[Cake] Cake with Deep Packet Inspection

[Cake] Cake with Deep Packet Inspection

[Noah Causin]

I finally got my project working.

I integrated the NDPI Deep Packet Inspection engine into my LEDE build, 
so I could prioritize applications using Cake.

http://www.ntop.org/products/deep-packet-inspection/ndpi/

NDPI integrates into IPTables, which allows me to DSCP mark packets.  
Cake reads the DiffServ markings and puts the traffic into appropriate 
classes.

I found a Makefile which successfully compiles: 
https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile

The system works very well.  Steam traffic is deprioritized to allow 
applications like YouTube, Netflix, and Skype to receive higher amounts 
of the available bandwidth.

What I do for ingress is bridge two ports on an extra router, enable 
bridge firewalling, and create IPTables rules to mark downstream 
packets.  The router I use is a D-Link DGL-5500, which is comparable to 
an Archer C7.

IPv6 support is not available in this netfilter module, but the IPv4 
support is great.

Noah Causin

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote:
> I finally got my project working.
>
> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I
> could prioritize applications using Cake.
>
> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>
> NDPI integrates into IPTables, which allows me to DSCP mark packets.  Cake
> reads the DiffServ markings and puts the traffic into appropriate classes.
>
> I found a Makefile which successfully compiles:
> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>
> The system works very well.  Steam traffic is deprioritized to allow
> applications like YouTube, Netflix, and Skype to receive higher amounts of
> the available bandwidth.
>
> What I do for ingress is bridge two ports on an extra router, enable bridge
> firewalling, and create IPTables rules to mark downstream packets.  The
> router I use is a D-Link DGL-5500, which is comparable to an Archer C7.
>
> IPv6 support is not available in this netfilter module, but the IPv4 support
> is great.
>
> Noah Causin

very nice.... however, can you describe a bit better how you
configured for ingress ? a second router?  configuration file ? your
high level description seems a bit confusing to me


> _______________________________________________
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake

Re: [Cake] Cake with Deep Packet Inspection

[Noah Causin]

[-- Attachment #1: Type: text/plain, Size: 3441 bytes --]

I took an extra router I had and bridged two ports on the router's 
switch, so they just pass traffic. (eth0.2 and eth0.3)

Clients >-[Main Router] --[Extra Router]--[Cable-Modem]

The extra router is passive.  It acts like it's part of the Ethernet 
cable between the main router and cable modem.  It does not interfere.

The extra router needs these packages:

kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two 
packages compiled from the Makefile I showed below (iptables-mod-ndpi 
and iptables-mod-ndpi)

I edited /etc/sysctl.conf and change the last two lines to this:

net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1

This enables bridge firewalling, so the traffic between the two ports 
can be marked.

I then added firewall rules to LuCIs custom firewall rules tab.

Example Rules, modify classes as desired:

iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source 
*Your Main Router's Mac Address* -j DSCP --set-dscp-class cs0
iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source 
*Your Main Router's Mac Address* -j DSCP --set-dscp-class cs2

iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source 
*Your Main Router's Mac Address* -j DSCP --set-dscp-class cs3
iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source 
*Your Main Router's Mac Address* -j DSCP --set-dscp-class cs4

Have your main router use some form of DiffServ for both upload and 
download on its WAN interface.  For upload traffic, you just need the 
two packages from the makefile to be installed on the main router and 
create firewall rules like this:

iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP 
--set-dscp-class cs3
iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP 
--set-dscp-class cs4

If you need help building a custom firmware image, just let me know.


On 11/10/2016 9:06 PM, Outback Dingo wrote:
> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote:
>> I finally got my project working.
>>
>> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I
>> could prioritize applications using Cake.
>>
>> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>>
>> NDPI integrates into IPTables, which allows me to DSCP mark packets.  Cake
>> reads the DiffServ markings and puts the traffic into appropriate classes.
>>
>> I found a Makefile which successfully compiles:
>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>>
>> The system works very well.  Steam traffic is deprioritized to allow
>> applications like YouTube, Netflix, and Skype to receive higher amounts of
>> the available bandwidth.
>>
>> What I do for ingress is bridge two ports on an extra router, enable bridge
>> firewalling, and create IPTables rules to mark downstream packets.  The
>> router I use is a D-Link DGL-5500, which is comparable to an Archer C7.
>>
>> IPv6 support is not available in this netfilter module, but the IPv4 support
>> is great.
>>
>> Noah Causin
> very nice.... however, can you describe a bit better how you
> configured for ingress ? a second router?  configuration file ? your
> high level description seems a bit confusing to me
>
>
>> _______________________________________________
>> Cake mailing list
>> Cake@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cake


[-- Attachment #2: Type: text/html, Size: 5278 bytes --]

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> wrote:
> I took an extra router I had and bridged two ports on the router's switch,
> so they just pass traffic. (eth0.2 and eth0.3)
>
> Clients >-[Main Router] --[Extra Router]--[Cable-Modem]
>
> The extra router is passive.  It acts like it's part of the Ethernet cable
> between the main router and cable modem.  It does not interfere.
>
> The extra router needs these packages:
>
> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two
> packages compiled from the Makefile I showed below (iptables-mod-ndpi and
> iptables-mod-ndpi)
>
> I edited /etc/sysctl.conf and change the last two lines to this:
>
> net.bridge.bridge-nf-call-ip6tables=1
> net.bridge.bridge-nf-call-iptables=1
>
> This enables bridge firewalling, so the traffic between the two ports can be
> marked.
>
> I then added firewall rules to LuCIs custom firewall rules tab.
>
> Example Rules, modify classes as desired:
>
> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your
> Main Router's Mac Address -j DSCP --set-dscp-class cs0
> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source Your
> Main Router's Mac Address -j DSCP --set-dscp-class cs2
>
> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source Your
> Main Router's Mac Address -j DSCP --set-dscp-class cs3
> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your
> Main Router's Mac Address -j DSCP --set-dscp-class cs4
>
> Have your main router use some form of DiffServ for both upload and download
> on its WAN interface.  For upload traffic, you just need the two packages
> from the makefile to be installed on the main router and create firewall
> rules like this:
>
> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP
> --set-dscp-class cs3
> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP
> --set-dscp-class cs4
>
> If you need help building a custom firmware image, just let me know.
>

Ok got it, its in-line.... right now im fighting the GFW of China
using shadowsocks and chinadns so im pretty customized already,
i was having issues with sqm and kernel segfaults on 4.4.30 ill build
a cake and DPI image and see how that goes, maybe Ill try this
after i deem sqm is stable with cake on this build. It a ZBT-WG3526
router... so its ralink based

>
> On 11/10/2016 9:06 PM, Outback Dingo wrote:
>
> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote:
>
> I finally got my project working.
>
> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I
> could prioritize applications using Cake.
>
> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>
> NDPI integrates into IPTables, which allows me to DSCP mark packets.  Cake
> reads the DiffServ markings and puts the traffic into appropriate classes.
>
> I found a Makefile which successfully compiles:
> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>
> The system works very well.  Steam traffic is deprioritized to allow
> applications like YouTube, Netflix, and Skype to receive higher amounts of
> the available bandwidth.
>
> What I do for ingress is bridge two ports on an extra router, enable bridge
> firewalling, and create IPTables rules to mark downstream packets.  The
> router I use is a D-Link DGL-5500, which is comparable to an Archer C7.
>
> IPv6 support is not available in this netfilter module, but the IPv4 support
> is great.
>
> Noah Causin
>
> very nice.... however, can you describe a bit better how you
> configured for ingress ? a second router?  configuration file ? your
> high level description seems a bit confusing to me
>
>
> _______________________________________________
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake
>
>

Re: [Cake] Cake with Deep Packet Inspection

[Konstantin Shalygin]

[-- Attachment #1: Type: text/plain, Size: 318 bytes --]

What is the difference between this and implementation of thisipt_ndpi 
(https://github.com/vel21ripn/nDPI) ?


On 11/11/2016 08:55 AM, Noah Causin wrote:
> integrated the NDPI Deep Packet Inspection engine into my LEDE build, 
> so I could prioritize applications using Cake. 

-- 
Best regards,
Konstantin Shalygin


[-- Attachment #2: Type: text/html, Size: 1008 bytes --]

Re: [Cake] Cake with Deep Packet Inspection

[Noah Causin]

[-- Attachment #1: Type: text/plain, Size: 1000 bytes --]

The Makefile I referred to uses this repository: 
https://github.com/betolj/ndpi-netfilter/commits/master

The one you mentioned seems like it supports IPv6.  The author said he 
would backport newer protocols: https://github.com/vel21ripn/nDPI/issues/7

It has the ability to read DHT messages in the BitTorrent protocol to 
detected encrypted data, and it is supposed to have a smaller memory 
footprint.

A LEDE Makefile for this repository would be useful.


