Modify

Opened 6 years ago

Last modified 18 months ago

#6769 reopened defect

qos-scripts fails with iptables: No chain/target/match by that name

Reported by: fgiunchedi+ow@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Kamikaze trunk
Keywords: Cc:

Description

Hi,
I'm running kamikaze 8.09.2 on a wrt54g (thus brcm-2.4)
while trying qos-scripts it fails on qos-start like below:

# /usr/lib/qos/generate.sh all | sh -x
+ insmod imq numdevs=1
+ insmod cls_fw
+ insmod sch_hfsc
+ insmod sch_sfq
+ insmod sch_red
+ ifconfig ppp0 up txqueuelen 5
+ tc qdisc del dev ppp0 root
+ tc qdisc add dev ppp0 root handle 1: hfsc default 30
+ tc class add dev ppp0 parent 1: classid 1:1 hfsc sc rate 268kbit ul rate 268kbit
+ tc class add dev ppp0 parent 1:1 classid 1:10 hfsc rt m1 156kbit d 2915us m2 26kbit ls m1 156kbit d 2915us m2 148kbit ul rate 268kbit
+ tc class add dev ppp0 parent 1:1 classid 1:20 hfsc rt m1 142kbit d 7287us m2 134kbit ls m1 142kbit d 7287us m2 74kbit ul rate 268kbit
+ tc class add dev ppp0 parent 1:1 classid 1:30 hfsc ls m1 0kbit d 100000us m2 37kbit ul rate 268kbit
+ tc class add dev ppp0 parent 1:1 classid 1:40 hfsc ls m1 0kbit d 200000us m2 7kbit ul rate 268kbit
+ tc qdisc add dev ppp0 parent 1:10 handle 100: sfq perturb 2 limit 20580
+ tc qdisc add dev ppp0 parent 1:20 handle 200: sfq perturb 2 limit 20580
+ tc qdisc add dev ppp0 parent 1:30 handle 300: red min 1715 max 5145 burst 2 avpkt 1050 limit 20580 probability 0.12 ecn
+ tc qdisc add dev ppp0 parent 1:40 handle 400: red min 1715 max 5145 burst 2 avpkt 1050 limit 20580 probability 0.12 ecn
+ tc filter add dev ppp0 parent 1: prio 1 protocol ip handle 1 fw flowid 1:10
+ tc filter add dev ppp0 parent 1: prio 2 protocol ip handle 2 fw flowid 1:20
+ tc filter add dev ppp0 parent 1: prio 3 protocol ip handle 3 fw flowid 1:30
+ tc filter add dev ppp0 parent 1: prio 4 protocol ip handle 4 fw flowid 1:40
+ ifconfig imq0 up txqueuelen 5
+ tc qdisc del dev imq0 root
+ tc qdisc add dev imq0 root handle 1: hfsc default 30
+ tc class add dev imq0 parent 1: classid 1:1 hfsc sc rate 2913kbit ul rate 2913kbit
+ tc class add dev imq0 parent 1:1 classid 1:10 hfsc rt m1 660kbit d 670us m2 291kbit ls m1 660kbit d 670us m2 1618kbit ul rate 2913kbit
+ tc class add dev imq0 parent 1:1 classid 1:20 hfsc rt m1 1517kbit d 670us m2 1456kbit ls m1 1517kbit d 670us m2 809kbit ul rate 2913kbit
+ tc class add dev imq0 parent 1:1 classid 1:30 hfsc ls m1 0kbit d 100000us m2 404kbit ul rate 2913kbit
+ tc class add dev imq0 parent 1:1 classid 1:40 hfsc ls m1 0kbit d 200000us m2 80kbit ul rate 2913kbit
+ tc qdisc add dev imq0 parent 1:10 handle 100: sfq perturb 2 limit 223716
+ tc qdisc add dev imq0 parent 1:20 handle 200: sfq perturb 2 limit 223716
+ tc qdisc add dev imq0 parent 1:30 handle 300: red min 18643 max 55929 burst 20 avpkt 1500 limit 223716 probability 0.12 ecn
+ tc qdisc add dev imq0 parent 1:40 handle 400: red min 18643 max 55929 burst 20 avpkt 1500 limit 223716 probability 0.12 ecn
+ tc filter add dev imq0 parent 1: prio 1 protocol ip handle 1 fw flowid 1:10
+ tc filter add dev imq0 parent 1: prio 2 protocol ip handle 2 fw flowid 1:20
