Help - Traffic not visible in Queue Tree

masqueraid · September 26, 2018, 4:49am

Here’s my config:

add action=mark-connection chain=prerouting comment=Steam \
    connection-nat-state="" new-connection-mark="Online Games" passthrough=\
    yes port=27000-27015,27015-27030,4380 protocol=udp
add action=mark-connection chain=prerouting comment="Online Games" \
    new-connection-mark="Online Games" passthrough=yes src-address-list=Games
add action=mark-connection chain=prerouting dst-address-list=Games \
    new-connection-mark="Online Games" passthrough=yes
add action=mark-packet chain=prerouting connection-mark="Online Games" \
    new-packet-mark=online-games-packet passthrough=no
    
add name="Online Gaming" packet-mark=online-games-packet parent=global \
    priority=1 queue=default

CZFan · September 28, 2018, 8:54pm

You forgot to post a picture of the crystal ball

masqueraid · October 1, 2018, 7:44am

Apparently, disabling rules below made it work, although I can’t understand why. Can anyone explain?

add action=mark-connection chain=prerouting comment="Online Games" new-connection-mark="Online Games" passthrough=no \
    src-address-list=Games
add action=mark-packet chain=prerouting connection-mark="Online Games" new-packet-mark=online-games-packet passthrough=no

add action=mark-packet chain=forward comment=0Bytes connection-bytes=1-512000 disabled=yes new-packet-mark=0bytes \
    passthrough=yes
add action=mark-packet chain=forward comment=1Mbyte connection-bytes=512000-1000000 disabled=yes new-packet-mark=1Mbyte \
    passthrough=yes
add action=mark-packet chain=forward comment=3Mbyte connection-bytes=1000000-3000000 disabled=yes new-packet-mark=3Mbyte \
    passthrough=yes
add action=mark-packet chain=forward comment=6mbyte connection-bytes=3000000-6000000 disabled=yes new-packet-mark=6Mbyte \
    passthrough=yes

mducharme · October 2, 2018, 7:44am

Each packet can only have one mark. An additional mark will replace the first mark.

masqueraid · October 2, 2018, 5:44pm

So the passthrough=no is not working?

CZFan · October 2, 2018, 9:00pm

My comment re crystal ball, we can’t help if you only post part on the info.

Re your question if passthrough=no does not work, on your 2nd post, again with only part of the config, you have passthrough =yes for every packet mark

masqueraid · October 3, 2018, 3:36am

Here’s the whole mangle:

/ip firewall mangle
add action=set-priority chain=postrouting comment="Respect DSCP tagging" \
    new-priority=from-dscp-high-3-bits passthrough=yes
add action=set-priority chain=postrouting comment="Prioritize ACKs" \
    new-priority=6 packet-size=0-123 passthrough=yes protocol=tcp tcp-flags=\
    ack
add action=accept chain=postrouting comment="IP Precedence (aka Packet Priorit\
    y) 0 - Best Effort (Low Priority) (default)" priority=0
add action=mark-packet chain=forward comment=ICMP new-packet-mark=icmp \
    passthrough=no protocol=icmp
add action=mark-packet chain=forward comment=POP3 dst-port=110 \
    new-packet-mark=pop3 passthrough=no protocol=tcp
add action=mark-packet chain=forward comment=SMTP dst-port=25 \
    new-packet-mark=smtp passthrough=no protocol=tcp
add action=mark-packet chain=forward comment=IMAP dst-port=143 \
    new-packet-mark=imap passthrough=no protocol=tcp
add action=mark-packet chain=forward comment=GRE new-packet-mark=gre \
    passthrough=no protocol=gre
add action=mark-packet chain=forward comment="IPSEC ESP" new-packet-mark=\
    ipsec-esp passthrough=no protocol=ipsec-esp
add action=mark-packet chain=forward comment="IPSEC AH" new-packet-mark=\
    ipsec-ah passthrough=no protocol=ipsec-ah
add action=mark-packet chain=forward comment=IPENCAP new-packet-mark=ipencap \
    passthrough=no protocol=ipencap
add action=mark-packet chain=forward comment=IPIP new-packet-mark=ipip \
    passthrough=no protocol=ipip
add action=mark-connection chain=prerouting comment=Steam \
    connection-nat-state="" disabled=yes new-connection-mark="Online Games" \
    passthrough=no port=27000-27015,27015-27030,4380 protocol=udp
add action=mark-connection chain=forward comment="Online Games" \
    new-connection-mark="Online Games" passthrough=no src-address-list=Games
add action=mark-connection chain=prerouting disabled=yes dst-address-list=\
    Games new-connection-mark="Online Games" passthrough=yes
add action=mark-packet chain=forward connection-mark="Online Games" \
    new-packet-mark=online-games-packet passthrough=no
add action=mark-connection chain=forward comment="HTTP Browsing" \
    connection-bytes=0-500000 new-connection-mark=browsing-connection \
    passthrough=yes protocol=tcp src-port=80,443,8080
add action=mark-packet chain=forward connection-mark=browsing-connection \
    new-packet-mark=browsing passthrough=no
add action=mark-packet chain=forward comment="HTTP Downloads" \
    connection-bytes=500000-0 new-packet-mark=http-downloads-packet \
    passthrough=no protocol=tcp src-port=80,443
add action=mark-packet chain=forward comment="UDP 100" new-packet-mark=\
    udp-100 packet-size=0-100 passthrough=no protocol=udp
add action=mark-packet chain=forward comment="UDP 500" new-packet-mark=\
    upd-500 packet-size=100-500 passthrough=no protocol=udp
add action=mark-packet chain=forward comment="UDP other" new-packet-mark=\
    upd-other passthrough=no protocol=udp
add action=mark-packet chain=forward comment=Mails new-packet-mark=\
    mail-dl-packets passthrough=no port=110,995,143,993,25 protocol=tcp
add action=mark-packet chain=forward comment=FTP new-packet-mark=\
    ftp-dl-packet passthrough=no protocol=tcp src-port=20,21
add action=mark-packet chain=forward comment=SFTP new-packet-mark=\
    sftp-dl-packet packet-size=1400-1500 passthrough=no protocol=tcp \
    src-port=22
add action=mark-packet chain=forward comment=0Bytes connection-bytes=1-512000 \
    new-packet-mark=0bytes passthrough=yes
add action=mark-packet chain=forward comment=1Mbyte connection-bytes=\
    512000-1000000 new-packet-mark=1Mbyte passthrough=yes
add action=mark-packet chain=forward comment=3Mbyte connection-bytes=\
    1000000-3000000 new-packet-mark=3Mbyte passthrough=yes
add action=mark-packet chain=forward comment=6mbyte connection-bytes=\
    3000000-6000000 new-packet-mark=6Mbyte passthrough=yes
add action=mark-packet chain=forward comment=30mbyte connection-bytes=\
    6000000-30000000 new-packet-mark=30Mbyte passthrough=yes
add action=mark-packet chain=forward comment=60mbyte connection-bytes=\
    30000000-60000000 new-packet-mark=60Mbytes passthrough=yes
add action=mark-packet chain=forward comment=Infinite connection-bytes=\
    60000000-0 new-packet-mark=Infinite passthrough=no

Doesn’t the passthrough=no stops packets from going down the line of rules?

Also, I copied these rules on some site. Let me know how to optimize them if they’re messy.