On 11/10/2016 10:15 PM, Konstantin Shalygin wrote:
>
> What is the difference between this and implementation of thisipt_ndpi 
> (https://github.com/vel21ripn/nDPI) ?
>
>
> On 11/11/2016 08:55 AM, Noah Causin wrote:
>> integrated the NDPI Deep Packet Inspection engine into my LEDE build, 
>> so I could prioritize applications using Cake. 
>
> -- 
> Best regards,
> Konstantin Shalygin
>
>
> _______________________________________________
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake


[-- Attachment #2: Type: text/html, Size: 2533 bytes --]

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> wrote:
>> I took an extra router I had and bridged two ports on the router's switch,
>> so they just pass traffic. (eth0.2 and eth0.3)
>>
>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem]
>>
>> The extra router is passive.  It acts like it's part of the Ethernet cable
>> between the main router and cable modem.  It does not interfere.
>>
>> The extra router needs these packages:
>>
>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two
>> packages compiled from the Makefile I showed below (iptables-mod-ndpi and
>> iptables-mod-ndpi)
>>
>> I edited /etc/sysctl.conf and change the last two lines to this:
>>
>> net.bridge.bridge-nf-call-ip6tables=1
>> net.bridge.bridge-nf-call-iptables=1
>>
>> This enables bridge firewalling, so the traffic between the two ports can be
>> marked.
>>
>> I then added firewall rules to LuCIs custom firewall rules tab.
>>
>> Example Rules, modify classes as desired:
>>
>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your
>> Main Router's Mac Address -j DSCP --set-dscp-class cs0
>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source Your
>> Main Router's Mac Address -j DSCP --set-dscp-class cs2
>>
>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source Your
>> Main Router's Mac Address -j DSCP --set-dscp-class cs3
>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your
>> Main Router's Mac Address -j DSCP --set-dscp-class cs4
>>
>> Have your main router use some form of DiffServ for both upload and download
>> on its WAN interface.  For upload traffic, you just need the two packages
>> from the makefile to be installed on the main router and create firewall
>> rules like this:
>>
>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP
>> --set-dscp-class cs3
>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP
>> --set-dscp-class cs4
>>
>> If you need help building a custom firmware image, just let me know.
>>
>
> Ok got it, its in-line.... right now im fighting the GFW of China
> using shadowsocks and chinadns so im pretty customized already,
> i was having issues with sqm and kernel segfaults on 4.4.30 ill build
> a cake and DPI image and see how that goes, maybe Ill try this
> after i deem sqm is stable with cake on this build. It a ZBT-WG3526
> router... so its ralink based

like i stated on LEDE major issues when sqm is enabled.... even with
cake... is nobody else seeing these issues?

[  569.020000]  1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613 fqs=1
[  569.020000]  (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573)
[  569.020000] Task dump for CPU 1:
[  569.020000] swapper/1       R running      0     0      1 0x00100000
[  569.020000] Stack : 00000000 00000001 00000015 00000000 00000000
00000001 8045a2a4 80410000
[  569.020000]    8041275c 00000001 00000001 80412540 80412724
80410000 00000000 800132e8
[  569.020000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
8005c870 1100fc03 00000001
[  569.020000]    00000000 80410000 8045a2a4 8005c868 80410000
8001ade0 1100fc03 00000000
[  569.020000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
aefffbff fff77fe7 dfffffef
[  569.020000]    ...
[  569.020000] Call Trace:
[  569.020000] [<8000bba8>] __schedule+0x574/0x758
[  569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
[  569.020000]
[  569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798
f0x0 s3 ->state=0x1
[  629.130000] INFO: rcu_sched detected stalls on CPUs/tasks:
[  629.130000]  1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613 fqs=1
[  629.130000]  (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653)
[  629.130000] Task dump for CPU 1:
[  629.130000] swapper/1       R running      0     0      1 0x00100000
[  629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081
00000011 8045a2a4 80410000
[  629.130000]    8041275c 00000001 00000001 80412540 80412724
80410000 000010d9 800132e8
[  629.130000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
8005c870 1100fc03 00000001
[  629.130000]    00000000 80410000 8045a2a4 8005c868 80410000
8001ade0 1100fc03 00000000
[  629.130000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
aefffbff fff77fe7 dfffffef
[  629.130000]    ...
[  629.130000] Call Trace:
[  629.130000] [<8000bba8>] __schedule+0x574/0x758
[  629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
[  629.130000]
[  629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800
f0x0 s3 ->state=0x1
[  692.940000] INFO: rcu_sched detected stalls on CPUs/tasks:
[  692.940000]  1-...: (0 ticks this GP) idle=4c2/0/0
softirq=50613/50613 fqs=0
[  692.940000]  2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460 fqs=0
[  692.940000]  3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982 fqs=0
[  692.940000]  (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190)
[  692.940000] Task dump for CPU 1:
[  692.940000] swapper/1       R running      0     0      1 0x00100000
[  692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f
d2f1a9fc 8045a2a4 80410000
[  692.940000]    8041275c 00000001 00000001 80412540 80412724
80410000 000010d9 800132e8
[  692.940000]    00000000 00000001 8fc60000 8fc61ec0 80410000
8005c870 1100fc03 00000001
[  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
8001ade0 1100fc03 00000000
[  692.940000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
aefffbff fff77fe7 dfffffef
[  692.940000]    ...
[  692.940000] Call Trace:
[  692.940000] [<8000bba8>] __schedule+0x574/0x758
[  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
[  692.940000]
[  692.940000] Task dump for CPU 2:
[  692.940000] swapper/2       R running      0     0      1 0x00100000
[  692.940000] Stack : 00000000 00000001 00000010 00000000 00000000
00010001 8045a2a4 80410000
[  692.940000]    8041275c 00000001 00000000 804125e0 80412724
80410000 00000000 800132e8
[  692.940000]    1100fc03 00000002 8fc62000 8fc63ec0 80410000
8005c870 1100fc03 00000002
[  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
8001ade0 1100fc03 00000000
[  692.940000]    00000004 804124a0 000000a0 8001ade8 fbffbfdf
7fff7b3b 7ffaeff8 67fbffff
[  692.940000]    ...
[  692.940000] Call Trace:
[  692.940000] [<8000bba8>] __schedule+0x574/0x758
[  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
[  692.940000]
[  692.940000] Task dump for CPU 3:
[  692.940000] swapper/3       R running      0     0      1 0x00100000
[  692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f
00000020 8045a2a4 80410000
[  692.940000]    8041275c 00000001 00000001 80412680 80412724
80410000 000010d9 800132e8
[  692.940000]    1100fc03 00000003 8fc64000 8fc65ec0 80410000
8005c870 1100fc03 00000003
[  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
8001ade0 1100fc03 00000000
[  692.940000]    00000004 804124a0 000000a0 8001ade8 fefffbdb
aefffbfb fff77fe7 dfffffef
[  692.940000]    ...
[  692.940000] Call Trace:
[  692.940000] [<8000bba8>] __schedule+0x574/0x758
[  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
[  692.940000]
[  692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823
f0x0 s3 ->state=0x1
root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: Broken pipe


>
>>
>> On 11/10/2016 9:06 PM, Outback Dingo wrote:
>>
>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote:
>>
>> I finally got my project working.
>>
>> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I
>> could prioritize applications using Cake.
>>
>> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>>
>> NDPI integrates into IPTables, which allows me to DSCP mark packets.  Cake
>> reads the DiffServ markings and puts the traffic into appropriate classes.
>>
>> I found a Makefile which successfully compiles:
>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>>
>> The system works very well.  Steam traffic is deprioritized to allow
>> applications like YouTube, Netflix, and Skype to receive higher amounts of
>> the available bandwidth.
>>
>> What I do for ingress is bridge two ports on an extra router, enable bridge
>> firewalling, and create IPTables rules to mark downstream packets.  The
>> router I use is a D-Link DGL-5500, which is comparable to an Archer C7.
>>
>> IPv6 support is not available in this netfilter module, but the IPv4 support
>> is great.
>>
>> Noah Causin
>>
>> very nice.... however, can you describe a bit better how you
>> configured for ingress ? a second router?  configuration file ? your
>> high level description seems a bit confusing to me
>>
>>
>> _______________________________________________
>> Cake mailing list
>> Cake@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cake
>>
>>

Re: [Cake] Cake with Deep Packet Inspection

[Noah Causin]

Do you build your firmware from the git repository?


On 11/10/2016 11:28 PM, Outback Dingo wrote:
> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com> wrote:
>>> I took an extra router I had and bridged two ports on the router's switch,
>>> so they just pass traffic. (eth0.2 and eth0.3)
>>>
>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem]
>>>
>>> The extra router is passive.  It acts like it's part of the Ethernet cable
>>> between the main router and cable modem.  It does not interfere.
>>>
>>> The extra router needs these packages:
>>>
>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two
>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi and
>>> iptables-mod-ndpi)
>>>
>>> I edited /etc/sysctl.conf and change the last two lines to this:
>>>
>>> net.bridge.bridge-nf-call-ip6tables=1
>>> net.bridge.bridge-nf-call-iptables=1
>>>
>>> This enables bridge firewalling, so the traffic between the two ports can be
>>> marked.
>>>
>>> I then added firewall rules to LuCIs custom firewall rules tab.
>>>
>>> Example Rules, modify classes as desired:
>>>
>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your
>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0
>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source Your
>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2
>>>
>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source Your
>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3
>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your
>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4
>>>
>>> Have your main router use some form of DiffServ for both upload and download
>>> on its WAN interface.  For upload traffic, you just need the two packages
>>> from the makefile to be installed on the main router and create firewall
>>> rules like this:
>>>
>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP
>>> --set-dscp-class cs3
>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP
>>> --set-dscp-class cs4
>>>
>>> If you need help building a custom firmware image, just let me know.
>>>
>> Ok got it, its in-line.... right now im fighting the GFW of China
>> using shadowsocks and chinadns so im pretty customized already,
>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build
>> a cake and DPI image and see how that goes, maybe Ill try this
>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526
>> router... so its ralink based
> like i stated on LEDE major issues when sqm is enabled.... even with
> cake... is nobody else seeing these issues?
>
> [  569.020000]  1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613 fqs=1
> [  569.020000]  (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573)
> [  569.020000] Task dump for CPU 1:
> [  569.020000] swapper/1       R running      0     0      1 0x00100000
> [  569.020000] Stack : 00000000 00000001 00000015 00000000 00000000
> 00000001 8045a2a4 80410000
> [  569.020000]    8041275c 00000001 00000001 80412540 80412724
> 80410000 00000000 800132e8
> [  569.020000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
> 8005c870 1100fc03 00000001
> [  569.020000]    00000000 80410000 8045a2a4 8005c868 80410000
> 8001ade0 1100fc03 00000000
> [  569.020000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
> aefffbff fff77fe7 dfffffef
> [  569.020000]    ...
> [  569.020000] Call Trace:
> [  569.020000] [<8000bba8>] __schedule+0x574/0x758
> [  569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
> [  569.020000]
> [  569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798
> f0x0 s3 ->state=0x1
> [  629.130000] INFO: rcu_sched detected stalls on CPUs/tasks:
> [  629.130000]  1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613 fqs=1
> [  629.130000]  (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653)
> [  629.130000] Task dump for CPU 1:
> [  629.130000] swapper/1       R running      0     0      1 0x00100000
> [  629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081
> 00000011 8045a2a4 80410000
> [  629.130000]    8041275c 00000001 00000001 80412540 80412724
> 80410000 000010d9 800132e8
> [  629.130000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
> 8005c870 1100fc03 00000001
> [  629.130000]    00000000 80410000 8045a2a4 8005c868 80410000
> 8001ade0 1100fc03 00000000
> [  629.130000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
> aefffbff fff77fe7 dfffffef
> [  629.130000]    ...
> [  629.130000] Call Trace:
> [  629.130000] [<8000bba8>] __schedule+0x574/0x758
> [  629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
> [  629.130000]
> [  629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800
> f0x0 s3 ->state=0x1
> [  692.940000] INFO: rcu_sched detected stalls on CPUs/tasks:
> [  692.940000]  1-...: (0 ticks this GP) idle=4c2/0/0
> softirq=50613/50613 fqs=0
> [  692.940000]  2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460 fqs=0
> [  692.940000]  3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982 fqs=0
> [  692.940000]  (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190)
> [  692.940000] Task dump for CPU 1:
> [  692.940000] swapper/1       R running      0     0      1 0x00100000
> [  692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f
> d2f1a9fc 8045a2a4 80410000
> [  692.940000]    8041275c 00000001 00000001 80412540 80412724
> 80410000 000010d9 800132e8
> [  692.940000]    00000000 00000001 8fc60000 8fc61ec0 80410000
> 8005c870 1100fc03 00000001
> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
> 8001ade0 1100fc03 00000000
> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
> aefffbff fff77fe7 dfffffef
> [  692.940000]    ...
> [  692.940000] Call Trace:
> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
> [  692.940000]
> [  692.940000] Task dump for CPU 2:
> [  692.940000] swapper/2       R running      0     0      1 0x00100000
> [  692.940000] Stack : 00000000 00000001 00000010 00000000 00000000
> 00010001 8045a2a4 80410000
> [  692.940000]    8041275c 00000001 00000000 804125e0 80412724
> 80410000 00000000 800132e8
> [  692.940000]    1100fc03 00000002 8fc62000 8fc63ec0 80410000
> 8005c870 1100fc03 00000002
> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
> 8001ade0 1100fc03 00000000
> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fbffbfdf
> 7fff7b3b 7ffaeff8 67fbffff
> [  692.940000]    ...
> [  692.940000] Call Trace:
> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
> [  692.940000]
> [  692.940000] Task dump for CPU 3:
> [  692.940000] swapper/3       R running      0     0      1 0x00100000
> [  692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f
> 00000020 8045a2a4 80410000
> [  692.940000]    8041275c 00000001 00000001 80412680 80412724
> 80410000 000010d9 800132e8
> [  692.940000]    1100fc03 00000003 8fc64000 8fc65ec0 80410000
> 8005c870 1100fc03 00000003
> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
> 8001ade0 1100fc03 00000000
> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fefffbdb
> aefffbfb fff77fe7 dfffffef
> [  692.940000]    ...
> [  692.940000] Call Trace:
> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
> [  692.940000]
> [  692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823
> f0x0 s3 ->state=0x1
> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: Broken pipe
>
>
>>> On 11/10/2016 9:06 PM, Outback Dingo wrote:
>>>
>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com> wrote:
>>>
>>> I finally got my project working.
>>>
>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE build, so I
>>> could prioritize applications using Cake.
>>>
>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>>>
>>> NDPI integrates into IPTables, which allows me to DSCP mark packets.  Cake
>>> reads the DiffServ markings and puts the traffic into appropriate classes.
>>>
>>> I found a Makefile which successfully compiles:
>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>>>
>>> The system works very well.  Steam traffic is deprioritized to allow
>>> applications like YouTube, Netflix, and Skype to receive higher amounts of
>>> the available bandwidth.
>>>
>>> What I do for ingress is bridge two ports on an extra router, enable bridge
>>> firewalling, and create IPTables rules to mark downstream packets.  The
>>> router I use is a D-Link DGL-5500, which is comparable to an Archer C7.
>>>
>>> IPv6 support is not available in this netfilter module, but the IPv4 support
>>> is great.
>>>
>>> Noah Causin
>>>
>>> very nice.... however, can you describe a bit better how you
>>> configured for ingress ? a second router?  configuration file ? your
>>> high level description seems a bit confusing to me
>>>
>>>
>>> _______________________________________________
>>> Cake mailing list
>>> Cake@lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/cake
>>>
>>>

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

On Fri, Nov 11, 2016 at 9:04 PM, Noah Causin <n0manletter@gmail.com> wrote:
> Do you build your firmware from the git repository?
>
>

Yes it is built from a recent trunk, as of yesterday


>
> On 11/10/2016 11:28 PM, Outback Dingo wrote:
>>
>> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com>
>> wrote:
>>>
>>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com>
>>> wrote:
>>>>
>>>> I took an extra router I had and bridged two ports on the router's
>>>> switch,
>>>> so they just pass traffic. (eth0.2 and eth0.3)
>>>>
>>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem]
>>>>
>>>> The extra router is passive.  It acts like it's part of the Ethernet
>>>> cable
>>>> between the main router and cable modem.  It does not interfere.
>>>>
>>>> The extra router needs these packages:
>>>>
>>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two
>>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi
>>>> and
>>>> iptables-mod-ndpi)
>>>>
>>>> I edited /etc/sysctl.conf and change the last two lines to this:
>>>>
>>>> net.bridge.bridge-nf-call-ip6tables=1
>>>> net.bridge.bridge-nf-call-iptables=1
>>>>
>>>> This enables bridge firewalling, so the traffic between the two ports
>>>> can be
>>>> marked.
>>>>
>>>> I then added firewall rules to LuCIs custom firewall rules tab.
>>>>
>>>> Example Rules, modify classes as desired:
>>>>
>>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your
>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0
>>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source
>>>> Your
>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2
>>>>
>>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source
>>>> Your
>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3
>>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your
>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4
>>>>
>>>> Have your main router use some form of DiffServ for both upload and
>>>> download
>>>> on its WAN interface.  For upload traffic, you just need the two
>>>> packages
>>>> from the makefile to be installed on the main router and create firewall
>>>> rules like this:
>>>>
>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP
>>>> --set-dscp-class cs3
>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP
>>>> --set-dscp-class cs4
>>>>
>>>> If you need help building a custom firmware image, just let me know.
>>>>
>>> Ok got it, its in-line.... right now im fighting the GFW of China
>>> using shadowsocks and chinadns so im pretty customized already,
>>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build
>>> a cake and DPI image and see how that goes, maybe Ill try this
>>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526
>>> router... so its ralink based
>>
>> like i stated on LEDE major issues when sqm is enabled.... even with
>> cake... is nobody else seeing these issues?
>>
>> [  569.020000]  1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613
>> fqs=1
>> [  569.020000]  (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573)
>> [  569.020000] Task dump for CPU 1:
>> [  569.020000] swapper/1       R running      0     0      1 0x00100000
>> [  569.020000] Stack : 00000000 00000001 00000015 00000000 00000000
>> 00000001 8045a2a4 80410000
>> [  569.020000]    8041275c 00000001 00000001 80412540 80412724
>> 80410000 00000000 800132e8
>> [  569.020000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
>> 8005c870 1100fc03 00000001
>> [  569.020000]    00000000 80410000 8045a2a4 8005c868 80410000
>> 8001ade0 1100fc03 00000000
>> [  569.020000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>> aefffbff fff77fe7 dfffffef
>> [  569.020000]    ...
>> [  569.020000] Call Trace:
>> [  569.020000] [<8000bba8>] __schedule+0x574/0x758
>> [  569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>> [  569.020000]
>> [  569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798
>> f0x0 s3 ->state=0x1
>> [  629.130000] INFO: rcu_sched detected stalls on CPUs/tasks:
>> [  629.130000]  1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613
>> fqs=1
>> [  629.130000]  (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653)
>> [  629.130000] Task dump for CPU 1:
>> [  629.130000] swapper/1       R running      0     0      1 0x00100000
>> [  629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081
>> 00000011 8045a2a4 80410000
>> [  629.130000]    8041275c 00000001 00000001 80412540 80412724
>> 80410000 000010d9 800132e8
>> [  629.130000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
>> 8005c870 1100fc03 00000001
>> [  629.130000]    00000000 80410000 8045a2a4 8005c868 80410000
>> 8001ade0 1100fc03 00000000
>> [  629.130000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>> aefffbff fff77fe7 dfffffef
>> [  629.130000]    ...
>> [  629.130000] Call Trace:
>> [  629.130000] [<8000bba8>] __schedule+0x574/0x758
>> [  629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>> [  629.130000]
>> [  629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800
>> f0x0 s3 ->state=0x1
>> [  692.940000] INFO: rcu_sched detected stalls on CPUs/tasks:
>> [  692.940000]  1-...: (0 ticks this GP) idle=4c2/0/0
>> softirq=50613/50613 fqs=0
>> [  692.940000]  2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460
>> fqs=0
>> [  692.940000]  3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982
>> fqs=0
>> [  692.940000]  (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190)
>> [  692.940000] Task dump for CPU 1:
>> [  692.940000] swapper/1       R running      0     0      1 0x00100000
>> [  692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f
>> d2f1a9fc 8045a2a4 80410000
>> [  692.940000]    8041275c 00000001 00000001 80412540 80412724
>> 80410000 000010d9 800132e8
>> [  692.940000]    00000000 00000001 8fc60000 8fc61ec0 80410000
>> 8005c870 1100fc03 00000001
>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>> 8001ade0 1100fc03 00000000
>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>> aefffbff fff77fe7 dfffffef
>> [  692.940000]    ...
>> [  692.940000] Call Trace:
>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>> [  692.940000]
>> [  692.940000] Task dump for CPU 2:
>> [  692.940000] swapper/2       R running      0     0      1 0x00100000
>> [  692.940000] Stack : 00000000 00000001 00000010 00000000 00000000
>> 00010001 8045a2a4 80410000
>> [  692.940000]    8041275c 00000001 00000000 804125e0 80412724
>> 80410000 00000000 800132e8
>> [  692.940000]    1100fc03 00000002 8fc62000 8fc63ec0 80410000
>> 8005c870 1100fc03 00000002
>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>> 8001ade0 1100fc03 00000000
>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fbffbfdf
>> 7fff7b3b 7ffaeff8 67fbffff
>> [  692.940000]    ...
>> [  692.940000] Call Trace:
>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>> [  692.940000]
>> [  692.940000] Task dump for CPU 3:
>> [  692.940000] swapper/3       R running      0     0      1 0x00100000
>> [  692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f
>> 00000020 8045a2a4 80410000
>> [  692.940000]    8041275c 00000001 00000001 80412680 80412724
>> 80410000 000010d9 800132e8
>> [  692.940000]    1100fc03 00000003 8fc64000 8fc65ec0 80410000
>> 8005c870 1100fc03 00000003
>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>> 8001ade0 1100fc03 00000000
>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fefffbdb
>> aefffbfb fff77fe7 dfffffef
>> [  692.940000]    ...
>> [  692.940000] Call Trace:
>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>> [  692.940000]
>> [  692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823
>> f0x0 s3 ->state=0x1
>> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: Broken
>> pipe
>>
>>
>>>> On 11/10/2016 9:06 PM, Outback Dingo wrote:
>>>>
>>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com>
>>>> wrote:
>>>>
>>>> I finally got my project working.
>>>>
>>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE build,
>>>> so I
>>>> could prioritize applications using Cake.
>>>>
>>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>>>>
>>>> NDPI integrates into IPTables, which allows me to DSCP mark packets.
>>>> Cake
>>>> reads the DiffServ markings and puts the traffic into appropriate
>>>> classes.
>>>>
>>>> I found a Makefile which successfully compiles:
>>>>
>>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>>>>
>>>> The system works very well.  Steam traffic is deprioritized to allow
>>>> applications like YouTube, Netflix, and Skype to receive higher amounts
>>>> of
>>>> the available bandwidth.
>>>>
>>>> What I do for ingress is bridge two ports on an extra router, enable
>>>> bridge
>>>> firewalling, and create IPTables rules to mark downstream packets.  The
>>>> router I use is a D-Link DGL-5500, which is comparable to an Archer C7.
>>>>
>>>> IPv6 support is not available in this netfilter module, but the IPv4
>>>> support
>>>> is great.
>>>>
>>>> Noah Causin
>>>>
>>>> very nice.... however, can you describe a bit better how you
>>>> configured for ingress ? a second router?  configuration file ? your
>>>> high level description seems a bit confusing to me
>>>>
>>>>
>>>> _______________________________________________
>>>> Cake mailing list
>>>> Cake@lists.bufferbloat.net
>>>> https://lists.bufferbloat.net/listinfo/cake
>>>>
>>>>
>

