PDA

View Full Version : Windows 7 resets DiffServ (DSCP) to 0x00?



Ciantic
12-06-10, 11:56 AM
Hi!

OS: Windows 7 x64 Pro.

All of my packets leaving this computer are marked with DiffServ (DSCP) 0x00 why is that? I used Wireshark (http://www.wireshark.org/) to look into the packet headers.

I've been defining the DSCP values for SSH etc. using QoS policy settings from Group Policy Editor: Computer Configuration -> Windows Settings -> Policy-based QoS

Here are couple things I have tried to fix this, but none of them works:


I have QoS Packet Scheduler in Network Card settings turned on.
I have Priority / VLAN enabled from NIC settings.
I have tried qostraffic.exe (http://itexpertvoice.com/home/getting-the-most-out-of-your-windows-7-internet-connection/) and all packets are zero with this too.
I have tried to set registry entry DisableUserTOSSetting (http://technet.microsoft.com/en-us/library/cc758910(WS.10).aspx) to 0 (I created it as it did not exist on my computer)


All help is appreciated, thanks!

xedoc
12-27-10, 02:06 AM
Your problem is here:

QoS Group Policies only take effect when the Vista machine is domain joined, and on interfaces that are attached to the domain network (i.e. can see the domain controller).
While digging Seven's drivers I found hidden registry parameter to overcome this limit.
1. Go to HKLM\System\CurrentControlSet\Services\Tcpip\QoS. If "QoS" folder doesn't exist there - create it.
2. Add a DWORD parameter named "Do not use NLA" and assign "1" as its value.
3. Reboot.

Ciantic
01-05-11, 04:55 PM
Did not work for me, see also my longer post in ask.wireshark.org. (http://ask.wireshark.org/questions/1188/why-is-dscp-always-0-on-windows-7)

I have a very good test setup (see the post above), so I don't need to do guesswork once I found solution. I can verify it when it will start working.

xedoc
01-06-11, 06:36 AM
My home machine isn't domain joined and it works for me. And sorry I forgot that it must be not DWORD but REG_SZ...
Thats how it looks in my registry (Windows 7 Ultimate x64):
https://sites.google.com/site/xedocfiles/files/qos_key.jpg

And here is sample of tcpdump output at my router:

17:01:30.984530 IP (tos 0x0, ttl 54, id 54359, offset 0, flags [DF], proto TCP (6), length 1500) media5.justin.tv.80 > 172.30.4. 52.64651: . 7240:8688(1448) ack 1 win 17 <nop,nop,timestamp 713250561 17835513>
17:01:30.984942 IP (tos 0x0, ttl 54, id 54360, offset 0, flags [DF], proto TCP (6), length 1500) media5.justin.tv.80 > 172.30.4. 52.64651: . 8688:10136(1448) ack 1 win 17 <nop,nop,timestamp 713250561 17835513>
17:01:30.985480 IP (tos 0xc, ttl 63, id 19125, offset 0, flags [DF], proto TCP (6), length 64) 172.30.4.52.64651 > media5.justin .tv.80: ., cksum 0x376b (correct), 1:1(0) ack 4344 win 16652 <nop,nop,timestamp 17835533 713250521,nop,nop,sack 1 {7240:8688}>
17:01:30.985770 IP (tos 0xc, ttl 63, id 19126, offset 0, flags [DF], proto TCP (6), length 64) 172.30.4.52.64651 > media5.justin .tv.80: ., cksum 0x31c3 (correct), 1:1(0) ack 4344 win 16652 <nop,nop,timestamp 17835533 713250521,nop,nop,sack 1 {7240:10136}>
17:01:31.092575 IP (tos 0x0, ttl 1, id 30314, offset 0, flags [none], proto UDP (17), length 161) 192.168.10.23.50056 > 239.255. 255.250.1900: UDP, length 133
As you see I have non-zero tos in few packets. I had set DSCP=3 in gpedit.msc for firefox.exe and some other programs. And it works for me....

Ciantic
01-06-11, 07:29 AM
Yes, thanks!

Absolutely genius, it started working as I changed it to REG_SZ.

Out of interest what are the tools you used to look on to the Seven's drivers? I suppose some disassembler? I don't need full instructions, just list of useful tools and maybe couple of filenames so I'll try to figure the rest myself.



For others seeking solution, here is the fix as registry file (.reg):

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\QoS]
"Do not use NLA"="1"

xedoc
01-06-11, 08:16 AM
Well it was just a hex-editor. Nothing special :)
Looking for "Registry" words I found this in tcpip.sys (UTF-16 Little endian):
https://sites.google.com/site/xedocfiles/files/tcpip_dump.jpg

h2o457
11-04-11, 07:28 AM
It doesn't look like MS is making qostraffic.exe available for download any longer. Does anyone know where I can download it?