+ tc filter add dev imq0 parent 1: prio 3 protocol ip handle 3 fw flowid 1:30
+ tc filter add dev imq0 parent 1: prio 4 protocol ip handle 4 fw flowid 1:40
+ iptables -t mangle -F
+ iptables -t mangle -X
+ insmod ipt_multiport
+ insmod ipt_CONNMARK
+ insmod ipt_ipp2p
+ insmod ipt_layer7
+ insmod xt_layer7
+ insmod ipt_length
+ insmod ipt_IMQ
+ iptables -t mangle -N Default
+ iptables -t mangle -N Default_ct
+ iptables -t mangle -A Default_ct -m mark --mark 0 -m ipp2p --edk --dc --kazaa --gnu --bit -j MARK --set-mark 4
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default_ct -m mark --mark 0 -m layer7 --l7proto edonkey -j MARK --set-mark 4
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default_ct -m mark --mark 0 -m layer7 --l7proto bittorrent -j MARK --set-mark 4
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default_ct -m mark --mark 0 -m tcp -p tcp -m multiport --ports 22,53 -j MARK --set-mark 1
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default_ct -m mark --mark 0 -p udp -m udp -m multiport --ports 22,53 -j MARK --set-mark 1
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default_ct -m mark --mark 0 -p tcp -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -j MARK --set-mark 3
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default_ct -m mark --mark 0 -m tcp -p tcp -m multiport --ports 5190 -j MARK --set-mark 2
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default_ct -m mark --mark 0 -p udp -m udp -m multiport --ports 5190 -j MARK --set-mark 2
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default_ct -j CONNMARK --save-mark
+ iptables -t mangle -A Default -j CONNMARK --restore-mark
+ iptables -t mangle -A Default -m mark --mark 0 -j Default_ct
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default -m mark --mark 1 -m length --length 400: -j MARK --set-mark 0
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default -m mark --mark 2 -m length --length 800: -j MARK --set-mark 0
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default -m mark --mark 0 -p udp -m length --length :500 -j MARK --set-mark 2
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default -p icmp -j MARK --set-mark 1
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default -m mark --mark 0 -m tcp -p tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-mark 4
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default -m mark --mark 0 -p udp -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-mark 4
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default -p tcp -m length --length :128 -m mark ! --mark 4 -m tcp --tcp-flags ALL SYN -j MARK --set-mark 1
iptables: No chain/target/match by that name
+ iptables -t mangle -A Default -p tcp -m length --length :128 -m mark ! --mark 4 -m tcp --tcp-flags ALL ACK -j MARK --set-mark 1
iptables: No chain/target/match by that name
+ iptables -t mangle -A OUTPUT -o ppp0 -j Default
+ iptables -t mangle -A FORWARD -o ppp0 -j Default
+ iptables -t mangle -A PREROUTING -i ppp0 -j Default
+ iptables -t mangle -A POSTROUTING -o ppp0 -j Default
+ iptables -t mangle -A PREROUTING -i ppp0 -j IMQ --todev 0

