1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

QOS and NoCat doesn't works together

Discussion in 'Tomato Firmware' started by alfag4, Dec 9, 2013.

  1. alfag4

    alfag4 Reformed Router Member

    I need to have qos and captive portal running together, but if enabling captive portal it doesn't works if QOS is already enabled.
    I see that NoCat use the same technique of QOS to mark packets/connections using iptables but so every http/https request is not handled by splash daemon because QOS destroy every marking made by NoCat and viceversa.
    There is a way to running NoCat over QOS?
     
  2. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

  3. alfag4

    alfag4 Reformed Router Member

    I had read that thread but i wouldn't redefine all QOS class.:)

    I was thinking a system like the one i used to limit some ip on my lan.

    Instead of using one of 10 QOS classes and a rule that match these ips, i have create with tc a custom class with id 11 and an upload/download bandwidth limit (QOS can have max 10 classes) and with a rule in the QOSO subchain i have marked the traffic with the id 11 and rule 99 (0x630000b/0xff). So now QOS and my bandwidth limiter for certains ip works.

    This method could be apply to nocat by marking the traffic for example with 11-12-13-14 instead 1-2-3-4.

    NoCat mark "4" every not authenticated connections on a interface and after the welcome page is accepted, add a rule that accept every traffic from the MAC address that "agree" by marking it with 3.

    My router is N66U with latest Shibby.

    Sorry for my poor english.
     
  4. Elfew

    Elfew Addicted to LI Member

  5. alfag4

    alfag4 Reformed Router Member

    I already read this thread, but i need QOS+NoCat and for some clients a bandwidth limiter :)
    I resolved the problem of QOS+bandwidth limiter and now i would resolve the incompatibility with NoCat.
     
  6. Porter

    Porter LI Guru Member

    How did you solve the incompatibility between QoS and B/W Limiter?
     
  7. Elfew

    Elfew Addicted to LI Member

    You cannot use bw limiter and qos together
     
  8. alfag4

    alfag4 Reformed Router Member

    Read my third post. You must create a custom QOS class and with tc match this class.
    This is my code. All traffic generated by "bandwidth limited" clients is tracked by QOS as unclassified with rule 99.

    Code:
    # upload limit
            tc class add dev ppp0 parent 1:1 classid 1:110 htb rate 8kbit ceil 300kbit quantum 1492 prio 11
            tc qdisc add dev ppp0 parent 1:110 handle 110: sfq perturb 10
            tc filter add dev ppp0 parent 1: prio 110 protocol ip handle 11 fw flowid 1:110
        #iptables -t mangle -I QOSO 5 -s 10.0.1.2 -j CONNMARK --set-return 0x630000b/0xff
        iptables -t mangle -I QOSO 5 -m iprange --src-range 10.0.1.130-10.0.1.136 -j CONNMARK --set-return 0x630000b/0xff
    
    # download limit
        tc class add dev imq0 parent 1:1 classid 1:110 htb rate 1010kbit ceil 9500kbit quantum 1492 prio 11
            tc qdisc add dev imq0 parent 1:110 handle 110: sfq perturb 10
            tc filter add dev imq0 parent 1: prio 110 protocol ip handle 11 fw flowid 1:110
        #iptables -t mangle -I QOSO 6 -d 10.0.1.2 -j CONNMARK --set-return 0x630000b/0xff
        iptables -t mangle -I QOSO 6 -m iprange --dst-range 10.0.1.130-10.0.1.136 -j CONNMARK --set-return 0x630000b/0xff
     
  9. Porter

    Porter LI Guru Member

    Concerning the prio parameter: http://www.docum.org/docum.org/faq/cache/39.html

    The prio parameter starts counting with a 0, so prio 0 ist the highest priority. Tomato doesn't use prio 0, so you would have prio 1-7 to work with. This wasn't enough to accomodate for Tomato's 10 classes so we changed it:
    http://repo.or.cz/w/tomato.git/commit/f9c3ef451b40cc22e7613239b8b007e3c48370d3

    Right now, prio 10 is the lowest you can get. A prio 11 is interpreted as a prio 10, as you may see by executing /etc/qos.



    I've never played around with B/W Limiter so I don't know how it works exactly. I'm just looking into it a bit right now. Currently I can't imagine that it would so simple that you just need an extra class. Keep in mind that you have two really different approaches here. One that always shapes based on IP and one that as default only shapes pased on ports, protocols, L7. I guess it would be random which filter marked specific traffic and by which of the two systems this traffic would then be handled. Those two systems don't know anything of each other. All the classes almost certainly don't even exist, because one tc script will get executed before the other script so only one set of classes exists at a specific time on a certain device. Still not sure how this should work so easily.
     
  10. alfag4

    alfag4 Reformed Router Member

    Ok now understand because the priority was 10 and not 11 how i specified. I also understand that at this point is not clear what class with prio 10 handle the traffic before (crawl or custom).
    Before using my script i made some test. The result is that the bandwidth is true limited and in the QOS "view details" the traffic is showed as unclassified with rule 99 (0x63) the same used by me in the iptables rules.
    A question:
    QOS in iptables mark al traffic with ....-j CONNMARK set-return 0xXX000YY/0xff and i understand that XX represents the rule in classification and YY? The QOS class (1 to 10) or the handle specified in tc filter?
    Thanks
     

Share This Page