From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 48B463B2A4 for ; Wed, 1 Mar 2017 18:14:33 -0500 (EST) Received: by mail-wm0-x22e.google.com with SMTP id v186so122355626wmd.0 for ; Wed, 01 Mar 2017 15:14:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=scnCzaGu4+TrSxA/uEZPr3ytYo0JIjfqFEqbFylHZQc=; b=rU7y+bIo6U3cX2lLSEZ0YdKxCdFZDvazF/VplEGlB4+x/mOk0bI1vtNdjnBnySuMtI lnIAENz48cDlKqXkJrd4BnunjRgmdCTUnkBkT76u5h5uKraxHZOhT/uR9MeIFyQZNdkH HppP6m/Pe4lHxbCPY/J36+5qAbYt3w5qwypw8N/IigAse7Jbl3zbUcAMcEVhIArWtyKo aOFmj0fn/5mqX8LX3sNXzLFDT6BoI5swwQXPCZ4aG3cw8WVG+O1uQyx+67AFUOWXywN0 PEyJUrbsJ0BN3rdPtwIddSZE9sJdEWPT0AgeUeoLmX3CsBhireGA+igTM3p8fyxL1Csz CHmQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=scnCzaGu4+TrSxA/uEZPr3ytYo0JIjfqFEqbFylHZQc=; b=dbvAXnj54rFD/VLbkU/c0xg0KObtVzPbgm3PXLbno+YX4WaW8N424KwYOpeA7ptiPw 090FU65d83c7MFHQLgO78bVrg5BQqI+moozUUT6lVSZKoZ54DUquXNl9ucdPHuIDXWZI kGNqnQonr6fpwMdTLieY1AlA5EfPoc/vsABdqo2R2KZno0l64wNrZkGdXhv/nMu5boaU Dc0XVVb1n0dDDdT821SYM2otSndpXT1Y8bkU/iS//D5Pfoe4US74YzasxlQacz5u4IK0 Xoz5Rt14PcdP9S3sIYTf/v+jQdU27YYmuevfs19abwNLxzxwU7TlFnXiYs9UuoSqGcRr kuBw== X-Gm-Message-State: AMke39kYPdNyxEUrtYj6eAIlUQrj3IQTDsxe6q6VIU16EsiPI8rH1M/8/x7Mlu4lioWrJw== X-Received: by 10.28.159.73 with SMTP id i70mr5425984wme.78.1488410072094; Wed, 01 Mar 2017 15:14:32 -0800 (PST) Received: from [192.168.0.3] (189.182.7.51.dyn.plus.net. [51.7.182.189]) by smtp.gmail.com with ESMTPSA id r5sm8415659wra.25.2017.03.01.15.14.31 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Mar 2017 15:14:31 -0800 (PST) To: Jonathan Morton Cc: cake@lists.bufferbloat.net References: <5E17AA80-FF83-4CEA-A1C8-BF12B0031CBD@gmail.com> <5c6be902-a9a4-87d1-3b09-35da09be5c59@gmail.com> From: Andy Furniss Message-ID: <1dfdac92-42b6-2406-2487-964f3cccad86@gmail.com> Date: Wed, 1 Mar 2017 23:14:29 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 MIME-Version: 1.0 In-Reply-To: <5c6be902-a9a4-87d1-3b09-35da09be5c59@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Cake] Putting cake under dsmark on ingress ifb X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2017 23:14:33 -0000 Andy Furniss wrote: > TODO see if it's possible with actions to set dscp when using connmark to > choose the flow. So I had a go at this and got a working solution - with some interesting fails on the way. My ISP doesn't do ipv6 so that is untested and wouldn't work for anyone using any examples I post here in the sense that I use protocol ip. So a working test = use iptables to set a connmark 1 for this test on something then - tc qdisc add dev ppp0 ingress tc filter add dev ppp0 parent ffff: prio 1 protocol ip u32 match u32 0 0 action connmark continue tc filter add dev ppp0 parent ffff: prio 2 protocol ip handle 1 fw action xt -j DSCP --set-dscp-class cs1 action mirred egress redirect dev ifb0 tc filter add dev ppp0 parent ffff: prio 3 protocol ip u32 match u32 0 0 action mirred egress redirect dev ifb0 Minor nit with this method = directly matching unmarked like .... handle 0 fw .... doesn't work, so you need to allow for that or test ematch which IIRC can do nfmark - untested by me. The fail = try to use something like tc filter add dev ppp0 parent ffff: prio 1 protocol ip u32 match u32 0 0 action xt -j CONNMARK --restore-mark action continue Testing on my router box with old iptables this was accepted OK but didn't actually work. I updated iptables and rebuilt cake-iproute against the new version to see if it made any difference - tc segfaulted. Moving testing to my desktop which has a newer kernel I got the same result. Next test = use vanilla git iproute2, even worse = Oops. So may be best to avoid that one for now :-).