> [ 692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823 >> f0x0 s3 ->state=0x1 >> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: Broken >> pipe >> >> >>>> On 11/10/2016 9:06 PM, Outback Dingo wrote: >>>> >>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> >>>> wrote: >>>> >>>> I finally got my project working. >>>> >>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, >>>> so I >>>> could prioritize applications using Cake. >>>> >>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/ >>>> >>>> NDPI integrates into IPTables, which allows me to DSCP mark packets. >>>> Cake >>>> reads the DiffServ markings and puts the traffic into appropriate >>>> classes. >>>> >>>> I found a Makefile which successfully compiles: >>>> >>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile >>>> >>>> The system works very well. Steam traffic is deprioritized to allow >>>> applications like YouTube, Netflix, and Skype to receive higher amounts >>>> of >>>> the available bandwidth. >>>> >>>> What I do for ingress is bridge two ports on an extra router, enable >>>> bridge >>>> firewalling, and create IPTables rules to mark downstream packets. The >>>> router I use is a D-Link DGL-5500, which is comparable to an Archer C7. >>>> >>>> IPv6 support is not available in this netfilter module, but the IPv4 >>>> support >>>> is great. >>>> >>>> Noah Causin >>>> >>>> very nice.... however, can you describe a bit better how you >>>> configured for ingress ? a second router? configuration file ? your >>>> high level description seems a bit confusing to me >>>> >>>> >>>> _______________________________________________ >>>> Cake mailing list >>>> Cake@lists.bufferbloat.net >>>> https://lists.bufferbloat.net/listinfo/cake >>>> >>>> > ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 14:08 ` Outback Dingo @ 2016-11-11 14:22 ` Noah Causin 2016-11-11 14:56 ` Outback Dingo 0 siblings, 1 reply; 18+ messages in thread From: Noah Causin @ 2016-11-11 14:22 UTC (permalink / raw) To: Outback Dingo; +Cc: cake What I would try is deleting your build source folder and start from scratch. Then edit source/package/kernel/kmod-sched-cake/Makefile change the PKG_SOURCE_VERSION to 70169dba14daa6ef7907af9c1e922ef9f797993a That's the latest stable version of cake. https://github.com/dtaht/sch_cake/commit/70169dba14daa6ef7907af9c1e922ef9f797993a On 11/11/2016 9:08 AM, Outback Dingo wrote: > On Fri, Nov 11, 2016 at 9:04 PM, Noah Causin <n0manletter@gmail.com> wrote: >> Do you build your firmware from the git repository? >> >> > Yes it is built from a recent trunk, as of yesterday > > >> On 11/10/2016 11:28 PM, Outback Dingo wrote: >>> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com> >>> wrote: >>>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> >>>> wrote: >>>>> I took an extra router I had and bridged two ports on the router's >>>>> switch, >>>>> so they just pass traffic. (eth0.2 and eth0.3) >>>>> >>>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem] >>>>> >>>>> The extra router is passive. It acts like it's part of the Ethernet >>>>> cable >>>>> between the main router and cable modem. It does not interfere. >>>>> >>>>> The extra router needs these packages: >>>>> >>>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two >>>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi >>>>> and >>>>> iptables-mod-ndpi) >>>>> >>>>> I edited /etc/sysctl.conf and change the last two lines to this: >>>>> >>>>> net.bridge.bridge-nf-call-ip6tables=1 >>>>> net.bridge.bridge-nf-call-iptables=1 >>>>> >>>>> This enables bridge firewalling, so the traffic between the two ports >>>>> can be >>>>> marked. >>>>> >>>>> I then added firewall rules to LuCIs custom firewall rules tab. >>>>> >>>>> Example Rules, modify classes as desired: >>>>> >>>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your >>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0 >>>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source >>>>> Your >>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2 >>>>> >>>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source >>>>> Your >>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3 >>>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your >>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4 >>>>> >>>>> Have your main router use some form of DiffServ for both upload and >>>>> download >>>>> on its WAN interface. For upload traffic, you just need the two >>>>> packages >>>>> from the makefile to be installed on the main router and create firewall >>>>> rules like this: >>>>> >>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP >>>>> --set-dscp-class cs3 >>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP >>>>> --set-dscp-class cs4 >>>>> >>>>> If you need help building a custom firmware image, just let me know. >>>>> >>>> Ok got it, its in-line.... right now im fighting the GFW of China >>>> using shadowsocks and chinadns so im pretty customized already, >>>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build >>>> a cake and DPI image and see how that goes, maybe Ill try this >>>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526 >>>> router... so its ralink based >>> like i stated on LEDE major issues when sqm is enabled.... even with >>> cake... is nobody else seeing these issues? >>> >>> [ 569.020000] 1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613 >>> fqs=1 >>> [ 569.020000] (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573) >>> [ 569.020000] Task dump for CPU 1: >>> [ 569.020000] swapper/1 R running 0 0 1 0x00100000 >>> [ 569.020000] Stack : 00000000 00000001 00000015 00000000 00000000 >>> 00000001 8045a2a4 80410000 >>> [ 569.020000] 8041275c 00000001 00000001 80412540 80412724 >>> 80410000 00000000 800132e8 >>> [ 569.020000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 >>> 8005c870 1100fc03 00000001 >>> [ 569.020000] 00000000 80410000 8045a2a4 8005c868 80410000 >>> 8001ade0 1100fc03 00000000 >>> [ 