my best guess is something is missing from the kernel? iptables DSO are all there:

# ls -la /usr/lib/iptables/       
drwxr-xr-x    1 root     root            0 Feb 28 17:43 .
drwxr-xr-x    1 root     root            0 Feb 28 17:43 ..
-rwxr-xr-x    1 root     root         3674 Dec 29 15:11 libipt_CLASSIFY.so
-rwxr-xr-x    1 root     root         4970 Dec 29 15:11 libipt_CONNMARK.so
-rwxr-xr-x    1 root     root         5834 Dec 29 15:29 libipt_DNAT.so
-rwxr-xr-x    1 root     root         4834 Dec 29 15:11 libipt_DSCP.so
-rwxr-xr-x    1 root     root         4582 Dec 29 15:11 libipt_ECN.so
-rwxr-xr-x    1 root     root         3286 Dec 29 15:11 libipt_IMQ.so
-rwxr-xr-x    1 root     root         6442 Dec 29 15:29 libipt_LOG.so
-rwxr-xr-x    1 root     root         4742 Dec 29 15:11 libipt_MARK.so
-rwxr-xr-x    1 root     root         4370 Dec 29 15:29 libipt_MASQUERADE.so
-rwxr-xr-x    1 root     root         5326 Dec 29 15:29 libipt_REJECT.so
-rwxr-xr-x    1 root     root         5802 Dec 29 15:29 libipt_SNAT.so
-rwxr-xr-x    1 root     root         3766 Dec 29 15:29 libipt_TCPMSS.so
-rwxr-xr-x    1 root     root         4502 Dec 29 15:11 libipt_TOS.so
-rwxr-xr-x    1 root     root         4378 Dec 29 15:11 libipt_TTL.so
-rwxr-xr-x    1 root     root         5578 Dec 29 15:11 libipt_connbytes.so
-rwxr-xr-x    1 root     root         3938 Dec 29 15:11 libipt_connmark.so
-rwxr-xr-x    1 root     root         9462 Dec 29 15:11 libipt_conntrack.so
-rwxr-xr-x    1 root     root         5314 Dec 29 15:11 libipt_dscp.so
-rwxr-xr-x    1 root     root         4890 Dec 29 15:11 libipt_ecn.so
-rwxr-xr-x    1 root     root         3562 Dec 29 15:11 libipt_helper.so
-rwxr-xr-x    1 root     root         6674 Dec 29 15:29 libipt_icmp.so
-rwxr-xr-x    1 root     root         8114 Dec 29 15:11 libipt_ipp2p.so
-rwxr-xr-x    1 root     root         8838 Dec 29 15:11 libipt_layer7.so
-rwxr-xr-x    1 root     root         4458 Dec 29 15:11 libipt_length.so
-rwxr-xr-x    1 root     root         5070 Dec 29 15:29 libipt_limit.so
-rwxr-xr-x    1 root     root         4054 Dec 29 15:29 libipt_mac.so
-rwxr-xr-x    1 root     root         3906 Dec 29 15:11 libipt_mark.so
-rwxr-xr-x    1 root     root         6638 Dec 29 15:29 libipt_multiport.so
-rwxr-xr-x    1 root     root         7230 Dec 29 15:11 libipt_recent.so
-rwxr-xr-x    1 root     root         2794 Dec 29 15:29 libipt_standard.so
-rwxr-xr-x    1 root     root         4602 Dec 29 15:29 libipt_state.so
-rwxr-xr-x    1 root     root         6882 Dec 29 15:11 libipt_string.so
-rwxr-xr-x    1 root     root         8062 Dec 29 15:29 libipt_tcp.so
-rwxr-xr-x    1 root     root         4378 Dec 29 15:11 libipt_tcpmss.so
-rwxr-xr-x    1 root     root         4850 Dec 29 15:11 libipt_tos.so
-rwxr-xr-x    1 root     root         4398 Dec 29 15:11 libipt_ttl.so
-rwxr-xr-x    1 root     root         5506 Dec 29 15:29 libipt_udp.so
-rwxr-xr-x    1 root     root         2714 Dec 29 15:11 libipt_unclean.so

