<div dir="ltr">hm, it looks like somebody is still maintaining the l7-protocols package in openwrt -> <a href="https://github.com/openwrt/packages/blob/5600fdeeeec861c0359d6d53d1a1518b1817630d/net/l7-protocols/Makefile">https://github.com/openwrt/packages/blob/5600fdeeeec861c0359d6d53d1a1518b1817630d/net/l7-protocols/Makefile</a><br><a href="https://github.com/gwlim/wr1043nd-chaos-calmer-patch/blob/master/openwrt-patch/037-fix-l7-filter.patch">https://github.com/gwlim/wr1043nd-chaos-calmer-patch/blob/master/openwrt-patch/037-fix-l7-filter.patch</a><br></div><div class="gmail_extra"><br><div class="gmail_quote">2014-11-21 12:51 GMT+01:00 Sebastian Moeller <span dir="ltr"><<a href="mailto:moeller0@gmx.de" target="_blank">moeller0@gmx.de</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">HI Dane hi Dave,<br>
<span class=""><br>
<br>
On Nov 20, 2014, at 17:25 , Dane Medic <<a href="mailto:dm70dm@gmail.com">dm70dm@gmail.com</a>> wrote:<br>
<br>
> Thank you for advice Dave. I'm just looking around how to set-up layer 7 inspection, I've also found this -> <a href="http://luci.subsignal.org/trac/browser/luci/trunk/contrib/package/freifunk-p2pblock?rev=" target="_blank">http://luci.subsignal.org/trac/browser/luci/trunk/contrib/package/freifunk-p2pblock?rev=</a><br>
> It would be very nice if someone could "merge" this with simple.qos, I don't really know how, yet.<br>
<br>
</span>See the last comment in <a href="https://dev.openwrt.org/ticket/8590" target="_blank">https://dev.openwrt.org/ticket/8590</a> it seems that L7 filters are on the way out in openwrt. If I understand correctly L7 does regular expression search of each packet (which are documented as not perfect and potentially slow), I would not be amazed if that would be really costly on your wndr. You might be “saved” though by your slow link ;) . Also L& filters doe not really work with encrypted packets, so a malicious (actually mischievous would be enough) torrent client could mask its packets out of the filter match by encryption.<br>
<span class=""><br>
<br>
><br>
> 2014-11-20 15:40 GMT+01:00 Dave Taht <<a href="mailto:dave.taht@gmail.com">dave.taht@gmail.com</a>>:<br>
> I would be surprised if you could tolerate a *single* big download<br>
> while watching a movie, at 4mbit/512k, much less torrents, which are 6<br>
> or more.<br>
><br>
> That said, most torrent clients are configurable in several ways.<br>
><br>
> 1) You can limit the number of download flows to something far less<br>
> than 6. Try 1 or 2.<br>
><br>
> 2) You can typically rate limit them in the client to a lower rate<br>
> during the day and a higher rate at night.<br>
><br>
> 3) You can tell them to mark the torrents as background (QoS marking<br>
> CS1), but that only helps on uploads vs the simple.qos script.<br>
<br>
</span> I think this is the best approach to take, actively configure the torrent client to be a good citizen...<br>
<span class=""><br>
><br>
> At the router itself, you can try things like identifying torrent<br>
> traffic via a consistent port number (if you have one) to toss it into<br>
> the background queue , or try qos-scripts which has a layer 7 dpi<br>
> tool.<br>
<br>
</span> If you have just a single torrent application you are concerned with you could capture a few incoming and outgoing packets and see whether you can find a “signature” for these packets in the data and then create “tc filter” invocations just against your specific torrent application…<br>
I fear there is no automatic solution that will get all this right, and hence the prudent way would be for SQM to use the background queue as the default queue for everything (instead of the best effort queue) and then selectively promote reasonable traffic to the other queues. (But that means everything not classified will share a queue /suffer with the torrents until special cased by a promotion rule).<br>
<br>
<br>
Best Regards<br>
<span class="HOEnZb"><font color="#888888"> Sebastian<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
><br>
><br>
><br>
><br>
> On Thu, Nov 20, 2014 at 6:13 AM, Dane Medic <<a href="mailto:dm70dm@gmail.com">dm70dm@gmail.com</a>> wrote:<br>
> > dpreed, thank you for response. I'm already using fq_codel with cerowrt and<br>
> > I don't think it does what I want (or maybe I want too much :)<br>
> ><br>
> > So the steps I've made:<br>
> > flashed wndr3700v2 with cerowrt 3.10.50-1 then I've measured:<br>
> ><br>
> > root@cerowrt:/usr/lib/CeroWrtScripts# sh betterspeedtest.sh -p <a href="http://wlan-si.net" target="_blank">wlan-si.net</a><br>
> > -t 120<br>
> > 2014-11-20 12:18:34 Testing against <a href="http://netperf.bufferbloat.net" target="_blank">netperf.bufferbloat.net</a> (ipv4) with 5<br>
> > simultaneous sessions while pinging <a href="http://wlan-si.net" target="_blank">wlan-si.net</a> (120 seconds in each<br>
> > direction)<br>
> > .........................................................................................................................<br>
> > Download: 3.78 Mbps<br>
> > Latency: (in msec, 119 pings, 0.00% packet loss)<br>
> > Min: 13.077<br>
> > 10pct: 251.522<br>
> > Median: 317.851<br>
> > Avg: 308.497<br>
> > 90pct: 371.033<br>
> > Max: 376.132<br>
> > ............................................................................................................................<br>
> > Upload: 0.48 Mbps<br>
> > Latency: (in msec, 103 pings, 0.00% packet loss)<br>
> > Min: 12.278<br>
> > 10pct: 12.727<br>
> > Median: 18.359<br>
> > Avg: 23.256<br>
> > 90pct: 33.971<br>
> > Max: 180.303<br>
> ><br>
> > Then I've put these commands:<br>
> ><br>
> > uci set sqm.ge00.enabled=1<br>
> > uci set sqm.ge00.download=3200<br>
> > uci set sqm.ge00.qdisc=nfq_codel<br>
> > uci commit sqm<br>
> > reboot<br>
> ><br>
> > And another measure:<br>
> ><br>
> > root@cerowrt:/usr/lib/CeroWrtScripts# sh betterspeedtest.sh -p <a href="http://wlan-si.net" target="_blank">wlan-si.net</a><br>
> > -t 120<br>
> > 2014-11-20 12:49:05 Testing against <a href="http://netperf.bufferbloat.net" target="_blank">netperf.bufferbloat.net</a> (ipv4) with 5<br>
> > simultaneous sessions while pinging <a href="http://wlan-si.net" target="_blank">wlan-si.net</a> (120 seconds in each<br>
> > direction)<br>
> > .........................................................................................................................<br>
> > Download: 2.74 Mbps<br>
> > Latency: (in msec, 121 pings, 0.00% packet loss)<br>
> > Min: 12.210<br>
> > 10pct: 13.002<br>
> > Median: 15.077<br>
> > Avg: 15.095<br>
> > 90pct: 16.968<br>
> > Max: 18.599<br>
> > .............................................................................................................................<br>
> > Upload: 0.49 Mbps<br>
> > Latency: (in msec, 101 pings, 0.00% packet loss)<br>
> > Min: 12.255<br>
> > 10pct: 12.684<br>
> > Median: 16.679<br>
> > Avg: 23.100<br>
> > 90pct: 34.019<br>
> > Max: 170.173<br>
> ><br>
> > The tests doesn't look bad, but the problem is I watch a video clip on<br>
> > youtube and my sister starts torrent client, I can't watch anymore.<br>
> ><br>
> > Cheers<br>
> ><br>
> > _______________________________________________<br>
> > Cerowrt-devel mailing list<br>
> > <a href="mailto:Cerowrt-devel@lists.bufferbloat.net">Cerowrt-devel@lists.bufferbloat.net</a><br>
> > <a href="https://lists.bufferbloat.net/listinfo/cerowrt-devel" target="_blank">https://lists.bufferbloat.net/listinfo/cerowrt-devel</a><br>
> ><br>
><br>
><br>
><br>
> --<br>
> Dave Täht<br>
><br>
> thttp://<a href="http://www.bufferbloat.net/projects/bloat/wiki/Upcoming_Talks" target="_blank">www.bufferbloat.net/projects/bloat/wiki/Upcoming_Talks</a><br>
><br>
> _______________________________________________<br>
> Cerowrt-devel mailing list<br>
> <a href="mailto:Cerowrt-devel@lists.bufferbloat.net">Cerowrt-devel@lists.bufferbloat.net</a><br>
> <a href="https://lists.bufferbloat.net/listinfo/cerowrt-devel" target="_blank">https://lists.bufferbloat.net/listinfo/cerowrt-devel</a><br>
<br>
</div></div></blockquote></div><br></div>