Re: [Cake] Cake with Deep Packet Inspection

[Noah Causin]

What I would try is deleting your build source folder and start from 
scratch.

Then edit source/package/kernel/kmod-sched-cake/Makefile

change the PKG_SOURCE_VERSION to 70169dba14daa6ef7907af9c1e922ef9f797993a

That's the latest stable version of cake.

https://github.com/dtaht/sch_cake/commit/70169dba14daa6ef7907af9c1e922ef9f797993a


On 11/11/2016 9:08 AM, Outback Dingo wrote:
> On Fri, Nov 11, 2016 at 9:04 PM, Noah Causin <n0manletter@gmail.com> wrote:
>> Do you build your firmware from the git repository?
>>
>>
> Yes it is built from a recent trunk, as of yesterday
>
>
>> On 11/10/2016 11:28 PM, Outback Dingo wrote:
>>> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com>
>>> wrote:
>>>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com>
>>>> wrote:
>>>>> I took an extra router I had and bridged two ports on the router's
>>>>> switch,
>>>>> so they just pass traffic. (eth0.2 and eth0.3)
>>>>>
>>>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem]
>>>>>
>>>>> The extra router is passive.  It acts like it's part of the Ethernet
>>>>> cable
>>>>> between the main router and cable modem.  It does not interfere.
>>>>>
>>>>> The extra router needs these packages:
>>>>>
>>>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two
>>>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi
>>>>> and
>>>>> iptables-mod-ndpi)
>>>>>
>>>>> I edited /etc/sysctl.conf and change the last two lines to this:
>>>>>
>>>>> net.bridge.bridge-nf-call-ip6tables=1
>>>>> net.bridge.bridge-nf-call-iptables=1
>>>>>
>>>>> This enables bridge firewalling, so the traffic between the two ports
>>>>> can be
>>>>> marked.
>>>>>
>>>>> I then added firewall rules to LuCIs custom firewall rules tab.
>>>>>
>>>>> Example Rules, modify classes as desired:
>>>>>
>>>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source Your
>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0
>>>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source
>>>>> Your
>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2
>>>>>
>>>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source
>>>>> Your
>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3
>>>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source Your
>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4
>>>>>
>>>>> Have your main router use some form of DiffServ for both upload and
>>>>> download
>>>>> on its WAN interface.  For upload traffic, you just need the two
>>>>> packages
>>>>> from the makefile to be installed on the main router and create firewall
>>>>> rules like this:
>>>>>
>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP
>>>>> --set-dscp-class cs3
>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP
>>>>> --set-dscp-class cs4
>>>>>
>>>>> If you need help building a custom firmware image, just let me know.
>>>>>
>>>> Ok got it, its in-line.... right now im fighting the GFW of China
>>>> using shadowsocks and chinadns so im pretty customized already,
>>>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build
>>>> a cake and DPI image and see how that goes, maybe Ill try this
>>>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526
>>>> router... so its ralink based
>>> like i stated on LEDE major issues when sqm is enabled.... even with
>>> cake... is nobody else seeing these issues?
>>>
>>> [  569.020000]  1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613
>>> fqs=1
>>> [  569.020000]  (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573)
>>> [  569.020000] Task dump for CPU 1:
>>> [  569.020000] swapper/1       R running      0     0      1 0x00100000
>>> [  569.020000] Stack : 00000000 00000001 00000015 00000000 00000000
>>> 00000001 8045a2a4 80410000
>>> [  569.020000]    8041275c 00000001 00000001 80412540 80412724
>>> 80410000 00000000 800132e8
>>> [  569.020000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
>>> 8005c870 1100fc03 00000001
>>> [  569.020000]    00000000 80410000 8045a2a4 8005c868 80410000
>>> 8001ade0 1100fc03 00000000
>>> [  569.020000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>> aefffbff fff77fe7 dfffffef
>>> [  569.020000]    ...
>>> [  569.020000] Call Trace:
>>> [  569.020000] [<8000bba8>] __schedule+0x574/0x758
>>> [  569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>> [  569.020000]
>>> [  569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798
>>> f0x0 s3 ->state=0x1
>>> [  629.130000] INFO: rcu_sched detected stalls on CPUs/tasks:
>>> [  629.130000]  1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613
>>> fqs=1
>>> [  629.130000]  (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653)
>>> [  629.130000] Task dump for CPU 1:
>>> [  629.130000] swapper/1       R running      0     0      1 0x00100000
>>> [  629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081
>>> 00000011 8045a2a4 80410000
>>> [  629.130000]    8041275c 00000001 00000001 80412540 80412724
>>> 80410000 000010d9 800132e8
>>> [  629.130000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
>>> 8005c870 1100fc03 00000001
>>> [  629.130000]    00000000 80410000 8045a2a4 8005c868 80410000
>>> 8001ade0 1100fc03 00000000
>>> [  629.130000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>> aefffbff fff77fe7 dfffffef
>>> [  629.130000]    ...
>>> [  629.130000] Call Trace:
>>> [  629.130000] [<8000bba8>] __schedule+0x574/0x758
>>> [  629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>> [  629.130000]
>>> [  629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800
>>> f0x0 s3 ->state=0x1
>>> [  692.940000] INFO: rcu_sched detected stalls on CPUs/tasks:
>>> [  692.940000]  1-...: (0 ticks this GP) idle=4c2/0/0
>>> softirq=50613/50613 fqs=0
>>> [  692.940000]  2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460
>>> fqs=0
>>> [  692.940000]  3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982
>>> fqs=0
>>> [  692.940000]  (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190)
>>> [  692.940000] Task dump for CPU 1:
>>> [  692.940000] swapper/1       R running      0     0      1 0x00100000
>>> [  692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f
>>> d2f1a9fc 8045a2a4 80410000
>>> [  692.940000]    8041275c 00000001 00000001 80412540 80412724
>>> 80410000 000010d9 800132e8
>>> [  692.940000]    00000000 00000001 8fc60000 8fc61ec0 80410000
>>> 8005c870 1100fc03 00000001
>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>> 8001ade0 1100fc03 00000000
>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>> aefffbff fff77fe7 dfffffef
>>> [  692.940000]    ...
>>> [  692.940000] Call Trace:
>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>> [  692.940000]
>>> [  692.940000] Task dump for CPU 2:
>>> [  692.940000] swapper/2       R running      0     0      1 0x00100000
>>> [  692.940000] Stack : 00000000 00000001 00000010 00000000 00000000
>>> 00010001 8045a2a4 80410000
>>> [  692.940000]    8041275c 00000001 00000000 804125e0 80412724
>>> 80410000 00000000 800132e8
>>> [  692.940000]    1100fc03 00000002 8fc62000 8fc63ec0 80410000
>>> 8005c870 1100fc03 00000002
>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>> 8001ade0 1100fc03 00000000
>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fbffbfdf
>>> 7fff7b3b 7ffaeff8 67fbffff
>>> [  692.940000]    ...
>>> [  692.940000] Call Trace:
>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>> [  692.940000]
>>> [  692.940000] Task dump for CPU 3:
>>> [  692.940000] swapper/3       R running      0     0      1 0x00100000
>>> [  692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f
>>> 00000020 8045a2a4 80410000
>>> [  692.940000]    8041275c 00000001 00000001 80412680 80412724
>>> 80410000 000010d9 800132e8
>>> [  692.940000]    1100fc03 00000003 8fc64000 8fc65ec0 80410000
>>> 8005c870 1100fc03 00000003
>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>> 8001ade0 1100fc03 00000000
>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fefffbdb
>>> aefffbfb fff77fe7 dfffffef
>>> [  692.940000]    ...
>>> [  692.940000] Call Trace:
>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>> [  692.940000]
>>> [  692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823
>>> f0x0 s3 ->state=0x1
>>> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22: Broken
>>> pipe
>>>
>>>
>>>>> On 11/10/2016 9:06 PM, Outback Dingo wrote:
>>>>>
>>>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com>
>>>>> wrote:
>>>>>
>>>>> I finally got my project working.
>>>>>
>>>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE build,
>>>>> so I
>>>>> could prioritize applications using Cake.
>>>>>
>>>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>>>>>
>>>>> NDPI integrates into IPTables, which allows me to DSCP mark packets.
>>>>> Cake
>>>>> reads the DiffServ markings and puts the traffic into appropriate
>>>>> classes.
>>>>>
>>>>> I found a Makefile which successfully compiles:
>>>>>
>>>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>>>>>
>>>>> The system works very well.  Steam traffic is deprioritized to allow
>>>>> applications like YouTube, Netflix, and Skype to receive higher amounts
>>>>> of
>>>>> the available bandwidth.
>>>>>
>>>>> What I do for ingress is bridge two ports on an extra router, enable
>>>>> bridge
>>>>> firewalling, and create IPTables rules to mark downstream packets.  The
>>>>> router I use is a D-Link DGL-5500, which is comparable to an Archer C7.
>>>>>
>>>>> IPv6 support is not available in this netfilter module, but the IPv4
>>>>> support
>>>>> is great.
>>>>>
>>>>> Noah Causin
>>>>>
>>>>> very nice.... however, can you describe a bit better how you
>>>>> configured for ingress ? a second router?  configuration file ? your
>>>>> high level description seems a bit confusing to me
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Cake mailing list
>>>>> Cake@lists.bufferbloat.net
>>>>> https://lists.bufferbloat.net/listinfo/cake
>>>>>
>>>>>