569.020000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>> aefffbff fff77fe7 dfffffef >>> [ 569.020000] ... >>> [ 569.020000] Call Trace: >>> [ 569.020000] [<8000bba8>] __schedule+0x574/0x758 >>> [ 569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>> [ 569.020000] >>> [ 569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798 >>> f0x0 s3 ->state=0x1 >>> [ 629.130000] INFO: rcu_sched detected stalls on CPUs/tasks: >>> [ 629.130000] 1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613 >>> fqs=1 >>> [ 629.130000] (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653) >>> [ 629.130000] Task dump for CPU 1: >>> [ 629.130000] swapper/1 R running 0 0 1 0x00100000 >>> [ 629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081 >>> 00000011 8045a2a4 80410000 >>> [ 629.130000] 8041275c 00000001 00000001 80412540 80412724 >>> 80410000 000010d9 800132e8 >>> [ 629.130000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 >>> 8005c870 1100fc03 00000001 >>> [ 629.130000] 00000000 80410000 8045a2a4 8005c868 80410000 >>> 8001ade0 1100fc03 00000000 >>> [ 629.130000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>> aefffbff fff77fe7 dfffffef >>> [ 629.130000] ... >>> [ 629.130000] Call Trace: >>> [ 629.130000] [<8000bba8>] __schedule+0x574/0x758 >>> [ 629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>> [ 629.130000] >>> [ 629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800 >>> f0x0 s3 ->state=0x1 >>> [ 692.940000] INFO: rcu_sched detected stalls on CPUs/tasks: >>> [ 692.940000] 1-...: (0 ticks this GP) idle=4c2/0/0 >>> softirq=50613/50613 fqs=0 >>> [ 692.940000] 2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460 >>> fqs=0 >>> [ 692.940000] 3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982 >>> fqs=0 >>> [ 692.940000] (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190) >>> [ 692.940000] Task dump for CPU 1: >>> [ 692.940000] swapper/1 R running 0 0 1 0x00100000 >>> [ 692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f >>> d2f1a9fc 8045a2a4 80410000 >>> [ 692.940000] 8041275c 00000001 00000001 80412540 80412724 >>> 80410000 000010d9 800132e8 >>> [ 692.940000] 00000000 00000001 8fc60000 8fc61ec0 80410000 >>> 8005c870 1100fc03 00000001 >>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>> 8001ade0 1100fc03 00000000 >>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>> aefffbff fff77fe7 dfffffef >>> [ 692.940000] ... >>> [ 692.940000] Call Trace: >>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>> [ 692.940000] >>> [ 692.940000] Task dump for CPU 2: >>> [ 692.940000] swapper/2 R running 0 0 1 0x00100000 >>> [ 692.940000] Stack : 00000000 00000001 00000010 00000000 00000000 >>> 00010001 8045a2a4 80410000 >>> [ 692.940000] 8041275c 00000001 00000000 804125e0 80412724 >>> 80410000 00000000 800132e8 >>> [ 692.940000] 1100fc03 00000002 8fc62000 8fc63ec0 80410000 >>> 8005c870 1100fc03 00000002 >>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>> 8001ade0 1100fc03 00000000 >>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fbffbfdf >>> 7fff7b3b 7ffaeff8 67fbffff >>> [ 692.940000] ... >>> [ 692.940000] Call Trace: >>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>> [ 692.940000] >>> [ 692.940000] Task dump for CPU 3: >>> [ 692.940000] swapper/3 R running 0 0 1 0x00100000 >>> [ 692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f >>> 00000020 8045a2a4 80410000 >>> [ 692.940000] 8041275c 00000001 00000001 80412680 80412724 >>> 80410000 000010d9 800132e8 >>> [ 692.940000] 1100fc03 00000003 8fc64000 8fc65ec0 80410000 >>> 8005c870 1100fc03 00000003 >>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>> 8001ade0 1100fc03 00000000 >>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fefffbdb >>> aefffbfb fff77fe7 dfffffef >>> [ 692.940000] ... >>> [ 692.940000] Call Trace: >>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>> [ 692.940000] >>> [ 692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823 >>> f0x0 s3 ->state=0x1 >>> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: Broken >>> pipe >>> >>> >>>>> On 11/10/2016 9:06 PM, Outback Dingo wrote: >>>>> >>>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> >>>>> wrote: >>>>> >>>>> I finally got my project working. >>>>> >>>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, >>>>> so I >>>>> could prioritize applications using Cake. >>>>> >>>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/ >>>>> >>>>> NDPI integrates into IPTables, which allows me to DSCP mark packets. >>>>> Cake >>>>> reads the DiffServ markings and puts the traffic into appropriate >>>>> classes. >>>>> >>>>> I found a Makefile which successfully compiles: >>>>> >>>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile >>>>> >>>>> The system works very well. Steam traffic is deprioritized to allow >>>>> applications like YouTube, Netflix, and Skype to receive higher amounts >>>>> of >>>>> the available bandwidth. >>>>> >>>>> What I do for ingress is bridge two ports on an extra router, enable >>>>> bridge >>>>> firewalling, and create IPTables rules to mark downstream packets. The >>>>> router I use is a D-Link DGL-5500, which is comparable to an Archer C7. >>>>> >>>>> IPv6 support is not available in this netfilter module, but the IPv4 >>>>> support >>>>> is great. >>>>> >>>>> Noah Causin >>>>> >>>>> very nice.... however, can you describe a bit better how you >>>>> configured for ingress ? a second router? configuration file ? your >>>>> high level description seems a bit confusing to me >>>>> >>>>> >>>>> _______________________________________________ >>>>> Cake mailing list >>>>> Cake@lists.bufferbloat.net >>>>> https://lists.bufferbloat.net/listinfo/cake >>>>> >>>>> ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 14:22 ` Noah Causin @ 2016-11-11 14:56 ` Outback Dingo 2016-11-11 17:38 ` Outback Dingo 0 siblings, 1 reply; 18+ messages in thread From: Outback Dingo @ 2016-11-11 14:56 UTC (permalink / raw) To: Noah Causin; +Cc: cake On Fri, Nov 11, 2016 at 10:22 PM, Noah Causin <n0manletter@gmail.com> wrote: > What I would try is deleting your build source folder and start from > scratch. > > Then edit source/package/kernel/kmod-sched-cake/Makefile > > change the PKG_SOURCE_VERSION to 70169dba14daa6ef7907af9c1e922ef9f797993a > > That's the latest stable version of cake. > > https://github.com/dtaht/sch_cake/commit/70169dba14daa6ef7907af9c1e922ef9f797993a > > Appreciate the attempt to help, but it did this even prior to adding cake previously when just using loading sqm ill give it a go but i believe the issue is deeper then just cake. > > On 11/11/2016 9:08 AM, Outback Dingo wrote: >> >> On Fri, Nov 11, 2016 at 9:04 PM, Noah Causin <n0manletter@gmail.com> >> wrote: >>> >>> Do you build your firmware from the git repository? >>> >>> >> Yes it is built from a recent trunk, as of yesterday >> >> >>> On 11/10/2016 11:28 PM, Outback Dingo wrote: >>>> >>>> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com> >>>> wrote: >>>>> >>>>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> >>>>> wrote: >>>>>> >>>>>> I took an extra router I had and bridged two ports on the router's >>>>>> switch, >>>>>> so they just pass traffic. (eth0.2 and eth0.3) >>>>>> >>>>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem] >>>>>> >>>>>> The extra router is passive. It acts like it's part of the Ethernet >>>>>> cable >>>>>> between the main router and cable modem. It does not interfere. >>>>>> >>>>>> The extra router needs these packages: >>>>>> >>>>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two >>>>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi >>>>>> and >>>>>> iptables-mod-ndpi) >>>>>> >>>>>> I edited /etc/sysctl.conf and change the last two lines to this: >>>>>> >>>>>> net.bridge.bridge-nf-call-ip6tables=1 >>>>>> net.bridge.bridge-nf-call-iptables=1 >>>>>> >>>>>> This enables bridge firewalling, so the traffic between the two ports >>>>>> can be >>>>>> marked. >>>>>> >>>>>> I then added firewall rules to LuCIs custom firewall rules tab. >>>>>> >>>>>> Example Rules, modify classes as desired: >>>>>> >>>>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source >>>>>> Your >>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0 >>>>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source >>>>>> Your >>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2 >>>>>> >>>>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source >>>>>> Your >>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3 >>>>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source >>>>>> Your >>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4 >>>>>> >>>>>> Have your main router use some form of DiffServ for both upload and >>>>>> download >>>>>> on its WAN interface. For upload traffic, you just need the two >>>>>> packages >>>>>> from the makefile to be installed on the main router and create >>>>>> firewall >>>>>> rules like this: >>>>>> >>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP >>>>>> --set-dscp-class cs3 >>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP >>>>>> --set-dscp-class cs4 >>>>>> >>>>>> If you need help building a custom firmware image, just let me know. >>>>>> >>>>> Ok got it, its in-line.... right now im fighting the GFW of China >>>>> using shadowsocks and chinadns so im pretty customized already, >>>>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build >>>>> a cake and DPI image and see how that goes, maybe Ill try this >>>>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526 >>>>> router... so its ralink based >>>> >>>> like i stated on LEDE major issues when sqm is enabled.... even with >>>> cake... is nobody else seeing these issues? >>>> >>>> [ 569.020000] 1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613 >>>> fqs=1 >>>> [ 569.020000] (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573) >>>> [ 569.020000] Task dump for CPU 1: >>>> [ 569.020000] swapper/1 R running 0 0 1 0x00100000 >>>> [ 569.020000] Stack : 00000000 00000001 00000015 00000000 00000000 >>>> 00000001 8045a2a4 80410000 >>>> [ 569.020000] 8041275c 00000001 00000001 80412540 80412724 >>>> 80410000 00000000 800132e8 >>>> [ 569.020000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 >>>> 8005c870 1100fc03 00000001 >>>> [ 569.020000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>> 8001ade0 1100fc03 00000000 >>>> [ 569.020000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>>> aefffbff fff77fe7 dfffffef >>>> [ 569.020000] ... >>>> [ 569.020000] Call Trace: >>>> [ 569.020000] [<8000bba8>] __schedule+0x574/0x758 >>>> [ 569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>> [ 569.020000] >>>> [ 569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798 >>>> f0x0 s3 ->state=0x1 >>>> [ 629.130000] INFO: rcu_sched detected stalls on CPUs/tasks: >>>> [ 629.130000] 1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613 >>>> fqs=1 >>>> [ 629.130000] (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653) >>>> [ 629.130000] Task dump for CPU 1: >>>> [ 629.130000] swapper/1 R running 0 0 1 0x00100000 >>>> [ 629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081 >>>> 00000011 8045a2a4 80410000 >>>> [ 629.130000] 8041275c 00000001 00000001 80412540 80412724 >>>> 80410000 000010d9 800132e8 >>>> [ 629.130000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 >>>> 8005c870 1100fc03 00000001 >>>> [ 629.130000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>> 8001ade0 1100fc03 00000000 >>>> [ 629.130000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>>> aefffbff fff77fe7 dfffffef >>>> [ 629.130000] ... >>>> [ 629.130000] Call Trace: >>>> [ 629.130000] [<8000bba8>] __schedule+0x574/0x758 >>>> [ 629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>> [ 629.130000] >>>> [ 629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800 >>>> f0x0 s3 ->state=0x1 >>>> [ 692.940000] INFO: rcu_sched detected stalls on CPUs/tasks: >>>> [ 692.940000] 1-...: (0 ticks this GP) idle=4c2/0/0 >>>> softirq=50613/50613 fqs=0 >>>> [ 692.940000] 2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460 >>>> fqs=0 >>>> [ 692.940000] 3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982 >>>> fqs=0 >>>> [ 692.940000] (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190) >>>> [ 692.940000] Task dump for CPU 1: >>>> [ 692.940000] swapper/1 R running 0 0 1 0x00100000 >>>> [ 692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f >>>> d2f1a9fc 8045a2a4 80410000 >>>> [ 692.940000] 8041275c 00000001 00000001 80412540 80412724 >>>> 80410000 000010d9 800132e8 >>>> [ 692.940000] 00000000 00000001 8fc60000 8fc61ec0 80410000 >>>> 8005c870 1100fc03 00000001 >>>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>> 8001ade0 1100fc03 00000000 >>>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>>> aefffbff fff77fe7 dfffffef >>>> [ 692.940000] ... >>>> [ 692.940000] Call Trace: >>>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>> [ 692.940000] >>>> [ 692.940000] Task dump for CPU 2: >>>> [ 692.940000] swapper/2 R running 0 0 1 0x00100000 >>>> [ 692.940000] Stack : 00000000 00000001 00000010 00000000 00000000 >>>> 00010001 8045a2a4 80410000 >>>> [ 692.940000] 8041275c 00000001 00000000 804125e0 80412724 >>>> 80410000 00000000 800132e8 >>>> [ 692.940000] 1100fc03 00000002 8fc62000 8fc63ec0 80410000 >>>> 8005c870 1100fc03 00000002 >>>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>> 8001ade0 1100fc03 00000000 >>>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fbffbfdf >>>> 7fff7b3b 7ffaeff8 67fbffff >>>> [ 692.940000] ... >>>> [ 692.940000] Call Trace: >>>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>> [ 692.940000] >>>> [ 692.940000] Task dump for CPU 3: >>>> [ 692.940000] swapper/3 R running 0 0 1 0x00100000 >>>> [ 692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f >>>> 00000020 8045a2a4 80410000 >>>> [ 692.940000] 8041275c 00000001 00000001 80412680 80412724 >>>> 80410000 000010d9 800132e8 >>>> [ 692.940000] 1100fc03 00000003 8fc64000 8fc65ec0 80410000 >>>> 8005c870 1100fc03 00000003 >>>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>> 8001ade0 1100fc03 00000000 >>>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fefffbdb >>>> aefffbfb fff77fe7 dfffffef >>>> [ 692.940000] ... >>>> [ 692.940000] Call Trace: >>>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>> [ 692.940000] >>>> [ 692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823 >>>> f0x0 s3 ->state=0x1 >>>> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: >>>> Broken >>>> pipe >>>> >>>> >>>>>> On 11/10/2016 9:06 PM, Outback Dingo wrote: >>>>>> >>>>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> >>>>>> wrote: >>>>>> >>>>>> I finally got my project working. >>>>>> >>>>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE >>>>>> build, >>>>>> so I >>>>>> could prioritize applications using Cake. >>>>>> >>>>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/ >>>>>> >>>>>> NDPI integrates into IPTables, which allows me to DSCP mark packets. >>>>>> Cake >>>>>> reads the DiffServ markings and puts the traffic into appropriate >>>>>> classes. >>>>>> >>>>>> I found a Makefile which successfully compiles: >>>>>> >>>>>> >>>>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile >>>>>> >>>>>> The system works very well. Steam traffic is deprioritized to allow >>>>>> applications like YouTube, Netflix, and Skype to receive higher >>>>>> amounts >>>>>> of >>>>>> the available bandwidth. >>>>>> >>>>>> What I do for ingress is bridge two ports on an extra router, enable >>>>>> bridge >>>>>> firewalling, and create IPTables rules to mark downstream packets. >>>>>> The >>>>>> router I use is a D-Link DGL-5500, which is comparable to an Archer >>>>>> C7. >>>>>> >>>>>> IPv6 support is not available in this netfilter module, but the IPv4 >>>>>> support >>>>>> is great. >>>>>> >>>>>> Noah Causin >>>>>> >>>>>> very nice.... however, can you describe a bit better how you >>>>>> configured for ingress ? a second router? configuration file ? your >>>>>> high level description seems a bit confusing to me >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Cake mailing list >>>>>> Cake@lists.bufferbloat.net >>>>>> https://lists.bufferbloat.net/listinfo/cake >>>>>> >>>>>> > ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 14:56 ` Outback Dingo @ 2016-11-11 17:38 ` Outback Dingo 2016-11-11 18:36 ` Jonathan Morton 0 siblings, 1 reply; 18+ messages in thread From: Outback Dingo @ 2016-11-11 17:38 UTC (permalink / raw) To: Noah Causin; +Cc: cake On Fri, Nov 11, 2016 at 10:56 PM, Outback Dingo <outbackdingo@gmail.com> wrote: > On Fri, Nov 11, 2016 at 10:22 PM, Noah Causin <n0manletter@gmail.com> wrote: >> What I would try is deleting your build source folder and start from >> scratch. >> >> Then edit source/package/kernel/kmod-sched-cake/Makefile >> >> change the PKG_SOURCE_VERSION to 70169dba14daa6ef7907af9c1e922ef9f797993a >> >> That's the latest stable version of cake. >> >> https://github.com/dtaht/sch_cake/commit/70169dba14daa6ef7907af9c1e922ef9f797993a >> >> > > Appreciate the attempt to help, but it did this even prior to adding > cake previously when just using loading sqm > ill give it a go but i believe the issue is deeper then just cake. like I stated made the changes and still seeing issues [ 149.490000] INFO: rcu_sched detected stalls on CPUs/tasks: [ 149.490000] 3-...: (0 ticks this GP) idle=b7c/0/0 softirq=3733/3733 fqs=0 [ 149.500000] (detected by 1, t=6003 jiffies, g=1039, c=1038, q=10655) [ 149.500000] Task dump for CPU 3: [ 149.510000] swapper/3 R running 0 0 1 0x00100000 [ 149.510000] Stack : 00000000 00005ac7 8e049880 7ffdecec 00000000 80418a90 8045a2a4 80410000 [ 149.510000] 8041275c 00000001 00000001 80412680 80412724 80410000 00000000 800132e8 [ 149.510000] 00000000 00000001 8fc64000 8fc65ec0 80410000 8005c870 1100fc03 00000003 [ 149.510000] 00000000 80410000 8045a2a4 8005c868 80410000 8001ade0 1100fc03 00000000 [ 149.510000] 00000004 804124a0 000000a0 8001ade8 fefffbdb aefffbfb fff77fe7 dfffffef [ 149.510000] ... [ 149.550000] Call Trace: [ 