From: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
To: Ryan Mounce <ryan@mounce.com.au>
Cc: Cake List <cake@lists.bufferbloat.net>
Subject: Re: [Cake] act_conndscp
Date: Tue, 19 Mar 2019 21:27:31 +0000 [thread overview]
Message-ID: <AC87FD9C-70DE-4BB1-9827-AB2D5CB94FBB@darbyshire-bryant.me.uk> (raw)
In-Reply-To: <CAN+fvRaM7O3fHQiddvjEa1G_DfLvWZ2Od75kYo2hW6RSOC3x_g@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 426 bytes --]
> On 19 Mar 2019, at 21:24, Ryan Mounce <ryan@mounce.com.au> wrote:
>
> Hi Kevin,
>
> I've finally applied your patches, compiled, and flashed on my router.
> Could you share your tc filter action for conndscp to get me started?
Ahh! Ooops yes knew I forgot something - here’s my hacked up sqm-scripts/my_layer_cake.qos
Cheers,
Kevin D-B
gpg: 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
[-- Attachment #2: my_layer_cake.qos --]
[-- Type: application/octet-stream, Size: 6262 bytes --]
#!/bin/sh
# Cero3 Shaper
# A cake shaper and AQM solution that allows several diffserv marking schemes
# for ethernet gateways
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# Copyright (C) 2012-5 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller
#sm: TODO pass in the cake diffserv keyword
. ${SQM_LIB_DIR}/defaults.sh
QDISC=cake
# Default traffic classication is passed in INGRESS_CAKE_OPTS and EGRESS_CAKE_OPTS, defined in defaults.sh now
egress() {
SILENT=1 $TC qdisc del dev $IFACE root
$TC qdisc add dev $IFACE root handle cacf: $( get_stab_string ) cake \
bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}
# put an action on the egress interface to get DSCP to connmark->mark
# and to set DSCP from the stored connmark.
# this seems counter intuitive but it ensures once the mark is set that all
# subsequent egress packets have the same stored DSCP avoiding iptables rules
# to mark every packet, conndscp does it for us and then CAKE is happy using the
# DSCP
$TC filter add dev $IFACE protocol all prio 10 u32 match u32 0 0 flowid 1:1 action \
conndscp mask 0xfc000000 statemask 0x01000000 mode both
}
ingress() {
SILENT=1 $TC qdisc del dev $IFACE handle ffff: ingress
$TC qdisc add dev $IFACE handle ffff: ingress
SILENT=1 $TC qdisc del dev $DEV root
[ "$IGNORE_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS besteffort"
[ "$ZERO_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS wash"
