Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
iptables - multiport and QoS performance
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 751
Location: Columbus, OH

PostPosted: Wed Apr 30, 2014 4:45 am    Post subject: iptables - multiport and QoS performance Reply with quote

Ok, I've basically set up some HTB stuff on my server/router to help with latency in online games while other stuff is going on on my network. I've run into an unusual issue, however. I recently discovered the iptables -m multiport extension, which I figured would save me some space in my rules. I am using iptables mangle to mark packets for classification. However, when I started using the below rules, I am getting what can only be described as "burst lag" in my online games. My latency in-game reports fine, but I will sometimes get noticeable delays in actions, in bursts. It's hard to describe.

Code:
#!/bin/bash
TC="/sbin/tc"
MGL="/sbin/iptables -t mangle"
DEV="eth1"
UP=1843

${TC} qdisc del dev ${DEV} root 2>/dev/null
${MGL} -F PREROUTING
${MGL} -F OUTPUT

if [ "$1" = "stop" ]
then
        exit
fi

${TC} qdisc add dev ${DEV} root handle 1: htb default 12
${TC} class add dev ${DEV} parent 1: classid 1:1 htb rate ${UP}kbit ceil ${UP}kbit
${TC} class add dev ${DEV} parent 1:1 classid 1:10 htb rate ${UP}kbit ceil ${UP}kbit prio 0
${TC} class add dev ${DEV} parent 1:1 classid 1:11 htb rate $(($UP / 4))kbit ceil $(($UP / 2))kbit prio 1
${TC} class add dev ${DEV} parent 1:1 classid 1:12 htb rate $(($UP / 8))kbit ceil $(($UP / 4))kbit prio 2
${TC} qdisc add dev ${DEV} parent 1:11 handle 110: sfq perturb 10
${TC} qdisc add dev ${DEV} parent 1:12 handle 120: sfq perturb 10
${TC} filter add dev ${DEV} parent 1: protocol ip prio 0 handle 1 fw classid 1:10
${TC} filter add dev ${DEV} parent 1: protocol ip prio 1 handle 2 fw classid 1:11
${TC} filter add dev ${DEV} parent 1: protocol ip prio 2 handle 3 fw classid 1:12
${MGL} -A PREROUTING -p icmp -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p icmp -j RETURN
${MGL} -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
${MGL} -A PREROUTING -p tcp -m multiport --dports 1119,3724,24100:24131,24500:24507 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p tcp -m multiport --dports 1119,3724,24100:24131,24500:24507 -j RETURN
${MGL} -A PREROUTING -p udp -m multiport --dports 1119,3724,24100:24131,24500:24507 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p udp -m multiport --dports 1119,3724,24100:24131,24500:24507 -j RETURN
${MGL} -A PREROUTING -p tcp -m multiport --dports 25,465,993 -j MARK --set-mark 0x2
${MGL} -A PREROUTING -p tcp -m multiport --dports 25,465,993 -j RETURN
${MGL} -A PREROUTING -j MARK --set-mark 0x3
${MGL} -A OUTPUT -p icmp -j MARK --set-mark 0x1
${MGL} -A OUTPUT -p icmp -j RETURN
${MGL} -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
${MGL} -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
${MGL} -A OUTPUT -p tcp --sport 64738 -j MARK --set-mark 0x2
${MGL} -A OUTPUT -p tcp --sport 64738 -j RETURN
${MGL} -A OUTPUT -p tcp -m multiport --dports 25,465,993 -j MARK --set-mark 0x2
${MGL} -A OUTPUT -p tcp -m multiport --dports 25,465,993 -j RETURN
${MGL} -A OUTPUT -j MARK --set-mark 0x3


I decided to try it without using multiport, resulting in the following rules. I've only done a few minutes testing so far, but my "burst lag" issue seems to have been resolved. I'll have to keep playing for awhile longer to know if it's *truly* resolved or not. But my question is, is it possible that the multiport extension is less efficient and therefore causing minute delays as the packets traverse the mangle chain? My games btw are battle.net (1119 and 3724, TCP and UDP), and Elder Scrolls Online (24100-24131 TCP/UDP and 24500-24507 TCP/UDP).

Code:
#!/bin/bash
TC="/sbin/tc"
MGL="/sbin/iptables -t mangle"
DEV="eth1"
UP=1843

${TC} qdisc del dev ${DEV} root 2>/dev/null
${MGL} -F PREROUTING
${MGL} -F OUTPUT

if [ "$1" = "stop" ]
then
        exit
fi

${TC} qdisc add dev ${DEV} root handle 1: htb default 12
${TC} class add dev ${DEV} parent 1: classid 1:1 htb rate ${UP}kbit ceil ${UP}kbit
${TC} class add dev ${DEV} parent 1:1 classid 1:10 htb rate ${UP}kbit ceil ${UP}kbit prio 0
${TC} class add dev ${DEV} parent 1:1 classid 1:11 htb rate $(($UP / 4))kbit ceil $(($UP / 2))kbit prio 1
${TC} class add dev ${DEV} parent 1:1 classid 1:12 htb rate $(($UP / 8))kbit ceil $(($UP / 4))kbit prio 2
${TC} qdisc add dev ${DEV} parent 1:11 handle 110: sfq perturb 10
${TC} qdisc add dev ${DEV} parent 1:12 handle 120: sfq perturb 10
${TC} filter add dev ${DEV} parent 1: protocol ip prio 0 handle 1 fw classid 1:10
${TC} filter add dev ${DEV} parent 1: protocol ip prio 1 handle 2 fw classid 1:11
${TC} filter add dev ${DEV} parent 1: protocol ip prio 2 handle 3 fw classid 1:12
${MGL} -A PREROUTING -p icmp -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p icmp -j RETURN
${MGL} -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
${MGL} -A PREROUTING -p tcp --dport 1119 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p tcp --dport 1119 -j RETURN
${MGL} -A PREROUTING -p udp --dport 1119 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p udp --dport 1119 -j RETURN
${MGL} -A PREROUTING -p tcp --dport 3724 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p tcp --dport 3724 -j RETURN
${MGL} -A PREROUTING -p udp --dport 3724 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p udp --dport 3724 -j RETURN
${MGL} -A PREROUTING -p tcp --dport 24100:24131 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p tcp --dport 24100:24141 -j RETURN
${MGL} -A PREROUTING -p udp --dport 24100:24131 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p udp --dport 24100:24131 -j RETURN
${MGL} -A PREROUTING -p tcp --dport 24500:24507 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p tcp --dport 24500:24507 -j RETURN
${MGL} -A PREROUTING -p udp --dport 24500:24507 -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p udp --dport 24500:24507 -j RETURN
${MGL} -A PREROUTING -p tcp -m multiport --dports 25,465,993 -j MARK --set-mark 0x2
${MGL} -A PREROUTING -p tcp -m multiport --dports 25,465,993 -j RETURN
${MGL} -A PREROUTING -j MARK --set-mark 0x3
${MGL} -A OUTPUT -p icmp -j MARK --set-mark 0x1
${MGL} -A OUTPUT -p icmp -j RETURN
${MGL} -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
${MGL} -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
${MGL} -A OUTPUT -p tcp --sport 64738 -j MARK --set-mark 0x2
${MGL} -A OUTPUT -p tcp --sport 64738 -j RETURN
${MGL} -A OUTPUT -p tcp -m multiport --dports 25,465,993 -j MARK --set-mark 0x2
${MGL} -A OUTPUT -p tcp -m multiport --dports 25,465,993 -j RETURN
${MGL} -A OUTPUT -j MARK --set-mark 0x3
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum