QOS match tcp ack not working

Bugs
1

Hi,
I want to add QOS rules to match TCP ack flag.
I added this vyos configuration:

set policy shaper EGRESS-QOS bandwidth '20gbit'

set policy shaper EGRESS-QOS class 2 bandwidth '20%'
set policy shaper EGRESS-QOS class 2 ceiling '100%'
set policy shaper EGRESS-QOS class 2 description 'qACK'
set policy shaper EGRESS-QOS class 2 match-group 'qACK'
set policy shaper EGRESS-QOS class 2 priority '0'
set policy shaper EGRESS-QOS class 2 queue-type 'fair-queue'

set policy shaper EGRESS-QOS default bandwidth '43%'
set policy shaper EGRESS-QOS default ceiling '100%'
set policy shaper EGRESS-QOS default priority '7'
set policy shaper EGRESS-QOS default queue-type 'random-detect'

set traffic-match-group qACK match ACK ip tcp ack
set traffic-match-group qACK match SYNACK ip tcp syn

set interface bond0 egress 'EGRESS-QOS'

but I there is no tc configuration:

vyos@am-rt-001# tc filter show dev bond0
[edit]
vyos@am-rt-001#

Same issue if I use traffic-matech-group or not.
But if I add other ‘simple’ rules, like match address or port, I can see them with tc command.

can you help me about this issue please ?

thanks in advance

Vyos version:

vyos@am-rt-001# run show version
Version:          VyOS 1.5-stream-2025-Q1
Release train:    circinus
Release flavor:   generic

Built by:         VyOS Networks Iberia S.L.U.
Built on:         Thu 13 Feb 2025 18:06 UTC
Build UUID:       b38b28e0-a516-4f56-a596-5502ae094d3b
Build commit ID:  5128f5e45cdb73-dirty

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Ubuntu 24.04 PC (i440FX + PIIX, 1996)
Hardware S/N:     

Copyright:        VyOS maintainers and contributors

Second question:
why command
show qos shaper interface bond0 never returns result.
I know on Vyos 1.3, show queueing worked like a charm

1 Like
2

There was a bug. If the name of your policy has a dash, it won’t show anything. Just rename your policy to something without that dash and the command will work.

2 Likes
3

Thanks @L0crian , indeed, without dash it’s OK.

vyos@am-rt-001# run show qos shaper interface bond0 
--------------------------------------------------------------------------------
Interface: bond0
Policy Name: EGRESSQOS

Class    Type        Bandwidth    Max. BW       Bytes    Pkts    Drops    Queued
-------  --------  -----------  ---------  ----------  ------  -------  --------
root     htb         20.000 Gb  20.000 Gb  561.200 KB    8791        0         0
2        sfq          4.000 Gb   1.000 Gb        0  B       0        0         0
10       fq_codel     2.000 Gb   1.000 Gb        0  B       0        0         0
default  red          8.600 Gb  20.000 Gb  561.200 KB    8791        0         0

maybe another litle bug with this command:

vyos@am-rt-001# run show qos shaper interface bond0 class 10
--------------------------------------------------------------------------------
Interface: bond0
Policy Name: EGRESSQOS

Class    Type        Bandwidth    Max. BW       Bytes    Pkts    Drops    Queued
-------  --------  -----------  ---------  ----------  ------  -------  --------
root     htb         20.000 Gb  20.000 Gb  606.830 KB    9638        0         0
10       fq_codel     2.000 Gb   1.000 Gb        0  B       0        0         0
default  red          8.600 Gb  20.000 Gb  606.830 KB    9638        0         0

I think I should to see only details of class 10 no ?

4

No, that was the intent with the command. You’ll always see root and default, it just filters the classes. In your example 2 is no longer present.

1 Like
5

As far as your original problem, it appears you’ve found a bug. The filter is empty when trying to apply those flags. This returns no output:

sudo tc filter show dev eth1

If you manually configure it with tc, it’s fine:

sudo tc filter show dev eth1
filter parent 1: protocol ip pref 10 u32 chain 0
filter parent 1: protocol ip pref 10 u32 chain 0 fh 800: ht divisor 1
filter parent 1: protocol ip pref 10 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:2 not_in_hw
  match 00060000/00ff0000 at 8

run show qos shaper
--------------------------------------------------------------------------------
Interface: eth1
Policy Name: EGRESS-QOS

Class    Type      Bandwidth    Max. BW       Bytes    Pkts    Drops    Queued
-------  ------  -----------  ---------  ----------  ------  -------  --------
root     htb       20.000 Gb  20.000 Gb  103.666 KB     791        0         0
2        sfq        4.000 Gb   1.000 Gb       74  B       1        0         0

You can submit a bug report at https://vyos.dev

6

thanks a lot for your help.
Yep, I did it manually and it’s work too.
I will post this issue on vyos.dev

have a good day

2 Likes
7

Hum… ok I’m waiting patiently

Capture d’écran du 2025-04-28 10-30-36
Capture d’écran du 2025-04-28 10-30-36596×196 9.21 KB