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

On Fri, Nov 11, 2016 at 10:22 PM, Noah Causin <n0manletter@gmail.com> wrote:
> What I would try is deleting your build source folder and start from
> scratch.
>
> Then edit source/package/kernel/kmod-sched-cake/Makefile
>
> change the PKG_SOURCE_VERSION to 70169dba14daa6ef7907af9c1e922ef9f797993a
>
> That's the latest stable version of cake.
>
> https://github.com/dtaht/sch_cake/commit/70169dba14daa6ef7907af9c1e922ef9f797993a
>
>

Appreciate the attempt to help, but it did this even prior to adding
cake previously when just using loading sqm
ill give it a go but i believe the issue is deeper then just cake.


>
> On 11/11/2016 9:08 AM, Outback Dingo wrote:
>>
>> On Fri, Nov 11, 2016 at 9:04 PM, Noah Causin <n0manletter@gmail.com>
>> wrote:
>>>
>>> Do you build your firmware from the git repository?
>>>
>>>
>> Yes it is built from a recent trunk, as of yesterday
>>
>>
>>> On 11/10/2016 11:28 PM, Outback Dingo wrote:
>>>>
>>>> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com>
>>>> wrote:
>>>>>
>>>>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com>
>>>>> wrote:
>>>>>>
>>>>>> I took an extra router I had and bridged two ports on the router's
>>>>>> switch,
>>>>>> so they just pass traffic. (eth0.2 and eth0.3)
>>>>>>
>>>>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem]
>>>>>>
>>>>>> The extra router is passive.  It acts like it's part of the Ethernet
>>>>>> cable
>>>>>> between the main router and cable modem.  It does not interfere.
>>>>>>
>>>>>> The extra router needs these packages:
>>>>>>
>>>>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two
>>>>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi
>>>>>> and
>>>>>> iptables-mod-ndpi)
>>>>>>
>>>>>> I edited /etc/sysctl.conf and change the last two lines to this:
>>>>>>
>>>>>> net.bridge.bridge-nf-call-ip6tables=1
>>>>>> net.bridge.bridge-nf-call-iptables=1
>>>>>>
>>>>>> This enables bridge firewalling, so the traffic between the two ports
>>>>>> can be
>>>>>> marked.
>>>>>>
>>>>>> I then added firewall rules to LuCIs custom firewall rules tab.
>>>>>>
>>>>>> Example Rules, modify classes as desired:
>>>>>>
>>>>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source
>>>>>> Your
>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0
>>>>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source
>>>>>> Your
>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2
>>>>>>
>>>>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source
>>>>>> Your
>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3
>>>>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source
>>>>>> Your
>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4
>>>>>>
>>>>>> Have your main router use some form of DiffServ for both upload and
>>>>>> download
>>>>>> on its WAN interface.  For upload traffic, you just need the two
>>>>>> packages
>>>>>> from the makefile to be installed on the main router and create
>>>>>> firewall
>>>>>> rules like this:
>>>>>>
>>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP
>>>>>> --set-dscp-class cs3
>>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP
>>>>>> --set-dscp-class cs4
>>>>>>
>>>>>> If you need help building a custom firmware image, just let me know.
>>>>>>
>>>>> Ok got it, its in-line.... right now im fighting the GFW of China
>>>>> using shadowsocks and chinadns so im pretty customized already,
>>>>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build
>>>>> a cake and DPI image and see how that goes, maybe Ill try this
>>>>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526
>>>>> router... so its ralink based
>>>>
>>>> like i stated on LEDE major issues when sqm is enabled.... even with
>>>> cake... is nobody else seeing these issues?
>>>>
>>>> [  569.020000]  1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613
>>>> fqs=1
>>>> [  569.020000]  (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573)
>>>> [  569.020000] Task dump for CPU 1:
>>>> [  569.020000] swapper/1       R running      0     0      1 0x00100000
>>>> [  569.020000] Stack : 00000000 00000001 00000015 00000000 00000000
>>>> 00000001 8045a2a4 80410000
>>>> [  569.020000]    8041275c 00000001 00000001 80412540 80412724
>>>> 80410000 00000000 800132e8
>>>> [  569.020000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
>>>> 8005c870 1100fc03 00000001
>>>> [  569.020000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>> 8001ade0 1100fc03 00000000
>>>> [  569.020000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>>> aefffbff fff77fe7 dfffffef
>>>> [  569.020000]    ...
>>>> [  569.020000] Call Trace:
>>>> [  569.020000] [<8000bba8>] __schedule+0x574/0x758
>>>> [  569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>> [  569.020000]
>>>> [  569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798
>>>> f0x0 s3 ->state=0x1
>>>> [  629.130000] INFO: rcu_sched detected stalls on CPUs/tasks:
>>>> [  629.130000]  1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613
>>>> fqs=1
>>>> [  629.130000]  (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653)
>>>> [  629.130000] Task dump for CPU 1:
>>>> [  629.130000] swapper/1       R running      0     0      1 0x00100000
>>>> [  629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081
>>>> 00000011 8045a2a4 80410000
>>>> [  629.130000]    8041275c 00000001 00000001 80412540 80412724
>>>> 80410000 000010d9 800132e8
>>>> [  629.130000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
>>>> 8005c870 1100fc03 00000001
>>>> [  629.130000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>> 8001ade0 1100fc03 00000000
>>>> [  629.130000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>>> aefffbff fff77fe7 dfffffef
>>>> [  629.130000]    ...
>>>> [  629.130000] Call Trace:
>>>> [  629.130000] [<8000bba8>] __schedule+0x574/0x758
>>>> [  629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>> [  629.130000]
>>>> [  629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800
>>>> f0x0 s3 ->state=0x1
>>>> [  692.940000] INFO: rcu_sched detected stalls on CPUs/tasks:
>>>> [  692.940000]  1-...: (0 ticks this GP) idle=4c2/0/0
>>>> softirq=50613/50613 fqs=0
>>>> [  692.940000]  2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460
>>>> fqs=0
>>>> [  692.940000]  3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982
>>>> fqs=0
>>>> [  692.940000]  (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190)
>>>> [  692.940000] Task dump for CPU 1:
>>>> [  692.940000] swapper/1       R running      0     0      1 0x00100000
>>>> [  692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f
>>>> d2f1a9fc 8045a2a4 80410000
>>>> [  692.940000]    8041275c 00000001 00000001 80412540 80412724
>>>> 80410000 000010d9 800132e8
>>>> [  692.940000]    00000000 00000001 8fc60000 8fc61ec0 80410000
>>>> 8005c870 1100fc03 00000001
>>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>> 8001ade0 1100fc03 00000000
>>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>>> aefffbff fff77fe7 dfffffef
>>>> [  692.940000]    ...
>>>> [  692.940000] Call Trace:
>>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>> [  692.940000]
>>>> [  692.940000] Task dump for CPU 2:
>>>> [  692.940000] swapper/2       R running      0     0      1 0x00100000
>>>> [  692.940000] Stack : 00000000 00000001 00000010 00000000 00000000
>>>> 00010001 8045a2a4 80410000
>>>> [  692.940000]    8041275c 00000001 00000000 804125e0 80412724
>>>> 80410000 00000000 800132e8
>>>> [  692.940000]    1100fc03 00000002 8fc62000 8fc63ec0 80410000
>>>> 8005c870 1100fc03 00000002
>>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>> 8001ade0 1100fc03 00000000
>>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fbffbfdf
>>>> 7fff7b3b 7ffaeff8 67fbffff
>>>> [  692.940000]    ...
>>>> [  692.940000] Call Trace:
>>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>> [  692.940000]
>>>> [  692.940000] Task dump for CPU 3:
>>>> [  692.940000] swapper/3       R running      0     0      1 0x00100000
>>>> [  692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f
>>>> 00000020 8045a2a4 80410000
>>>> [  692.940000]    8041275c 00000001 00000001 80412680 80412724
>>>> 80410000 000010d9 800132e8
>>>> [  692.940000]    1100fc03 00000003 8fc64000 8fc65ec0 80410000
>>>> 8005c870 1100fc03 00000003
>>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>> 8001ade0 1100fc03 00000000
>>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fefffbdb
>>>> aefffbfb fff77fe7 dfffffef
>>>> [  692.940000]    ...
>>>> [  692.940000] Call Trace:
>>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>> [  692.940000]
>>>> [  692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823
>>>> f0x0 s3 ->state=0x1
>>>> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22:
>>>> Broken
>>>> pipe
>>>>
>>>>
>>>>>> On 11/10/2016 9:06 PM, Outback Dingo wrote:
>>>>>>
>>>>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> I finally got my project working.
>>>>>>
>>>>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE
>>>>>> build,
>>>>>> so I
>>>>>> could prioritize applications using Cake.
>>>>>>
>>>>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>>>>>>
>>>>>> NDPI integrates into IPTables, which allows me to DSCP mark packets.
>>>>>> Cake
>>>>>> reads the DiffServ markings and puts the traffic into appropriate
>>>>>> classes.
>>>>>>
>>>>>> I found a Makefile which successfully compiles:
>>>>>>
>>>>>>
>>>>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>>>>>>
>>>>>> The system works very well.  Steam traffic is deprioritized to allow
>>>>>> applications like YouTube, Netflix, and Skype to receive higher
>>>>>> amounts
>>>>>> of
>>>>>> the available bandwidth.
>>>>>>
>>>>>> What I do for ingress is bridge two ports on an extra router, enable
>>>>>> bridge
>>>>>> firewalling, and create IPTables rules to mark downstream packets.
>>>>>> The
>>>>>> router I use is a D-Link DGL-5500, which is comparable to an Archer
>>>>>> C7.
>>>>>>
>>>>>> IPv6 support is not available in this netfilter module, but the IPv4
>>>>>> support
>>>>>> is great.
>>>>>>
>>>>>> Noah Causin
>>>>>>
>>>>>> very nice.... however, can you describe a bit better how you
>>>>>> configured for ingress ? a second router?  configuration file ? your
>>>>>> high level description seems a bit confusing to me
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Cake mailing list
>>>>>> Cake@lists.bufferbloat.net
>>>>>> https://lists.bufferbloat.net/listinfo/cake
>>>>>>
>>>>>>
>

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

On Fri, Nov 11, 2016 at 10:56 PM, Outback Dingo <outbackdingo@gmail.com> wrote:
> On Fri, Nov 11, 2016 at 10:22 PM, Noah Causin <n0manletter@gmail.com> wrote:
>> What I would try is deleting your build source folder and start from
>> scratch.
>>
>> Then edit source/package/kernel/kmod-sched-cake/Makefile
>>
>> change the PKG_SOURCE_VERSION to 70169dba14daa6ef7907af9c1e922ef9f797993a
>>
>> That's the latest stable version of cake.
>>
>> https://github.com/dtaht/sch_cake/commit/70169dba14daa6ef7907af9c1e922ef9f797993a
>>
>>
>
> Appreciate the attempt to help, but it did this even prior to adding
> cake previously when just using loading sqm
> ill give it a go but i believe the issue is deeper then just cake.


like I stated made the changes and still seeing issues

[  149.490000] INFO: rcu_sched detected stalls on CPUs/tasks:
[  149.490000]  3-...: (0 ticks this GP) idle=b7c/0/0 softirq=3733/3733 fqs=0
[  149.500000]  (detected by 1, t=6003 jiffies, g=1039, c=1038, q=10655)
[  149.500000] Task dump for CPU 3:
[  149.510000] swapper/3       R running      0     0      1 0x00100000
[  149.510000] Stack : 00000000 00005ac7 8e049880 7ffdecec 00000000
80418a90 8045a2a4 80410000
[  149.510000]    8041275c 00000001 00000001 80412680 80412724
80410000 00000000 800132e8
[  149.510000]    00000000 00000001 8fc64000 8fc65ec0 80410000
8005c870 1100fc03 00000003
[  149.510000]    00000000 80410000 8045a2a4 8005c868 80410000
8001ade0 1100fc03 00000000
[  149.510000]    00000004 804124a0 000000a0 8001ade8 fefffbdb
aefffbfb fff77fe7 dfffffef
[  149.510000]    ...
[  149.550000] Call Trace:
[  149.550000] [<8000bba8>] __schedule+0x574/0x758
[  149.560000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
[  149.560000]
[  149.560000] rcu_sched kthread starved for 6009 jiffies! g1039 c1038
f0x0 s3 ->state=0x1
[ 1326.670000] INFO: rcu_sched detected stalls on CPUs/tasks:
[ 1326.670000]  2-...: (0 ticks this GP) idle=998/0/0
softirq=56566/56566 fqs=0
[ 1326.680000]  (detected by 1, t=6003 jiffies, g=14603, c=14602, q=9455)
[ 1326.680000] Task dump for CPU 2:
[ 1326.690000] swapper/2       R running      0     0      1 0x00100000
[ 1326.690000] Stack : 00000000 00000001 0000000a 00000000 00000000
00000001 8045a2a4 80410000
[ 1326.690000]    8041275c 00000001 00000000 804125e0 80412724
80410000 00000000 800132e8
[ 1326.690000]    1100fc03 00000002 8fc62000 8fc63ec0 80410000
8005c870 1100fc03 00000002
[ 1326.690000]    00000000 80410000 8045a2a4 8005c868 80410000
8001ade0 1100fc03 00000000
[ 1326.690000]    00000004 804124a0 000000a0 8001ade8 fbffbfdf
7fff7b3b 7ffaeff8 67fbffff
[ 1326.690000]    ...
[ 1326.730000] Call Trace:
[ 1326.730000] [<8000bba8>] __schedule+0x574/0x758
[ 1326.740000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
[ 1326.740000]
[ 1326.740000] rcu_sched kthread starved for 6009 jiffies! g14603
c14602 f0x0 s3 ->state=0x1
[ 1392.200000] INFO: rcu_sched detected stalls on CPUs/tasks:
[ 1392.200000]  2-...: (0 ticks this GP) idle=c80/0/0
softirq=56566/56566 fqs=0
[ 1392.210000]  (detected by 3, t=6003 jiffies, g=14669, c=14668, q=11973)
[ 1392.210000] Task dump for CPU 2:
[ 1392.220000] swapper/2       R running      0     0      1 0x00100000
[ 1392.220000] Stack : 00000000 4e88ab25 00000148 ffffffff 0000011d
773206f0 8045a2a4 80410000
[ 1392.220000]    8041275c 00000001 00000000 804125e0 80412724
80410000 000010d9 800132e8
[ 1392.220000]    1100fc03 00000002 8fc62000 8fc63ec0 80410000
8005c870 1100fc03 00000002
[ 1392.220000]    00000000 80410000 8045a2a4 8005c868 80410000
8001ade0 1100fc03 00000000
[ 1392.220000]    00000004 804124a0 000000a0 8001ade8 fbffbfdf
7fff7b3b 7ffaeff8 67fbffff
[ 1392.220000]    ...
[ 1392.260000] Call Trace:
[ 1392.260000] [<8000bba8>] __schedule+0x574/0x758
[ 1392.270000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
[ 1392.270000]
[ 1392.270000] rcu_sched kthread starved for 6009 jiffies! g14669
c14668 f0x0 s3 ->state=0x1



>
>
>>
>> On 11/11/2016 9:08 AM, Outback Dingo wrote:
>>>
>>> On Fri, Nov 11, 2016 at 9:04 PM, Noah Causin <n0manletter@gmail.com>
>>> wrote:
>>>>
>>>> Do you build your firmware from the git repository?
>>>>
>>>>
>>> Yes it is built from a recent trunk, as of yesterday
>>>
>>>
>>>> On 11/10/2016 11:28 PM, Outback Dingo wrote:
>>>>>
>>>>> On Fri, Nov 11, 2016 at 10:52 AM, Outback Dingo <outbackdingo@gmail.com>
>>>>> wrote:
>>>>>>
>>>>>> On Fri, Nov 11, 2016 at 10:42 AM, Noah Causin <n0manletter@gmail.com>
>>>>>> wrote:
>>>>>>>
>>>>>>> I took an extra router I had and bridged two ports on the router's
>>>>>>> switch,
>>>>>>> so they just pass traffic. (eth0.2 and eth0.3)
>>>>>>>
>>>>>>> Clients >-[Main Router] --[Extra Router]--[Cable-Modem]
>>>>>>>
>>>>>>> The extra router is passive.  It acts like it's part of the Ethernet
>>>>>>> cable
>>>>>>> between the main router and cable modem.  It does not interfere.
>>>>>>>
>>>>>>> The extra router needs these packages:
>>>>>>>
>>>>>>> kmod-ebtables, kmod-ebtables-ipv4, kmod-crypto-pcompress and the two
>>>>>>> packages compiled from the Makefile I showed below (iptables-mod-ndpi
>>>>>>> and
>>>>>>> iptables-mod-ndpi)
>>>>>>>
>>>>>>> I edited /etc/sysctl.conf and change the last two lines to this:
>>>>>>>
>>>>>>> net.bridge.bridge-nf-call-ip6tables=1
>>>>>>> net.bridge.bridge-nf-call-iptables=1
>>>>>>>
>>>>>>> This enables bridge firewalling, so the traffic between the two ports
>>>>>>> can be
>>>>>>> marked.
>>>>>>>
>>>>>>> I then added firewall rules to LuCIs custom firewall rules tab.
>>>>>>>
>>>>>>> Example Rules, modify classes as desired:
>>>>>>>
>>>>>>> iptables -t mangle -A FORWARD -m ndpi --steam -m mac ! --mac-source
>>>>>>> Your
>>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs0
>>>>>>> iptables -t mangle -A FORWARD -m ndpi --youtube -m mac ! --mac-source
>>>>>>> Your
>>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs2
>>>>>>>
>>>>>>> iptables -t mangle -A FORWARD -m ndpi --netflix -m mac ! --mac-source
>>>>>>> Your
>>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs3
>>>>>>> iptables -t mangle -A FORWARD -m ndpi --skype -m mac ! --mac-source
>>>>>>> Your
>>>>>>> Main Router's Mac Address -j DSCP --set-dscp-class cs4
>>>>>>>
>>>>>>> Have your main router use some form of DiffServ for both upload and
>>>>>>> download
>>>>>>> on its WAN interface.  For upload traffic, you just need the two
>>>>>>> packages
>>>>>>> from the makefile to be installed on the main router and create
>>>>>>> firewall
>>>>>>> rules like this:
>>>>>>>
>>>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --netflix -j DSCP
>>>>>>> --set-dscp-class cs3
>>>>>>> iptables -t mangle -A FORWARD -o eth2 -m ndpi --skype -j DSCP
>>>>>>> --set-dscp-class cs4
>>>>>>>
>>>>>>> If you need help building a custom firmware image, just let me know.
>>>>>>>
>>>>>> Ok got it, its in-line.... right now im fighting the GFW of China
>>>>>> using shadowsocks and chinadns so im pretty customized already,
>>>>>> i was having issues with sqm and kernel segfaults on 4.4.30 ill build
>>>>>> a cake and DPI image and see how that goes, maybe Ill try this
>>>>>> after i deem sqm is stable with cake on this build. It a ZBT-WG3526
>>>>>> router... so its ralink based
>>>>>
>>>>> like i stated on LEDE major issues when sqm is enabled.... even with
>>>>> cake... is nobody else seeing these issues?
>>>>>
>>>>> [  569.020000]  1-...: (6 GPs behind) idle=236/0/0 softirq=50607/50613
>>>>> fqs=1
>>>>> [  569.020000]  (detected by 0, t=6002 jiffies, g=5799, c=5798, q=573)
>>>>> [  569.020000] Task dump for CPU 1:
>>>>> [  569.020000] swapper/1       R running      0     0      1 0x00100000
>>>>> [  569.020000] Stack : 00000000 00000001 00000015 00000000 00000000
>>>>> 00000001 8045a2a4 80410000
>>>>> [  569.020000]    8041275c 00000001 00000001 80412540 80412724
>>>>> 80410000 00000000 800132e8
>>>>> [  569.020000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
>>>>> 8005c870 1100fc03 00000001
>>>>> [  569.020000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>>> 8001ade0 1100fc03 00000000
>>>>> [  569.020000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>>>> aefffbff fff77fe7 dfffffef
>>>>> [  569.020000]    ...
>>>>> [  569.020000] Call Trace:
>>>>> [  569.020000] [<8000bba8>] __schedule+0x574/0x758
>>>>> [  569.020000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>>> [  569.020000]
>>>>> [  569.020000] rcu_sched kthread starved for 6001 jiffies! g5799 c5798
>>>>> f0x0 s3 ->state=0x1
>>>>> [  629.130000] INFO: rcu_sched detected stalls on CPUs/tasks:
>>>>> [  629.130000]  1-...: (8 GPs behind) idle=756/0/0 softirq=50607/50613
>>>>> fqs=1
>>>>> [  629.130000]  (detected by 0, t=6002 jiffies, g=5801, c=5800, q=653)
>>>>> [  629.130000] Task dump for CPU 1:
>>>>> [  629.130000] swapper/1       R running      0     0      1 0x00100000
>>>>> [  629.130000] Stack : 00000000 bfd47c67 00000094 ffffffff 00000081
>>>>> 00000011 8045a2a4 80410000
>>>>> [  629.130000]    8041275c 00000001 00000001 80412540 80412724
>>>>> 80410000 000010d9 800132e8
>>>>> [  629.130000]    1100fc03 00000001 8fc60000 8fc61ec0 80410000
>>>>> 8005c870 1100fc03 00000001
>>>>> [  629.130000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>>> 8001ade0 1100fc03 00000000
>>>>> [  629.130000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>>>> aefffbff fff77fe7 dfffffef
>>>>> [  629.130000]    ...
>>>>> [  629.130000] Call Trace:
>>>>> [  629.130000] [<8000bba8>] __schedule+0x574/0x758
>>>>> [  629.130000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>>> [  629.130000]
>>>>> [  629.130000] rcu_sched kthread starved for 6001 jiffies! g5801 c5800
>>>>> f0x0 s3 ->state=0x1
>>>>> [  692.940000] INFO: rcu_sched detected stalls on CPUs/tasks:
>>>>> [  692.940000]  1-...: (0 ticks this GP) idle=4c2/0/0
>>>>> softirq=50613/50613 fqs=0
>>>>> [  692.940000]  2-...: (25 GPs behind) idle=55a/0/0 softirq=28459/28460
>>>>> fqs=0
>>>>> [  692.940000]  3-...: (25 GPs behind) idle=5c2/0/0 softirq=30711/30982
>>>>> fqs=0
>>>>> [  692.940000]  (detected by 0, t=6002 jiffies, g=5824, c=5823, q=3190)
>>>>> [  692.940000] Task dump for CPU 1:
>>>>> [  692.940000] swapper/1       R running      0     0      1 0x00100000
>>>>> [  692.940000] Stack : 00000000 3646fb94 000000af ffffffff 0000008f
>>>>> d2f1a9fc 8045a2a4 80410000
>>>>> [  692.940000]    8041275c 00000001 00000001 80412540 80412724
>>>>> 80410000 000010d9 800132e8
>>>>> [  692.940000]    00000000 00000001 8fc60000 8fc61ec0 80410000
>>>>> 8005c870 1100fc03 00000001
>>>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>>> 8001ade0 1100fc03 00000000
>>>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fe9ff9db
>>>>> aefffbff fff77fe7 dfffffef
>>>>> [  692.940000]    ...
>>>>> [  692.940000] Call Trace:
>>>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>>> [  692.940000]
>>>>> [  692.940000] Task dump for CPU 2:
>>>>> [  692.940000] swapper/2       R running      0     0      1 0x00100000
>>>>> [  692.940000] Stack : 00000000 00000001 00000010 00000000 00000000
>>>>> 00010001 8045a2a4 80410000
>>>>> [  692.940000]    8041275c 00000001 00000000 804125e0 80412724
>>>>> 80410000 00000000 800132e8
>>>>> [  692.940000]    1100fc03 00000002 8fc62000 8fc63ec0 80410000
>>>>> 8005c870 1100fc03 00000002
>>>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>>> 8001ade0 1100fc03 00000000
>>>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fbffbfdf
>>>>> 7fff7b3b 7ffaeff8 67fbffff
>>>>> [  692.940000]    ...
>>>>> [  692.940000] Call Trace:
>>>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>>> [  692.940000]
>>>>> [  692.940000] Task dump for CPU 3:
>>>>> [  692.940000] swapper/3       R running      0     0      1 0x00100000
>>>>> [  692.940000] Stack : 00000000 a69c5765 000000a3 ffffffff 0000008f
>>>>> 00000020 8045a2a4 80410000
>>>>> [  692.940000]    8041275c 00000001 00000001 80412680 80412724
>>>>> 80410000 000010d9 800132e8
>>>>> [  692.940000]    1100fc03 00000003 8fc64000 8fc65ec0 80410000
>>>>> 8005c870 1100fc03 00000003
>>>>> [  692.940000]    00000000 80410000 8045a2a4 8005c868 80410000
>>>>> 8001ade0 1100fc03 00000000
>>>>> [  692.940000]    00000004 804124a0 000000a0 8001ade8 fefffbdb
>>>>> aefffbfb fff77fe7 dfffffef
>>>>> [  692.940000]    ...
>>>>> [  692.940000] Call Trace:
>>>>> [  692.940000] [<8000bba8>] __schedule+0x574/0x758
>>>>> [  692.940000] [<800132e8>] r4k_wait_irqoff+0x0/0x20
>>>>> [  692.940000]
>>>>> [  692.940000] rcu_sched kthread starved for 6002 jiffies! g5824 c5823
>>>>> f0x0 s3 ->state=0x1
>>>>> root@lede:~# packet_write_wait: Connection to 192.168.20.1 port 22:
>>>>> Broken
>>>>> pipe
>>>>>
>>>>>
>>>>>>> On 11/10/2016 9:06 PM, Outback Dingo wrote:
>>>>>>>
>>>>>>> On Fri, Nov 11, 2016 at 9:55 AM, Noah Causin <n0manletter@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> I finally got my project working.
>>>>>>>
>>>>>>> I integrated the NDPI Deep Packet Inspection engine into my LEDE
>>>>>>> build,
>>>>>>> so I
>>>>>>> could prioritize applications using Cake.
>>>>>>>
>>>>>>> http://www.ntop.org/products/deep-packet-inspection/ndpi/
>>>>>>>
>>>>>>> NDPI integrates into IPTables, which allows me to DSCP mark packets.
>>>>>>> Cake
>>>>>>> reads the DiffServ markings and puts the traffic into appropriate
>>>>>>> classes.
>>>>>>>
>>>>>>> I found a Makefile which successfully compiles:
>>>>>>>
>>>>>>>
>>>>>>> https://github.com/981213/lede_src/blob/0d344bc2958838dcbc547a8f0a3d8842e6f6d2f8/package/my_package/ndpi-netfilter/Makefile
>>>>>>>
>>>>>>> The system works very well.  Steam traffic is deprioritized to allow
>>>>>>> applications like YouTube, Netflix, and Skype to receive higher
>>>>>>> amounts
>>>>>>> of
>>>>>>> the available bandwidth.
>>>>>>>
>>>>>>> What I do for ingress is bridge two ports on an extra router, enable
>>>>>>> bridge
>>>>>>> firewalling, and create IPTables rules to mark downstream packets.
>>>>>>> The
>>>>>>> router I use is a D-Link DGL-5500, which is comparable to an Archer
>>>>>>> C7.
>>>>>>>
>>>>>>> IPv6 support is not available in this netfilter module, but the IPv4
>>>>>>> support
>>>>>>> is great.
>>>>>>>
>>>>>>> Noah Causin
>>>>>>>
>>>>>>> very nice.... however, can you describe a bit better how you
>>>>>>> configured for ingress ? a second router?  configuration file ? your
>>>>>>> high level description seems a bit confusing to me
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Cake mailing list
>>>>>>> Cake@lists.bufferbloat.net
>>>>>>> https://lists.bufferbloat.net/listinfo/cake
>>>>>>>
>>>>>>>
>>