149.550000] [<8000bba8>] __schedule+0x574/0x758 [ 149.560000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 [ 149.560000] [ 149.560000] rcu_sched kthread starved for 6009 jiffies! g1039 c1038 f0x0 s3 ->state=0x1 [ 1326.670000] INFO: rcu_sched detected stalls on CPUs/tasks: [ 1326.670000] 2-...: (0 ticks this GP) idle=998/0/0 softirq=56566/56566 fqs=0 [ 1326.680000] (detected by 1, t=6003 jiffies, g=14603, c=14602, q=9455) [ 1326.680000] Task dump for CPU 2: [ 1326.690000] swapper/2 R running 0 0 1 0x00100000 [ 1326.690000] Stack : 00000000 00000001 0000000a 00000000 00000000 00000001 8045a2a4 80410000 [ 1326.690000] 8041275c 00000001 00000000 804125e0 80412724 80410000 00000000 800132e8 [ 1326.690000] 1100fc03 00000002 8fc62000 8fc63ec0 80410000 8005c870 1100fc03 00000002 [ 1326.690000] 00000000 80410000 8045a2a4 8005c868 80410000 8001ade0 1100fc03 00000000 [ 1326.690000] 00000004 804124a0 000000a0 8001ade8 fbffbfdf 7fff7b3b 7ffaeff8 67fbffff [ 1326.690000] ... [ 1326.730000] Call Trace: [ 1326.730000] [<8000bba8>] __schedule+0x574/0x758 [ 1326.740000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 [ 1326.740000] [ 1326.740000] rcu_sched kthread starved for 6009 jiffies! g14603 c14602 f0x0 s3 ->state=0x1 [ 1392.200000] INFO: rcu_sched detected stalls on CPUs/tasks: [ 1392.200000] 2-...: (0 ticks this GP) idle=c80/0/0 softirq=56566/56566 fqs=0 [ 1392.210000] (detected by 3, t=6003 jiffies, g=14669, c=14668, q=11973) [ 1392.210000] Task dump for CPU 2: [ 1392.220000] swapper/2 R running 0 0 1 0x00100000 [ 1392.220000] Stack : 00000000 4e88ab25 00000148 ffffffff 0000011d 773206f0 8045a2a4 80410000 [ 1392.220000] 8041275c 00000001 00000000 804125e0 80412724 80410000 000010d9 800132e8 [ 1392.220000] 1100fc03 00000002 8fc62000 8fc63ec0 80410000 8005c870 1100fc03 00000002 [ 1392.220000] 00000000 80410000 8045a2a4 8005c868 80410000 8001ade0 1100fc03 00000000 [ 1392.220000] 00000004 804124a0 000000a0 8001ade8 fbffbfdf 7fff7b3b 7ffaeff8 67fbffff [ 1392.220000] ... [ 1392.260000] Call Trace: [ 1392.260000] [<8000bba8>] __schedule+0x574/0x758 [ 1392.270000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 [ 1392.270000] [ 1392.270000] rcu_sched kthread starved for 6009 jiffies! g14669 c14668 f0x0 s3 ->state=0x1 > > >> >> On 11/11/2016 9:08 AM, Outback Dingo wrote: >>> >>> On Fri, Nov 11, 2016 at 9:04 PM, Noah Causin <n0manletter@gmail.com> >>> wrote: >>>> >>>> Do you build your firmware from the git repository? >>>> >>>> >>> Yes it is built from a recent trunk, as of yesterday >>> >>> >>>> On 11/10/2016 11:28 PM, Outback Dingo wrote: >>>>> >>>>> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com> >>>>> wrote: >>>>>> >>>>>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> >>>>>> wrote: >>>>>>> >>>>>>> I took an extra router I had and bridged two ports on the router's >>>>>>> switch, >>>>>>> so they just pass traffic. (eth0.2 and eth0.3) >>>>>>> >>>>>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem] >>>>>>> >>>>>>> The extra router is passive. It acts like it's part of the Ethernet >>>>>>> cable >>>>>>> between the main router and cable modem. It does not interfere. >>>>>>> >>>>>>> The extra router needs these packages: >>>>>>> >>>>>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two >>>>>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi >>>>>>> and >>>>>>> iptables-mod-ndpi) >>>>>>> >>>>>>> I edited /etc/sysctl.conf and change the last two lines to this: >>>>>>> >>>>>>> net.bridge.bridge-nf-call-ip6tables=1 >>>>>>> net.bridge.bridge-nf-call-iptables=1 >>>>>>> >>>>>>> This enables bridge firewalling, so the traffic between the two ports >>>>>>> can be >>>>>>> marked. >>>>>>> >>>>>>> I then added firewall rules to LuCIs custom firewall rules tab. >>>>>>> >>>>>>> Example Rules, modify classes as desired: >>>>>>> >>>>>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source >>>>>>> Your >>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0 >>>>>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source >>>>>>> Your >>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2 >>>>>>> >>>>>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source >>>>>>> Your >>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3 >>>>>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source >>>>>>> Your >>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4 >>>>>>> >>>>>>> Have your main router use some form of DiffServ for both upload and >>>>>>> download >>>>>>> on its WAN interface. For upload traffic, you just need the two >>>>>>> packages >>>>>>> from the makefile to be installed on the main router and create >>>>>>> firewall >>>>>>> rules like this: >>>>>>> >>>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP >>>>>>> --set-dscp-class cs3 >>>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP >>>>>>> --set-dscp-class cs4 >>>>>>> >>>>>>> If you need help building a custom firmware image, just let me know. >>>>>>> >>>>>> Ok got it, its in-line.... right now im fighting the GFW of China >>>>>> using shadowsocks and chinadns so im pretty customized already, >>>>>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build >>>>>> a cake and DPI image and see how that goes, maybe Ill try this >>>>>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526 >>>>>> router... so its ralink based >>>>> >>>>> like i stated on LEDE major issues when sqm is enabled.... even with >>>>> cake... is nobody else seeing these issues? >>>>> >>>>> [ 569.020000] 1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613 >>>>> fqs=1 >>>>> [ 569.020000] (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573) >>>>> [ 569.020000] Task dump for CPU 1: >>>>> [ 569.020000] swapper/1 R running 0 0 1 0x00100000 >>>>> [ 569.020000] Stack : 00000000 00000001 00000015 00000000 00000000 >>>>> 00000001 8045a2a4 80410000 >>>>> [ 569.020000] 8041275c 00000001 00000001 80412540 80412724 >>>>> 80410000 00000000 800132e8 >>>>> [ 569.020000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 >>>>> 8005c870 1100fc03 00000001 >>>>> [ 569.020000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>>> 8001ade0 1100fc03 00000000 >>>>> [ 569.020000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>>>> aefffbff fff77fe7 dfffffef >>>>> [ 569.020000] ... >>>>> [ 569.020000] Call Trace: >>>>> [ 569.020000] [<8000bba8>] __schedule+0x574/0x758 >>>>> [ 569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>>> [ 569.020000] >>>>> [ 569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798 >>>>> f0x0 s3 ->state=0x1 >>>>> [ 629.130000] INFO: rcu_sched detected stalls on CPUs/tasks: >>>>> [ 629.130000] 1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613 >>>>> fqs=1 >>>>> [ 629.130000] (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653) >>>>> [ 629.130000] Task dump for CPU 1: >>>>> [ 629.130000] swapper/1 R running 0 0 1 0x00100000 >>>>> [ 629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081 >>>>> 00000011 8045a2a4 80410000 >>>>> [ 629.130000] 8041275c 00000001 00000001 80412540 80412724 >>>>> 80410000 000010d9 800132e8 >>>>> [ 629.130000] 1100fc03 00000001 8fc60000 8fc61ec0 80410000 >>>>> 8005c870 1100fc03 00000001 >>>>> [ 629.130000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>>> 8001ade0 1100fc03 00000000 >>>>> [ 629.130000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>>>> aefffbff fff77fe7 dfffffef >>>>> [ 629.130000] ... >>>>> [ 629.130000] Call Trace: >>>>> [ 629.130000] [<8000bba8>] __schedule+0x574/0x758 >>>>> [ 629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>>> [ 629.130000] >>>>> [ 629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800 >>>>> f0x0 s3 ->state=0x1 >>>>> [ 692.940000] INFO: rcu_sched detected stalls on CPUs/tasks: >>>>> [ 692.940000] 1-...: (0 ticks this GP) idle=4c2/0/0 >>>>> softirq=50613/50613 fqs=0 >>>>> [ 692.940000] 2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460 >>>>> fqs=0 >>>>> [ 692.940000] 3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982 >>>>> fqs=0 >>>>> [ 692.940000] (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190) >>>>> [ 692.940000] Task dump for CPU 1: >>>>> [ 692.940000] swapper/1 R running 0 0 1 0x00100000 >>>>> [ 692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f >>>>> d2f1a9fc 8045a2a4 80410000 >>>>> [ 692.940000] 8041275c 00000001 00000001 80412540 80412724 >>>>> 80410000 000010d9 800132e8 >>>>> [ 692.940000] 00000000 00000001 8fc60000 8fc61ec0 80410000 >>>>> 8005c870 1100fc03 00000001 >>>>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>>> 8001ade0 1100fc03 00000000 >>>>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fe9ff9db >>>>> aefffbff fff77fe7 dfffffef >>>>> [ 692.940000] ... >>>>> [ 692.940000] Call Trace: >>>>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>>>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>>> [ 692.940000] >>>>> [ 692.940000] Task dump for CPU 2: >>>>> [ 692.940000] swapper/2 R running 0 0 1 0x00100000 >>>>> [ 692.940000] Stack : 00000000 00000001 00000010 00000000 00000000 >>>>> 00010001 8045a2a4 80410000 >>>>> [ 692.940000] 8041275c 00000001 00000000 804125e0 80412724 >>>>> 80410000 00000000 800132e8 >>>>> [ 692.940000] 1100fc03 00000002 8fc62000 8fc63ec0 80410000 >>>>> 8005c870 1100fc03 00000002 >>>>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>>> 8001ade0 1100fc03 00000000 >>>>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fbffbfdf >>>>> 7fff7b3b 7ffaeff8 67fbffff >>>>> [ 692.940000] ... >>>>> [ 692.940000] Call Trace: >>>>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>>>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>>> [ 692.940000] >>>>> [ 692.940000] Task dump for CPU 3: >>>>> [ 692.940000] swapper/3 R running 0 0 1 0x00100000 >>>>> [ 692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f >>>>> 00000020 8045a2a4 80410000 >>>>> [ 692.940000] 8041275c 00000001 00000001 80412680 80412724 >>>>> 80410000 000010d9 800132e8 >>>>> [ 692.940000] 1100fc03 00000003 8fc64000 8fc65ec0 80410000 >>>>> 8005c870 1100fc03 00000003 >>>>> [ 692.940000] 00000000 80410000 8045a2a4 8005c868 80410000 >>>>> 8001ade0 1100fc03 00000000 >>>>> [ 692.940000] 00000004 804124a0 000000a0 8001ade8 fefffbdb >>>>> aefffbfb fff77fe7 dfffffef >>>>> [ 692.940000] ... >>>>> [ 692.940000] Call Trace: >>>>> [ 692.940000] [<8000bba8>] __schedule+0x574/0x758 >>>>> [ 692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20 >>>>> [ 692.940000] >>>>> [ 692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823 >>>>> f0x0 s3 ->state=0x1 >>>>> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: >>>>> Broken >>>>> pipe >>>>> >>>>> >>>>>>> On 11/10/2016 9:06 PM, Outback Dingo wrote: >>>>>>> >>>>>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>> I finally got my project working. >>>>>>> >>>>>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE >>>>>>> build, >>>>>>> so I >>>>>>> could prioritize applications using Cake. >>>>>>> >>>>>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/ >>>>>>> >>>>>>> NDPI integrates into IPTables, which allows me to DSCP mark packets. >>>>>>> Cake >>>>>>> reads the DiffServ markings and puts the traffic into appropriate >>>>>>> classes. >>>>>>> >>>>>>> I found a Makefile which successfully compiles: >>>>>>> >>>>>>> >>>>>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile >>>>>>> >>>>>>> The system works very well. Steam traffic is deprioritized to allow >>>>>>> applications like YouTube, Netflix, and Skype to receive higher >>>>>>> amounts >>>>>>> of >>>>>>> the available bandwidth. >>>>>>> >>>>>>> What I do for ingress is bridge two ports on an extra router, enable >>>>>>> bridge >>>>>>> firewalling, and create IPTables rules to mark downstream packets. >>>>>>> The >>>>>>> router I use is a D-Link DGL-5500, which is comparable to an Archer >>>>>>> C7. >>>>>>> >>>>>>> IPv6 support is not available in this netfilter module, but the IPv4 >>>>>>> support >>>>>>> is great. >>>>>>> >>>>>>> Noah Causin >>>>>>> >>>>>>> very nice.... however, can you describe a bit better how you >>>>>>> configured for ingress ? a second