Modify

Opened 6 years ago

Last modified 4 years ago

#11088 reopened defect

Multiwan Broke QoS (killed network performance)

Reported by: anonymous Owned by: developers
Priority: highest Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: multiwan, qos, iptables, firewall Cc:

Description

Hello I want report this multiple bugs

If we have multiwan started QoS will stop of work.

If i turn off multiwan and restart QoS (to get iptables rules apply again) all is working again.

The multiwan script clear references of qos_Default, qos_Default_ct, zone_wan_MSSFIX Chains

This is a big issue for users who use multiwan scripts.

I noticed that testing my network performance and i see my QoS was not working.

Cheers.

Chain qos_Default (References: 0)
Rule #	Pkts.	Traffic	Target	Prot.	Flags	In	Out	Source	Destination	Options
1	0	0.00 B	CONNMARK	all	--	*	*	0.0.0.0/0	0.0.0.0/0	CONNMARK restore mask 0xff
2	0	0.00 B	qos_Default_ct	all	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff
3	0	0.00 B	MARK	all	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x1/0xff length 400:65535 MARK and 0xffffff00
4	0	0.00 B	MARK	all	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x2/0xff length 800:65535 MARK and 0xffffff00
5	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff length 0:500 MARK xset 0x2/0xff
6	0	0.00 B	MARK	icmp	--	*	*	0.0.0.0/0	0.0.0.0/0	MARK xset 0x1/0xff
7	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
8	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
9	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	length 0:128 mark match !0x4/0xff tcp flags:0x3F/0x02 MARK xset 0x1/0xff
10	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	length 0:128 mark match !0x4/0xff tcp flags:0x3F/0x10 MARK xset 0x1/0xff

Chain qos_Default_ct (References: 1)
Rule #	Pkts.	Traffic	Target	Prot.	Flags	In	Out	Source	Destination	Options
1	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff tcp spts:7800:28950 dpts:7800:28950 MARK xset 0x4/0xff
2	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp spts:7800:28950 dpts:7800:28950 MARK xset 0x4/0xff
3	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff tcp spts:29000:65535 dpts:29000:65535 MARK xset 0x4/0xff
4	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp spts:29000:65535 dpts:29000:65535 MARK xset 0x4/0xff
5	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff tcp multiport ports 2106,7777,3306,28960,28961,28962,28963 MARK xset 0x2/0xff
6	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp multiport ports 2106,7777,3306,28960,28961,28962,28963 MARK xset 0x2/0xff
7	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp multiport ports 22,53 MARK xset 0x1/0xff
8	0	0.00 B	CONNMARK	all	--	*	*	0.0.0.0/0	0.0.0.0/0	CONNMARK save mask 0xff

Chain zone_wan_MSSFIX (References: 0)
Rule #	Pkts.	Traffic	Target	Prot.	Flags	In	Out	Source	Destination	Options
1	0	0.00 B	TCPMSS	tcp	--	*	eth1	0.0.0.0/0	0.0.0.0/0	tcp flags:0x06/0x02 TCPMSS clamp to PMTU
2	0	0.00 B	TCPMSS	tcp	--	*	eth0.2	0.0.0.0/0	0.0.0.0/0	tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Attachments (0)

Change History (7)

comment:1 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Fixed with r30833.

comment:2 Changed 6 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

QoS stay broked into MultiWan management, when this will be fixed?

comment:3 Changed 6 years ago by jow

  • Resolution set to invalid
  • Status changed from reopened to closed

When you learn to do proper bug reports because I have zero clue what you're talking about.

comment:4 Changed 6 years ago by anonymous

  • Resolution invalid deleted
  • Status changed from closed to reopened

in r30833

jow say: "Info: For the moment the qos management of the multiwan package is broken (it's speaks about IMQ, instead of IFB)"

I checked into multiwan script in qos_init()
and the script must create a new chain named: MultiWanQoS
i checked into firewall status and chain is not created.

qos_init() {
    local ifname
    local queue_count
    local get_wan_tc
    local get_wan_iptables
    local add_qos_iptables
    local add_qos_tc
    local execute
    local iprule
    local qos_if_test

    ifname=$(query_config ifname $1)

    if [ "$ifname" == "x" ]; then
	return
    fi

    qos_if_test=$(echo $qos_if_done | grep $ifname.)

    if [ ! -z "$qos_if_test" ]; then
	return
    fi

    qos_if_done=$(echo ${qos_if_done}.${ifname})

    queue_count=$(tc filter list dev $ifname | tail -n 1 | awk -F " " '{print $10}' | sed "s/0x//g")

    if [ -z "$queue_count" ]; then
	return
    fi

    queue_count=$(($queue_count + 1))

    iptables -t mangle -N qos_${1}
    iptables -t mangle -N qos_${1}_ct

    get_wan_tc=$(tc filter list dev $ifname | grep "0x" | sed -e "s/filter /tc filter add dev $ifname /g" -e "s/pref/prio/g" -e "s/fw//g") 
    get_wan_iptables=$(iptables-save | egrep  '(-A Default )|(-A Default_ct )' | grep -v "MultiWanQoS" | sed -e "s/Default /qos_${1} /g" -e "s/Default_ct /qos_${1}_ct /g" -e "s/-A/iptables -t mangle -A/g")


    local i=0
    while [ $i -lt $queue_count ]; do 
	echo "s/\(0x$i \|0x$i\/0xffffffff\)/0x$(($2 * 10 + $i)) /g" >> /tmp/.mwan/qos.$1.sedfilter
	i=$(($i + 1))
    done

    add_qos_iptables=$(echo "$get_wan_iptables" | sed -f /tmp/.mwan/qos.$1.sedfilter)
    echo "$add_qos_iptables" | while read execute; do ${execute}; done

    rm /tmp/.mwan/qos.$1.sedfilter 
    i=1
    while [ $i -lt $queue_count ]; do 
	echo "s/0x$i /0x${2}${i} fw /g" >> /tmp/.mwan/qos.$1.sedfilter
	i=$(($i + 1))
    done

    add_qos_tc=$(echo "$get_wan_tc" | sed -f /tmp/.mwan/qos.$1.sedfilter)
    echo "$add_qos_tc" | while read execute; do ${execute}; done
    rm /tmp/.mwan/qos.$1.sedfilter

    i=0
    while [ $i -lt $queue_count ]; do
	if [ $i -lt $(($queue_count - 1)) ]; then
	    ip rule add fwmark 0x$(($2 * 10 + $i + 1)) table $(($2 + 170)) prio $(( $2 * 10 + $i + 2))
	fi
	iptables -t mangle -A MultiWanQoS -m mark --mark 0x$(($2 * 10 + $i)) -j qos_${1}
	i=$(($i + 1))
    done
}

firewall status:

Chain qos_Default (References: 2)
Rule #	Pkts.	Traffic	Target	Prot.	Flags	In	Out	Source	Destination	Options
1	4556319	324.21 MB	CONNMARK	all	--	*	*	0.0.0.0/0	0.0.0.0/0	CONNMARK restore mask 0xff
2	0	0.00 B	qos_Default_ct	all	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff
3	0	0.00 B	MARK	all	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x1/0xff length 400:65535 MARK and 0xffffff00
4	0	0.00 B	MARK	all	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x2/0xff length 800:65535 MARK and 0xffffff00
5	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff length 0:500 MARK xset 0x2/0xff
6	156328	19.09 MB	MARK	icmp	--	*	*	0.0.0.0/0	0.0.0.0/0	MARK xset 0x1/0xff
7	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff tcp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
8	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp spts:1024:65535 dpts:1024:65535 MARK xset 0x4/0xff
9	82477	4.06 MB	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	length 0:128 mark match !0x4/0xff tcp flags:0x3F/0x02 MARK xset 0x1/0xff
10	1374511	55.90 MB	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	length 0:128 mark match !0x4/0xff tcp flags:0x3F/0x10 MARK xset 0x1/0xff

Chain qos_Default_ct (References: 1)
Rule #	Pkts.	Traffic	Target	Prot.	Flags	In	Out	Source	Destination	Options
1	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff tcp spts:7800:28955 dpts:7800:28955 MARK xset 0x4/0xff
2	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp spts:7800:28955 dpts:7800:28955 MARK xset 0x4/0xff
3	0	0.00 B	MARK	tcp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff tcp spts:29000:65535 dpts:29000:65535 MARK xset 0x4/0xff
4	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp spts:29000:65535 dpts:29000:65535 MARK xset 0x4/0xff
5	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp multiport ports 22,53 MARK xset 0x1/0xff
6	0	0.00 B	MARK	udp	--	*	*	0.0.0.0/0	0.0.0.0/0	mark match 0x0/0xff udp multiport ports 2106,7777,3306,28960,28961,28962,28963 MARK xset 0x2/0xff
7	0	0.00 B	CONNMARK	all	--	*	*	0.0.0.0/0	0.0.0.0/0	CONNMARK save mask 0xff

comment:5 Changed 6 years ago by jow

  • Resolution set to invalid
  • Status changed from reopened to closed

But this is completely unrelated to the issue this ticket is about, create a separate one for it.

comment:6 Changed 6 years ago by Guilhem Lettron <guilhem+openwrt@…>

  • Resolution invalid deleted
  • Status changed from closed to reopened

This bug is the same as in #10530 and #11133

Here is a beginning of patch (at least for qos detection) :

--- Téléchargements/multiwan (1)	2012-04-25 17:31:03.216814428 +0200
+++ /tmp/multiwan	2012-04-25 17:38:29.380820224 +0200
@@ -284,7 +284,7 @@
 	iptables -t mangle -X FW${i}MARK
     done
 
-    if [ ! -z "$CHKFORQOS" ]; then
+    if $CHKFORQOS ; then
 	iptables -t mangle -F PREROUTING
 	iptables -t mangle -F FORWARD
 	iptables -t mangle -F OUTPUT
@@ -486,7 +486,7 @@
     local default_route_id
     local i
 
-    if [ ! -z "$CHKFORQOS" ]; then
+    if $CHKFORQOS; then
 	echo "## QoS Initialization ##"
 
 	/etc/init.d/qos restart > /dev/null 2>&1
@@ -576,7 +576,7 @@
 	iptables -t mangle -A MultiWanPostHandler -o $ifname -m mark --mark 0x1 -j FW${i}MARK
     done
 
-    if [ ! -z "$CHKFORQOS" ]; then
+    if $CHKFORQOS ; then
 	iptables -t mangle -A MultiWan -j MultiWanQoS
     fi
 }
@@ -1028,7 +1028,11 @@
 
 update_cache
 
-CHKFORQOS=$(iptables -n -L Default -t mangle 2>&1 | grep "Chain Default")
+if `/etc/init.d/qos enabled` ; then
+    CHKFORQOS=true
+else
+    CHKFORQOS=false
+fi
 CHKFORMODULE=$(iptables -m statistic 2>&1 | grep -o "File not found")
 
 jobfile="/tmp/.mwan/jobqueue"

Many more work is needed... and my iptables skill isn't enough.

comment:7 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as reopened .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.