and so do the kernel modules

# lsmod
Module			Size  Used by    Tainted: P  
sch_red                 3216   4
sch_sfq                 3912   4
sch_hfsc               15960   2
cls_fw                  2888   8
ipt_IMQ                  684   1
imq                     2368   1
ipt_CONNMARK             840   2
ipt_recent              8220   0 (unused)
ipt_helper               584   0 (unused)
ipt_conntrack           1128   0 (unused)
ipt_connmark             376   0 (unused)
ipt_connbytes           1192   0 (unused)
ipt_string              3252   0 (unused)
ipt_layer7             10728   0 (unused)
ipt_ipp2p               7332   0 (unused)
tun                     4504   0
sit                     7764   0 (unused)
ipv6                  197440  -1 [sit]
wlcompat                9504   0 (unused)
ip_conntrack_tftp       1628   0 (unused)
ip_nat_irc              2296   0 (unused)
ip_conntrack_irc        3028   1
ip_nat_ftp              2920   0 (unused)
ip_conntrack_ftp        4172   1
ipt_MASQUERADE          1316   2
iptable_nat            20856   3 [ip_nat_irc ip_nat_ftp ipt_MASQUERADE]
ipt_state                408   6
ip_conntrack           22368   3 [ipt_CONNMARK ipt_helper ipt_conntrack ipt_connmark ipt_connbytes ipt_layer7 ip_conntrack_tftp ip_nat_irc ip_conntrack_irc ip_nat_ftp ip_conntrack_ftp ipt_MASQUERADE iptable_nat ipt_state]
ipt_REJECT              3932   2
ipt_TCPMSS              2316   2
ipt_LOG                 3804   0 (unused)
ipt_multiport            748   0 (unused)
ipt_mac                  556   0 (unused)
ipt_limit                892   1
iptable_mangle          2156   1
iptable_filter          1676   1
ip_tables              16960  23 [ipt_IMQ ipt_CONNMARK ipt_recent ipt_helper ipt_conntrack ipt_connmark ipt_connbytes ipt_string ipt_layer7 ipt_ipp2p ipt_MASQUERADE iptable_nat ipt_state ipt_REJECT ipt_TCPMSS ipt_LOG ipt_multiport ipt_mac ipt_limit iptable_mangle iptable_filter]
ppp_async               8044   0 (unused)
wl                    666560   0 (unused)
pppoe                   9320   1
pppox                   1196   1 [pppoe]
ppp_generic            22380   3 [ppp_async pppoe pppox]
slhc                    6064   0 [ppp_generic]
switch-robo             5180   0 (unused)
switch-core             5104   0 [switch-robo]
diag                   50448   0 (unused)

thanks

Attachments (0)

Change History (17)

comment:1 Changed 6 years ago by thepeople

Can you please try this again on the backfire beta or latest trunk?

comment:2 Changed 6 years ago by Mark Turner

Any word on this? I cannot find connmark in Kamikaze 8.09.2 (kernel 2.4.35.4).

Thanks!
Mark

comment:3 Changed 6 years ago by anonymous

see

comment:4 Changed 4 years ago by nbd

  • Resolution set to obsolete
  • Status changed from new to closed

comment:5 follow-up: Changed 3 years ago by anonymous

Still occurring on a Netgear WNDR3700v2 with Barrier Breaker r38381.

comment:6 in reply to: ↑ 5 Changed 3 years ago by tast@…

  • Resolution obsolete deleted
  • Status changed from closed to reopened

Replying to anonymous:

Still occurring on a Netgear WNDR3700v2 with Barrier Breaker r38381.

Log at pastie.org/8404008
dmesg output shows no errors.

comment:7 Changed 3 years ago by anonymous

Also getting the same error on Barrier breaker with my Buffalo WZRHPG300NH as per 2013-12-01.

comment:8 Changed 3 years ago by anonymous

any solutions for this issue?

comment:9 Changed 2 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

comment:10 Changed 21 months ago by g@…

further information from my experience...

I'm using qos-scripts on 14.07 (r42625)

I was playing with my qos rules (starting from the default provided with the package) and after some /etc/init.d/qos start/stop I got the same error as initially reported, that is: "iptables: No chain/target/match by that name" (precisely 6 errors for my ruleset)

I tried stopping the qos service (/etc/init.d/qos stop) but that didn't work, I also tried flushing iptables and restarting the firewall but the error was still there

the only solution that worked for me was a complete reboot of my router

I'm looking at the output of "/usr/lib/qos/generate.sh interface wan" but I cannot see any iptables command so I'm not able to try to debug: what is the program that "run" the iptables when qos is started/restarted? not /usr/lib/qos/tcrules.awk

this is my iptable:
.............................................
root@tulipe:~# iptables-save | grep qos
:qos_Default - [0:0]
:qos_Default_ct - [0:0]
-A FORWARD -o eth1 -j qos_Default
-A OUTPUT -o eth1 -j qos_Default
-A qos_Default -j CONNMARK --restore-mark --nfmask 0xf --ctmask 0xf
-A qos_Default -m mark --mark 0x0/0xf -j qos_Default_ct
-A qos_Default -p icmp -m comment --comment "all ICMP" -j MARK --set-xmark 0x11/0xff
-A qos_Default -p tcp -m mark --mark 0x0/0xf0 -m comment --comment "all other traffic" -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m comment --comment "all other traffic" -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -j CONNMARK --save-mark --nfmask 0xf0 --ctmask 0xf0
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m comment --comment "ssh, dns" -m tcp -m multiport --ports 22,53 -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m comment --comment "ssh, dns" -m udp -m multiport --ports 22,53 -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m comment --comment "ftp, smtp, http(s), imap" -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -j MARK --set-xmark 0x33/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m comment --comment "AOL, iChat, ICQ" -m tcp -m multiport --ports 5190 -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m comment --comment "AOL, iChat, ICQ" -m udp -m multiport --ports 5190 -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m comment --comment "ssh, dns" -m tcp -m multiport --ports 22,53 -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m comment --comment "ssh, dns" -m udp -m multiport --ports 22,53 -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m comment --comment "ftp, smtp, http(s), imap" -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -j MARK --set-xmark 0x33/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m comment --comment "AOL, iChat, ICQ" -m tcp -m multiport --ports 5190 -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m comment --comment "AOL, iChat, ICQ" -m udp -m multiport --ports 5190 -j MARK --set-xmark 0x22/0xff
..............................................................

and this is my "tc qdisc"
...............................................................
root@tulipe:~# tc qdisc
qdisc fq_codel 0: dev eth0 root refcnt 2 limit 1024p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc hfsc 1: dev eth1 root refcnt 2 default 30
qdisc fq_codel 100: dev eth1 parent 1:10 limit 800p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc fq_codel 200: dev eth1 parent 1:20 limit 800p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc fq_codel 300: dev eth1 parent 1:30 limit 800p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc fq_codel 400: dev eth1 parent 1:40 limit 800p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc ingress ffff: dev eth1 parent ffff:fff1 ----------------
qdisc mq 0: dev wlan0 root
qdisc fq_codel 0: dev tun2 root refcnt 2 limit 1024p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc fq_codel 0: dev tun1 root refcnt 2 limit 1024p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc hfsc 1: dev ifb0 root refcnt 2 default 30
qdisc fq_codel 100: dev ifb0 parent 1:10 limit 800p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc fq_codel 200: dev ifb0 parent 1:20 limit 800p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc fq_codel 300: dev ifb0 parent 1:30 limit 800p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
qdisc fq_codel 400: dev ifb0 parent 1:40 limit 800p flows 1024 quantum 300 target 5.0ms interval 100.0ms ecn
..............................................................

so it seems that qos is configured as expected (by my rules)

any hint where I can find iptables execution in the qos-scripts workflow?

ciao
Giovanni

comment:11 Changed 21 months ago by nbd

  • Resolution set to fixed
  • Status changed from reopened to closed

should be fixed in r43562

comment:12 follow-up: Changed 19 months ago by gabriel@…

  • Resolution fixed deleted
  • Status changed from closed to reopened

Still fails on a fresh BB install, despite getting the version of qos-scripts with the fix above:

root@ocanku:~# opkg install qos-scripts
Installing qos-scripts (1.2.1-7) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//qos-scripts_1.2.1-7_all.ipk.
Installing tc (3.15.0-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//tc_3.15.0-1_ar71xx.ipk.
Installing kmod-sched-core (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-sched-core_3.10.49-1_ar71xx.ipk.
Installing kmod-sched-connmark (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-sched-connmark_3.10.49-1_ar71xx.ipk.
Installing kmod-ipt-conntrack-extra (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-ipt-conntrack-extra_3.10.49-1_ar71xx.ipk.
Installing kmod-ifb (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-ifb_3.10.49-1_ar71xx.ipk.
Installing iptables-mod-filter (1.4.21-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//iptables-mod-filter_1.4.21-1_ar71xx.ipk.
Installing kmod-ipt-filter (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-ipt-filter_3.10.49-1_ar71xx.ipk.
Installing kmod-lib-textsearch (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-lib-textsearch_3.10.49-1_ar71xx.ipk.
Installing iptables-mod-ipopt (1.4.21-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//iptables-mod-ipopt_1.4.21-1_ar71xx.ipk.
Installing kmod-ipt-ipopt (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-ipt-ipopt_3.10.49-1_ar71xx.ipk.
Installing iptables-mod-conntrack-extra (1.4.21-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//iptables-mod-conntrack-extra_1.4.21-1_ar71xx.ipk.
Configuring kmod-sched-core.
Configuring kmod-ipt-conntrack-extra.
Configuring kmod-sched-connmark.
Configuring kmod-lib-textsearch.
Configuring kmod-ipt-filter.
Configuring tc.
Configuring kmod-ipt-ipopt.
Configuring iptables-mod-ipopt.
Configuring iptables-mod-filter.
Configuring iptables-mod-conntrack-extra.
Configuring kmod-ifb.
Configuring qos-scripts.
root@ocanku:~# vim /etc/config/qos
root@ocanku:~# /etc/init.d/qos start
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

Did I do something wrong? Would be glad to run further tests to help troubleshooting the issue.

comment:13 in reply to: ↑ 12 Changed 19 months ago by fclql

Replying to gabriel@…:

Still fails on a fresh BB install, despite getting the version of qos-scripts with the fix above:

root@ocanku:~# opkg install qos-scripts
Installing qos-scripts (1.2.1-7) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//qos-scripts_1.2.1-7_all.ipk.
Installing tc (3.15.0-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//tc_3.15.0-1_ar71xx.ipk.
Installing kmod-sched-core (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-sched-core_3.10.49-1_ar71xx.ipk.
Installing kmod-sched-connmark (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-sched-connmark_3.10.49-1_ar71xx.ipk.
Installing kmod-ipt-conntrack-extra (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-ipt-conntrack-extra_3.10.49-1_ar71xx.ipk.
Installing kmod-ifb (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-ifb_3.10.49-1_ar71xx.ipk.
Installing iptables-mod-filter (1.4.21-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//iptables-mod-filter_1.4.21-1_ar71xx.ipk.
Installing kmod-ipt-filter (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-ipt-filter_3.10.49-1_ar71xx.ipk.
Installing kmod-lib-textsearch (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-lib-textsearch_3.10.49-1_ar71xx.ipk.
Installing iptables-mod-ipopt (1.4.21-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//iptables-mod-ipopt_1.4.21-1_ar71xx.ipk.
Installing kmod-ipt-ipopt (3.10.49-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//kmod-ipt-ipopt_3.10.49-1_ar71xx.ipk.
Installing iptables-mod-conntrack-extra (1.4.21-1) to root...
Downloading http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base//iptables-mod-conntrack-extra_1.4.21-1_ar71xx.ipk.
Configuring kmod-sched-core.
Configuring kmod-ipt-conntrack-extra.
Configuring kmod-sched-connmark.
Configuring kmod-lib-textsearch.
Configuring kmod-ipt-filter.
Configuring tc.
Configuring kmod-ipt-ipopt.
Configuring iptables-mod-ipopt.
Configuring iptables-mod-filter.
Configuring iptables-mod-conntrack-extra.
Configuring kmod-ifb.
Configuring qos-scripts.
root@ocanku:~# vim /etc/config/qos
root@ocanku:~# /etc/init.d/qos start
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

Did I do something wrong? Would be glad to run further tests to help troubleshooting the issue.

/usr/lib/qos/generate.sh all | sh -x

comment:14 Changed 19 months ago by hnyman

It has been fixed first in trunk by r43562 and then also in BB14.07 branch with r43566 in Dec2014, but that fix is naturally not in the original BB14.07 binaries (that you installed) that have been compiled two months earlier.

If you now compile a new BB14.07 based firmware by yourself, the problem should be fixed.
Alternatively, you might manually edit generate.sh in your router, as the fix is pretty simple. Check r43566

comment:15 Changed 19 months ago by gabriel@…

As mentioned above, I've installed qos-script 1.2.1-7 which does include the fix from r43566.