router? configuration file ? your >>>>>>> high level description seems a bit confusing to me >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Cake mailing list >>>>>>> Cake@lists.bufferbloat.net >>>>>>> https://lists.bufferbloat.net/listinfo/cake >>>>>>> >>>>>>> >> ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 17:38 ` Outback Dingo @ 2016-11-11 18:36 ` Jonathan Morton 2016-11-12 9:06 ` Outback Dingo 0 siblings, 1 reply; 18+ messages in thread From: Jonathan Morton @ 2016-11-11 18:36 UTC (permalink / raw) To: Outback Dingo; +Cc: Noah Causin, cake [-- Attachment #1: Type: text/plain, Size: 186 bytes --] Looks like the task that's stalling is the swapper. That could point to an inappropriate swap device or too much memory being used. Can you give the relevant stats? - Jonathan Morton [-- Attachment #2: Type: text/html, Size: 234 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 18:36 ` Jonathan Morton @ 2016-11-12 9:06 ` Outback Dingo 2016-11-12 14:51 ` Jonathan Morton 0 siblings, 1 reply; 18+ messages in thread From: Outback Dingo @ 2016-11-12 9:06 UTC (permalink / raw) To: Jonathan Morton; +Cc: Noah Causin, cake well not sure what stats you want... just for kicks and giggles though i created an identical openwrt build for the same router on kernel 4.4.14 seems stable enough...... this is from the running system, as i typed this i did hit another INFO: rcu_sched detected stalls on CPUs/tasks: tc -s qdisc show qdisc noqueue 0: dev lo root refcnt 2 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc fq_codel 0: dev eth0 root refcnt 2 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 27945112 bytes 54152 pkt (dropped 0, overlimits 0 requeues 3) backlog 0b 0p requeues 3 maxpacket 1506 drop_overlimit 0 new_flow_count 227 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc noqueue 0: dev br-lan root refcnt 2 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc noqueue 0: dev eth0.1 root refcnt 2 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc cake 800a: dev eth0.2 root refcnt 2 bandwidth 100Mbit diffserv4 flows rtt 100.0ms raw Sent 7656207 bytes 29112 pkt (dropped 0, overlimits 2763 requeues 0) backlog 0b 0p requeues 0 memory used: 30496b of 5000000b capacity estimate: 100Mbit Bulk Best Effort Video Voice thresh 100Mbit 93750Kbit 75Mbit 25Mbit target 5.0ms 5.0ms 5.0ms 5.0ms interval 100.0ms 100.0ms 100.0ms 100.0ms pk_delay 0us 1.3ms 13us 0us av_delay 0us 164us 0us 0us sp_delay 0us 76us 0us 0us pkts 0 29094 18 0 bytes 0 7654587 1620 0 way_inds 0 273 0 0 way_miss 0 4395 18 0 way_cols 0 0 0 0 drops 0 0 0 0 marks 0 0 0 0 sp_flows 0 1 0 0 bk_flows 0 1 0 0 un_flows 0 0 0 0 max_len 0 8964 90 0 qdisc ingress ffff: dev eth0.2 parent ffff:fff1 ---------------- Sent 19329083 bytes 21990 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc mq 0: dev wlan1 root Sent 42420 bytes 220 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc fq_codel 0: dev wlan1 parent :1 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 648 bytes 3 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc fq_codel 0: dev wlan1 parent :2 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc fq_codel 0: dev wlan1 parent :3 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 41772 bytes 217 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc fq_codel 0: dev wlan1 parent :4 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc mq 0: dev wlan0 root Sent 4409 bytes 41 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc fq_codel 0: dev wlan0 parent :1 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc fq_codel 0: dev wlan0 parent :2 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc fq_codel 0: dev wlan0 parent :3 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 4409 bytes 41 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc fq_codel 0: dev wlan0 parent :4 limit 1024p flows 128 quantum 1514 target 5.0ms interval 100.0ms ecn Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc fq_codel 0: dev zt0 root refcnt 2 limit 1024p flows 128 quantum 2814 target 5.0ms interval 100.0ms ecn Sent 738 bytes 7 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0 new_flows_len 0 old_flows_len 0 qdisc cake 800b: dev ifb4eth0.2 root refcnt 2 bandwidth 185Mbit besteffort flows rtt 100.0ms raw Sent 19683131 bytes 21990 pkt (dropped 0, overlimits 3357 requeues 0) backlog 0b 0p requeues 0 memory used: 17344b of 9250000b capacity estimate: 185Mbit Tin 0 thresh 185Mbit target 5.0ms interval 100.0ms pk_delay 102us av_delay 16us sp_delay 2us pkts 21990 bytes 19683131 way_inds 126 way_miss 1918 way_cols 0 drops 0 marks 0 sp_flows 0 bk_flows 1 un_flows 0 max_len 8976 Mem: 48476K used, 466248K free, 584K shrd, 4160K buff, 11488K cached CPU: 0% usr 0% sys 0% nic 99% idle 0% io 0% irq 0% sirq Load average: 0.65 0.28 0.10 2/94 2791 On Sat, Nov 12, 2016 at 2:36 AM, Jonathan Morton <chromatix99@gmail.com> wrote: > Looks like the task that's stalling is the swapper. That could point to an > inappropriate swap device or too much memory being used. Can you give the > relevant stats? > > - Jonathan Morton ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-12 9:06 ` Outback Dingo @ 2016-11-12 14:51 ` Jonathan Morton 2016-11-13 8:28 ` Outback Dingo 0 siblings, 1 reply; 18+ messages in thread From: Jonathan Morton @ 2016-11-12 14:51 UTC (permalink / raw) To: Outback Dingo; +Cc: Noah Causin, cake [-- Attachment #1: Type: text/plain, Size: 300 bytes --] Seems to have plenty of memory free, so it's not actually the swapper. It could be that's just the default PID used when there isn't a result identifiable process to finger. So instead we might be looking at too much time spent in interrupt state. That's always fun to diagnose. - Jonathan Morton [-- Attachment #2: Type: text/html, Size: 376 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-12 14:51 ` Jonathan Morton @ 2016-11-13 8:28 ` Outback Dingo 2017-01-16 19:47 ` Dave Taht 0 siblings, 1 reply; 18+ messages in thread From: Outback Dingo @ 2016-11-13 8:28 UTC (permalink / raw) To: Jonathan Morton; +Cc: Noah Causin, cake On Sat, Nov 12, 2016 at 10:51 PM, Jonathan Morton <chromatix99@gmail.com> wrote: > Seems to have plenty of memory free, so it's not actually the swapper. It > could be that's just the default PID used when there isn't a result > identifiable process to finger. > > So instead we might be looking at too much time spent in interrupt state. > That's always fun to diagnose. welp no joy then... cant use sqm.... spontaneous reboots pretty often.... sometimes in less then 5 minutes damn...... > > - Jonathan Morton ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-13 8:28 ` Outback Dingo @ 2017-01-16 19:47 ` Dave Taht 2018-07-30 13:16 ` Outback Dingo 0 siblings, 1 reply; 18+ messages in thread From: Dave Taht @ 2017-01-16 19:47 UTC (permalink / raw) To: Outback Dingo; +Cc: Jonathan Morton, cake I'm curious - is this all better now? Did the NDPI code make it into lede mainline? On Sun, Nov 13, 2016 at 12:28 AM, Outback Dingo <outbackdingo@gmail.com> wrote: > On Sat, Nov 12, 2016 at 10:51 PM, Jonathan Morton <chromatix99@gmail.com> wrote: >> Seems to have plenty of memory free, so it's not actually the swapper. It >> could be that's just the default PID used when there isn't a result >> identifiable process to finger. >> >> So instead we might be looking at too much time spent in interrupt state. >> That's always fun to diagnose. > > welp no joy then... cant use sqm.... spontaneous reboots pretty > often.... sometimes in less then 5 minutes > damn...... > >> >> - Jonathan Morton > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake -- Dave Täht Let's go make home routers and wifi faster! With better software! http://blog.cerowrt.org ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2017-01-16 19:47 ` Dave Taht @ 2018-07-30 13:16 ` Outback Dingo 0 siblings, 0 replies; 18+ messages in thread From: Outback Dingo @ 2018-07-30 13:16 UTC (permalink / raw) To: dave.taht; +Cc: chromatix99, cake well... i did pick this back upo this week to see if it could be rounded out and submitted, if anyoone knoows different let me know On Mon, Jan 16, 2017 at 8:47 PM Dave Taht <dave.taht@gmail.com> wrote: > > I'm curious - is this all better now? > > Did the NDPI code make it into lede mainline? > > On Sun, Nov 13, 2016 at 12:28 AM, Outback Dingo <outbackdingo@gmail.com> wrote: > > On Sat, Nov 12, 2016 at 10:51 PM, Jonathan Morton <chromatix99@gmail.com> wrote: > >> Seems to have plenty of memory free, so it's not actually the swapper. It > >> could be that's just the default PID used when there isn't a result > >> identifiable process to finger. > >> > >> So instead we might be looking at too much time spent in interrupt state. > >> That's always fun to diagnose. > > > > welp no joy then... cant use sqm.... spontaneous reboots pretty > > often.... sometimes in less then 5 minutes > > damn...... > > > >> > >> - Jonathan Morton > > _______________________________________________ > > Cake mailing list > > Cake@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/cake > > > > -- > Dave Täht > Let's go make home routers and wifi faster! With better software! > http://blog.cerowrt.org ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 1:55 [Cake] Cake with Deep Packet Inspection Noah Causin 2016-11-11 2:06 ` Outback Dingo @ 2016-11-11 3:15 ` Konstantin Shalygin 2016-11-11 3:38 ` Noah Causin 1 sibling, 1 reply; 18+ messages in thread From: Konstantin Shalygin @ 2016-11-11 3:15 UTC (permalink / raw) To: cake [-- Attachment #1: Type: text/plain, Size: 318 bytes --] What is the difference between this and implementation of thisipt_ndpi (https://github.com/vel21ripn/nDPI) ? On 11/11/2016 08:55 AM, Noah Causin wrote: > integrated the NDPI Deep Packet Inspection engine into my LEDE build, > so I could prioritize applications using Cake. -- Best regards, Konstantin Shalygin [-- Attachment #2: Type: text/html, Size: 1008 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [Cake] Cake with Deep Packet Inspection 2016-11-11 3:15 ` Konstantin Shalygin @ 2016-11-11 3:38 ` Noah Causin 0 siblings, 0 replies; 18+ messages in thread From: Noah Causin @ 2016-11-11 3:38 UTC (permalink / raw) To: cake [-- Attachment #1: Type: text/plain, Size: 1000 bytes --] The Makefile I referred to uses this repository: https://github.com/betolj/ndpi-netfilter/commits/master The one you mentioned seems like it supports IPv6. The author said he would backport newer protocols: https://github.com/vel21ripn/nDPI/issues/7 It has the ability to read DHT messages in the BitTorrent protocol to detected encrypted data, and it is supposed to have a smaller memory footprint. A LEDE Makefile for this repository would be useful. On 11/10/2016 10:15 PM, Konstantin Shalygin wrote: > > What is the difference between this and implementation of thisipt_ndpi > (https://github.com/vel21ripn/nDPI) ? > > > On 11/11/2016 08:55 AM, Noah Causin wrote: >> integrated the NDPI Deep Packet Inspection engine into my LEDE build, >> so I could prioritize applications using Cake. > > -- > Best regards, > Konstantin Shalygin > > > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake [-- Attachment #2: Type: text/html, Size: 2533 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2018-07-30 13:17 UTC | newest] Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-11-11 1:55 [Cake] Cake with Deep Packet Inspection Noah Causin 2016-11-11 2:06 ` Outback Dingo 2016-11-11 2:42 ` Noah Causin 2016-11-11 2:52 ` Outback Dingo 2016-11-11 4:28 ` Outback Dingo 2016-11-11 13:04 ` Noah Causin 2016-11-11 14:08 ` Outback Dingo 2016-11-11 14:22 ` Noah Causin 2016-11-11 14:56 ` Outback Dingo 2016-11-11 17:38 ` Outback Dingo 2016-11-11 18:36 ` Jonathan Morton 2016-11-12 9:06 ` Outback Dingo 2016-11-12 14:51 ` Jonathan Morton 2016-11-13 8:28 ` Outback Dingo 2017-01-16 19:47 ` Dave Taht 2018-07-30 13:16 ` Outback Dingo 2016-11-11 3:15 ` Konstantin Shalygin 2016-11-11 3:38 ` Noah Causin
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox