Skip to content

N
nexdpi
Switch branch/tag
History Find file
Name
Last commit
 Last update
usr_local_bin Redirecting NS with a proxy to the right VPN
web Add route managing web interface / utils
LICENSE Initial commit
README.md Update README.md
dpi Add block trap to dpi
mhome Remove ifconfig and use ip to detect active PPP devices (Thanks Matteo
nsproxy Redirecting NS with a proxy to the right VPN
rc.local Redirecting NS with a proxy to the right VPN
shaping Add block trap to dpi
README.md

NexDPI

Home Router shaping based (also) on Deep Packet Inspection gigabit capable.

Nowadays almost everyone with a fast home connection, where for fast i mean gigabit optical fiber fast, uses the router furbished by the ISP.

I'm an old nerd, so, i want to use my own router and do fancy stuff with it!

My home router is a Celeron J1900 2Ghz 4 core machine with 8GB of RAM and 4 gigabit ethernet.

I found myself struggling to obtain a proper DPI and shaping policies using the Linux IP stack despite the machine being quite powerful for a router, but eventually thanks to a long trial and error i've been able to make it work without sacrifice the troughtput.

Those scripts are some of the scripts i use on my own machine, they are rude, somewhat hackish, but hey, they works for me, and you are free to try to adapt them to your own machine if you like to. Use them at your own risks though!

NOTE ON LIMITING DOWNLOAD WITH TC

As TC qdiscs and classes works on the outbound traffic (egress) on an interface, to limit the download traffic you can apply the rules on the internal interface or, as many suggests, use a ifb virtual interface and using the redirect feature of tc filters redirect the ingress of the WAN interface to the virtual ifb, and then apply your limitation there.

This is CRAP and a pain in the ass for performances, don't use it!

NOTE On Linux Kernel, HyperThreading and ksoftirq

Apparently when you do anything more complex that just a couple of static routes and some NAT, hyperthreading enable on the CPU cores cause a noticeable loss in performances. If your machine has HT enabled, disable it either from the BIOS or by software ( my rc.local example already do it!)

As for the kernel, on my machine with latest Devuan ceres kernel (kernel v5.10) standard way too much work is delegated to the ksoftirqd kernel thread when there are a lot of packets passing through the IP stack, to the point that the machine load goes way too high to maintain a proper throughput.

Installing a PREEMPT RT kernel solved the issue in an excellent manner.

ksoftirq continue to consume a LOT of resources, so, limiting it by lowering the priority of the thread can help too: in the rc.local there is a line to do it.

Many other optimization can be done on the network stack, but using the proper kernel is a good start!

HOT TO USE IT

Soon or later (probably later. A long time later i mean!) i will write some doc and/or a post explaining how i use those scripts. For the moment, the source is your friend, and if you can't read a simple source code, then just don't use it!

But why you are using rc.local, ifup-down and similar to execute the scripts?

Yes, i don't use systemd. It's not installed on my machines. I'm not a fan, and i run my machines with Devuan GNU/Linux, so i can get rid of that piece of crap that is systemd.

If you want to adapt it to use with systemd, do it, but don't expect me to do anything for it now or in future.

:wq