Re: [Cake] Cake with Deep Packet Inspection

[Jonathan Morton]

[-- Attachment #1: Type: text/plain, Size: 186 bytes --]

Looks like the task that's stalling is the swapper.  That could point to an
inappropriate swap device or too much memory being used.  Can you give the
relevant stats?

- Jonathan Morton

[-- Attachment #2: Type: text/html, Size: 234 bytes --]

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

well not sure what stats you want... just for kicks and giggles though
i created an identical openwrt build for the same router on kernel
4.4.14
seems stable enough......

this is from the running system, as i typed this i did hit  another
INFO: rcu_sched detected stalls on CPUs/tasks:

tc -s qdisc show
qdisc noqueue 0: dev lo root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 27945112 bytes 54152 pkt (dropped 0, overlimits 0 requeues 3)
backlog 0b 0p requeues 3
 maxpacket 1506 drop_overlimit 0 new_flow_count 227 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc noqueue 0: dev br-lan root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc noqueue 0: dev eth0.1 root refcnt 2
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc cake 800a: dev eth0.2 root refcnt 2 bandwidth 100Mbit diffserv4
flows rtt 100.0ms raw
Sent 7656207 bytes 29112 pkt (dropped 0, overlimits 2763 requeues 0)
backlog 0b 0p requeues 0
memory used: 30496b of 5000000b
capacity estimate: 100Mbit
                Bulk   Best Effort      Video       Voice
 thresh       100Mbit   93750Kbit      75Mbit      25Mbit
 target         5.0ms       5.0ms       5.0ms       5.0ms
 interval     100.0ms     100.0ms     100.0ms     100.0ms
 pk_delay         0us       1.3ms        13us         0us
 av_delay         0us       164us         0us         0us
 sp_delay         0us        76us         0us         0us
 pkts               0       29094          18           0
 bytes              0     7654587        1620           0
 way_inds           0         273           0           0
 way_miss           0        4395          18           0
 way_cols           0           0           0           0
 drops              0           0           0           0
 marks              0           0           0           0
 sp_flows           0           1           0           0
 bk_flows           0           1           0           0
 un_flows           0           0           0           0
 max_len            0        8964          90           0

qdisc ingress ffff: dev eth0.2 parent ffff:fff1 ----------------
Sent 19329083 bytes 21990 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc mq 0: dev wlan1 root
Sent 42420 bytes 220 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc fq_codel 0: dev wlan1 parent :1 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 648 bytes 3 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev wlan1 parent :2 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev wlan1 parent :3 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 41772 bytes 217 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev wlan1 parent :4 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc mq 0: dev wlan0 root
Sent 4409 bytes 41 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
qdisc fq_codel 0: dev wlan0 parent :1 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev wlan0 parent :2 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev wlan0 parent :3 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 4409 bytes 41 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev wlan0 parent :4 limit 1024p flows 128 quantum
1514 target 5.0ms interval 100.0ms ecn
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc fq_codel 0: dev zt0 root refcnt 2 limit 1024p flows 128 quantum
2814 target 5.0ms interval 100.0ms ecn
Sent 738 bytes 7 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
 maxpacket 0 drop_overlimit 0 new_flow_count 0 ecn_mark 0
 new_flows_len 0 old_flows_len 0
qdisc cake 800b: dev ifb4eth0.2 root refcnt 2 bandwidth 185Mbit
besteffort flows rtt 100.0ms raw
Sent 19683131 bytes 21990 pkt (dropped 0, overlimits 3357 requeues 0)
backlog 0b 0p requeues 0
memory used: 17344b of 9250000b
capacity estimate: 185Mbit
                Tin 0
 thresh       185Mbit
 target         5.0ms
 interval     100.0ms
 pk_delay       102us
 av_delay        16us
 sp_delay         2us
 pkts           21990
 bytes       19683131
 way_inds         126
 way_miss        1918
 way_cols           0
 drops              0
 marks              0
 sp_flows           0
 bk_flows           1
 un_flows           0
 max_len         8976



Mem: 48476K used, 466248K free, 584K shrd, 4160K buff, 11488K cached
CPU:   0% usr   0% sys   0% nic  99% idle   0% io   0% irq   0% sirq
Load average: 0.65 0.28 0.10 2/94 2791

On Sat, Nov 12, 2016 at 2:36 AM, Jonathan Morton <chromatix99@gmail.com> wrote:
> Looks like the task that's stalling is the swapper.  That could point to an
> inappropriate swap device or too much memory being used.  Can you give the
> relevant stats?
>
> - Jonathan Morton

Re: [Cake] Cake with Deep Packet Inspection

[Jonathan Morton]

[-- Attachment #1: Type: text/plain, Size: 300 bytes --]

Seems to have plenty of memory free, so it's not actually the swapper.  It
could be that's just the default PID used when there isn't a result
identifiable process to finger.

So instead we might be looking at too much time spent in interrupt state.
That's always fun to diagnose.

- Jonathan Morton

[-- Attachment #2: Type: text/html, Size: 376 bytes --]

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

On Sat, Nov 12, 2016 at 10:51 PM, Jonathan Morton <chromatix99@gmail.com> wrote:
> Seems to have plenty of memory free, so it's not actually the swapper.  It
> could be that's just the default PID used when there isn't a result
> identifiable process to finger.
>
> So instead we might be looking at too much time spent in interrupt state.
> That's always fun to diagnose.

welp no joy then... cant use sqm.... spontaneous reboots pretty
often.... sometimes in less then 5 minutes
damn......

>
> - Jonathan Morton

Re: [Cake] Cake with Deep Packet Inspection

[Dave Taht]

I'm curious - is this all better now?

Did the NDPI code make it into lede mainline?

On Sun, Nov 13, 2016 at 12:28 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
> On Sat, Nov 12, 2016 at 10:51 PM, Jonathan Morton <chromatix99@gmail.com> wrote:
>> Seems to have plenty of memory free, so it's not actually the swapper.  It
>> could be that's just the default PID used when there isn't a result
>> identifiable process to finger.
>>
>> So instead we might be looking at too much time spent in interrupt state.
>> That's always fun to diagnose.
>
> welp no joy then... cant use sqm.... spontaneous reboots pretty
> often.... sometimes in less then 5 minutes
> damn......
>
>>
>> - Jonathan Morton
> _______________________________________________
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake



-- 
Dave Täht
Let's go make home routers and wifi faster! With better software!
http://blog.cerowrt.org

Re: [Cake] Cake with Deep Packet Inspection

[Outback Dingo]

well... i did pick this back upo this week to see if it could be
rounded out and submitted, if anyoone knoows different let me know
On Mon, Jan 16, 2017 at 8:47 PM Dave Taht <dave.taht@gmail.com> wrote:
>
> I'm curious - is this all better now?
>
> Did the NDPI code make it into lede mainline?
>
> On Sun, Nov 13, 2016 at 12:28 AM, Outback Dingo <outbackdingo@gmail.com> wrote:
> > On Sat, Nov 12, 2016 at 10:51 PM, Jonathan Morton <chromatix99@gmail.com> wrote:
> >> Seems to have plenty of memory free, so it's not actually the swapper.  It
> >> could be that's just the default PID used when there isn't a result
> >> identifiable process to finger.
> >>
> >> So instead we might be looking at too much time spent in interrupt state.
> >> That's always fun to diagnose.
> >
> > welp no joy then... cant use sqm.... spontaneous reboots pretty
> > often.... sometimes in less then 5 minutes
> > damn......
> >
> >>
> >> - Jonathan Morton
> > _______________________________________________
> > Cake mailing list
> > Cake@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/cake
>
>
>
> --
> Dave Täht
> Let's go make home routers and wifi faster! With better software!
> http://blog.cerowrt.org