comment:16 Changed 19 months ago by gabriel@…

# /usr/lib/qos/generate.sh all | sh -x
+ insmod cls_u32
+ insmod em_u32
+ insmod act_connmark
+ insmod act_mirred
+ insmod sch_ingress
+ insmod cls_fw
+ insmod sch_hfsc
+ insmod sch_fq_codel
+ ifconfig eth1 up txqueuelen 5
+ tc qdisc del dev eth1 root
+ tc qdisc add dev eth1 root handle 1: hfsc default 30
+ tc class add dev eth1 parent 1: classid 1:1 hfsc sc rate 900kbit ul rate 900kbit
+ tc class add dev eth1 parent 1:1 classid 1:10 hfsc rt m1 525kbit d 868us m2 90kbit ls m1 525kbit d 868us m2 500kbit ul rate 900kbit
+ tc class add dev eth1 parent 1:1 classid 1:20 hfsc rt m1 479kbit d 2170us m2 450kbit ls m1 479kbit d 2170us m2 250kbit ul rate 900kbit
+ tc class add dev eth1 parent 1:1 classid 1:30 hfsc ls m1 0kbit d 100000us m2 125kbit ul rate 900kbit
+ tc class add dev eth1 parent 1:1 classid 1:40 hfsc ls m1 0kbit d 200000us m2 25kbit ul rate 900kbit
+ tc qdisc add dev eth1 parent 1:10 handle 100: fq_codel limit 800 quantum 300
+ tc qdisc add dev eth1 parent 1:20 handle 200: fq_codel limit 800 quantum 300
+ tc qdisc add dev eth1 parent 1:30 handle 300: fq_codel limit 800 quantum 300
+ tc qdisc add dev eth1 parent 1:40 handle 400: fq_codel limit 800 quantum 300
+ tc filter add dev eth1 parent 1: prio 2 protocol ip handle 0x10/0xf0 fw flowid 1:10
+ tc filter add dev eth1 parent 1: prio 3 protocol ip handle 0x01/0x0f fw flowid 1:10
+ tc filter add dev eth1 parent 1: prio 4 protocol ip handle 0x20/0xf0 fw flowid 1:20
+ tc filter add dev eth1 parent 1: prio 5 protocol ip handle 0x02/0x0f fw flowid 1:20
+ tc filter add dev eth1 parent 1: prio 6 protocol ip handle 0x30/0xf0 fw flowid 1:30
+ tc filter add dev eth1 parent 1: prio 7 protocol ip handle 0x03/0x0f fw flowid 1:30
+ tc filter add dev eth1 parent 1: prio 8 protocol ip handle 0x40/0xf0 fw flowid 1:40
+ tc filter add dev eth1 parent 1: prio 9 protocol ip handle 0x04/0x0f fw flowid 1:40
+ ifconfig ifb0 up txqueuelen 5
+ tc qdisc del dev ifb0 root
+ tc qdisc add dev ifb0 root handle 1: hfsc default 30
+ tc class add dev ifb0 parent 1: classid 1:1 hfsc sc rate 3600kbit ul rate 3600kbit
+ tc qdisc del dev eth1 ingress
+ tc qdisc add dev eth1 ingress
+ tc filter add dev eth1 parent ffff: protocol ip prio 1 u32 match u32 0 0 flowid 1:1 action connmark action mirred egress redirect dev ifb0
+ tc class add dev ifb0 parent 1:1 classid 1:10 hfsc rt m1 816kbit d 542us m2 360kbit ls m1 816kbit d 542us m2 2000kbit ul rate 3600kbit
+ tc class add dev ifb0 parent 1:1 classid 1:20 hfsc rt m1 1876kbit d 542us m2 1800kbit ls m1 1876kbit d 542us m2 1000kbit ul rate 3600kbit
+ tc class add dev ifb0 parent 1:1 classid 1:30 hfsc ls m1 0kbit d 100000us m2 500kbit ul rate 3600kbit
+ tc class add dev ifb0 parent 1:1 classid 1:40 hfsc ls m1 0kbit d 200000us m2 100kbit ul rate 3600kbit
+ tc qdisc add dev ifb0 parent 1:10 handle 100: fq_codel limit 800 quantum 300
+ tc qdisc add dev ifb0 parent 1:20 handle 200: fq_codel limit 800 quantum 300
+ tc qdisc add dev ifb0 parent 1:30 handle 300: fq_codel limit 800 quantum 300
+ tc qdisc add dev ifb0 parent 1:40 handle 400: fq_codel limit 800 quantum 300
+ tc filter add dev ifb0 parent 1: prio 2 protocol ip handle 0x01/0x0f fw flowid 1:10
+ tc filter add dev ifb0 parent 1: prio 3 protocol ip handle 0x10/0xf0 fw flowid 1:10
+ tc filter add dev ifb0 parent 1: prio 4 protocol ip handle 0x02/0x0f fw flowid 1:20
+ tc filter add dev ifb0 parent 1: prio 5 protocol ip handle 0x20/0xf0 fw flowid 1:20
+ tc filter add dev ifb0 parent 1: prio 6 protocol ip handle 0x03/0x0f fw flowid 1:30
+ tc filter add dev ifb0 parent 1: prio 7 protocol ip handle 0x30/0xf0 fw flowid 1:30
+ tc filter add dev ifb0 parent 1: prio 8 protocol ip handle 0x04/0x0f fw flowid 1:40
+ tc filter add dev ifb0 parent 1: prio 9 protocol ip handle 0x40/0xf0 fw flowid 1:40
+ iptables -t mangle -F qos_Default
+ iptables -t mangle -F qos_Default_ct
+ iptables -t mangle -D FORWARD -o eth1 -j qos_Default
+ iptables -t mangle -D OUTPUT -o eth1 -j qos_Default
+ iptables -t mangle -X qos_Default
+ iptables -t mangle -X qos_Default_ct
+ insmod xt_multiport
+ insmod xt_CONNMARK
+ insmod xt_comment
+ insmod xt_length
+ iptables -t mangle -N qos_Default
+ iptables -t mangle -N qos_Default_ct
+ iptables -t mangle -A qos_Default_ct -m mark --mark 0/0x0f -m tcp -p tcp -m multiport --ports 22,53 -m comment --comment ssh, dns -j MARK --set-mark 17/0xff
+ iptables -t mangle -A qos_Default_ct -m mark --mark 0/0x0f -p udp -m udp -m multiport --ports 22,53 -m comment --comment ssh, dns -j MARK --set-mark 17/0xff
+ iptables -t mangle -A qos_Default_ct -m mark --mark 0/0x0f -p tcp -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -m comment --comment ftp, smtp, http(s), imap -j MARK --set-mark 51/0xff
+ iptables -t mangle -A qos_Default_ct -j CONNMARK --save-mark --mask 0xff
iptables: No chain/target/match by that name.
+ iptables -t mangle -A qos_Default -j CONNMARK --restore-mark --mask 0x0f
iptables: No chain/target/match by that name.
+ iptables -t mangle -A qos_Default -m mark --mark 0/0x0f -j qos_Default_ct
+ iptables -t mangle -A qos_Default -m mark --mark 0/0xf0 -p udp -m length --length :500 -j MARK --set-mark 34/0xff
+ iptables -t mangle -A qos_Default -p icmp -j MARK --set-mark 17/0xff
+ iptables -t mangle -A qos_Default -m mark --mark 0/0xf0 -m tcp -p tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-mark 68/0xff
+ iptables -t mangle -A qos_Default -m mark --mark 0/0xf0 -p udp -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-mark 68/0xff
+ iptables -t mangle -A qos_Default_ct -m mark --mark 0/0x0f -m tcp -p tcp -m multiport --ports 22,53 -m comment --comment ssh, dns -j MARK --set-mark 17/0xff
+ iptables -t mangle -A qos_Default_ct -m mark --mark 0/0x0f -p udp -m udp -m multiport --ports 22,53 -m comment --comment ssh, dns -j MARK --set-mark 17/0xff
+ iptables -t mangle -A qos_Default_ct -m mark --mark 0/0x0f -p tcp -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -m comment --comment ftp, smtp, http(s), imap -j MARK --set-mark 51/0xff
+ iptables -t mangle -A qos_Default -j CONNMARK --save-mark --mask 0xf0
iptables: No chain/target/match by that name.
+ iptables -t mangle -A OUTPUT -o eth1 -j qos_Default
+ iptables -t mangle -A FORWARD -o eth1 -j qos_Default
root@ocanku:~# uname -a
Linux ocanku 3.10.49 #3 Wed Oct 1 14:00:51 CEST 2014 mips GNU/Linux
root@ocanku:~# opkg install kmod-ipt-conntrack
Package kmod-ipt-conntrack (3.10.49-1) installed in root is up to date.
root@ocanku:~# insmod ipt_CONNTRACK
Failed to find ipt_CONNTRACK. Maybe it is a built in module ?
root@ocanku:~# insmod xt_CONNTRACK
Failed to find xt_CONNTRACK. Maybe it is a built in module ?

comment:17 Changed 18 months ago by gabriel@…

Finally found the solution. As mentioned by andre in https://dev.openwrt.org/ticket/16960#comment:4, it should be "insmod xt_conntrack" instead of "insmod xt_CONNTRACK".

Add Comment

Modify Ticket

Action
as reopened .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.