$TC qdisc add dev $DEV root handle cace: $( get_stab_string ) cake \
bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}
$IP link set dev $DEV up
# redirect all IP packets arriving in $IFACE to ifb0
# set DSCP from conntrack mark
$TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
match u32 0 0 flowid 1:1 action \
conndscp mask 0xfc000000 statemask 0x01000000 mode set \
mirred egress redirect dev $DEV
# Configure iptables chain to mark packets
ipt -t mangle -N QOS_MARK_${IFACE}
# Change DSCP of relevant hosts/packets - this will be picked up by cake+ and placed in the firewall connmark
# also the DSCP is used as the tin selector.
iptables -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.219.5 -m comment --comment "Skybox DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
iptables -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.219.5 -m comment --comment "Skybox DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
iptables -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.219.10 -m comment --comment "Bluray DSCP CS3 Video" -j DSCP --set-dscp-class CS3
iptables -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.219.10 -m comment --comment "Bluray DSCP CS3 Video" -j DSCP --set-dscp-class CS3
iptables -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.219.12 -m tcp --sport 6981 -m comment --comment "BT DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
iptables -t mangle -A QOS_MARK_${IFACE} -p udp -s 192.168.219.12 -m udp --sport 6981 -m comment --comment "BT DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
iptables -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.219.12 -m tcp --dport 4443 -m comment --comment "BT DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
#iptables -t mangle -A QOS_MARK_${IFACE} -p tcp -s 192.168.219.12 -m tcp --dport 443 -m comment --comment "HTTPS uploads DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
iptables -t mangle -A QOS_MARK_${IFACE} -m set --match-set Bulk4 dst -j DSCP --set-dscp-class CS1 -m comment --comment "Bulk CS1 ipset"
iptables -t mangle -A QOS_MARK_${IFACE} -m set --match-set Vid4 dst -j DSCP --set-dscp-class CS3 -m comment --comment "Vid CS3 ipset"
iptables -t mangle -A QOS_MARK_${IFACE} -m set --match-set Voice4 dst -j DSCP --set-dscp-class CS4 -m comment --comment "Voice CS4 ipset"
ip6tables -t mangle -A QOS_MARK_${IFACE} -p tcp -s ::c/::ffff:ffff:ffff:ffff -m tcp --sport 6981 -m comment --comment "BT DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
ip6tables -t mangle -A QOS_MARK_${IFACE} -p udp -s ::c/::ffff:ffff:ffff:ffff -m udp --sport 6981 -m comment --comment "BT DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
ip6tables -t mangle -A QOS_MARK_${IFACE} -p tcp -s ::c/::ffff:ffff:ffff:ffff -m tcp --dport 4443 -m comment --comment "BT DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
#ip6tables -t mangle -A QOS_MARK_${IFACE} -p tcp -s ::c/::ffff:ffff:ffff:ffff -m tcp --dport 443 -m comment --comment "HTTPS uploads DSCP CS1 Bulk" -j DSCP --set-dscp-class CS1
ip6tables -t mangle -A QOS_MARK_${IFACE} -m set --match-set Bulk6 dst -j DSCP --set-dscp-class CS1 -m comment --comment "Bulk CS1 ipset"
ip6tables -t mangle -A QOS_MARK_${IFACE} -m set --match-set Vid6 dst -j DSCP --set-dscp-class CS3 -m comment --comment "Vid CS3 ipset"
ip6tables -t mangle -A QOS_MARK_${IFACE} -m set --match-set Voice6 dst -j DSCP --set-dscp-class CS4 -m comment --comment "Voice CS4 ipset"
# Send cake+ unmarked connections to the marking chain - Cake+ uses top byte as the
# i've been marked & here's the dscp placeholder.
# top 6 bits are DSCP, LSB is DSCP is valid flag
# ipt -t mangle -A PREROUTING -i $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}
ipt -t mangle -A POSTROUTING -o $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}
}
sqm_start() {
[ -n "$IFACE" ] || return 1
do_modules
verify_qdisc $QDISC "cake" || return 1
sqm_debug "Starting ${SCRIPT}"
[ -z "$DEV" ] && DEV=$( get_ifb_for_if ${IFACE} )
if [ "${UPLINK}" -ne 0 ];
then
egress
sqm_debug "egress shaping activated"
else
sqm_debug "egress shaping deactivated"
SILENT=1 $TC qdisc del dev ${IFACE} root
fi
if [ "${DOWNLINK}" -ne 0 ];
then
verify_qdisc ingress "ingress" || return 1
ingress
sqm_debug "ingress shaping activated"
else
sqm_debug "ingress shaping deactivated"
SILENT=1 $TC qdisc del dev ${DEV} root
SILENT=1 $TC qdisc del dev ${IFACE} ingress
fi
return 0
}
next prev parent reply other threads:[~2019-03-19 21:27 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 20:08 Kevin Darbyshire-Bryant
2019-03-19 21:24 ` Ryan Mounce
2019-03-19 21:27 ` Kevin Darbyshire-Bryant [this message]
2019-03-19 21:41 ` Toke Høiland-Jørgensen
2019-03-19 21:51 ` Kevin Darbyshire-Bryant
2019-03-19 21:59 ` Toke Høiland-Jørgensen
2019-03-20 3:31 ` Ryan Mounce
2019-03-20 8:25 ` Kevin Darbyshire-Bryant
2019-03-20 8:38 ` Sebastian Moeller
2019-03-20 9:01 ` Kevin Darbyshire-Bryant
2019-03-20 9:54 ` Sebastian Moeller
2019-03-20 10:15 ` Kevin Darbyshire-Bryant
2019-03-22 21:24 ` Kevin Darbyshire-Bryant
2019-03-23 18:35 ` Kevin Darbyshire-Bryant
2019-04-01 14:07 ` Kevin Darbyshire-Bryant
2019-04-01 23:52 ` Ryan Mounce
2019-03-20 9:06 ` Kevin Darbyshire-Bryant
2019-03-20 9:24 ` Kevin Darbyshire-Bryant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cake.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=AC87FD9C-70DE-4BB1-9827-AB2D5CB94FBB@darbyshire-bryant.me.uk \
--to=kevin@darbyshire-bryant.me.uk \
--cc=cake@lists.bufferbloat.net \
--cc=ryan@mounce.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox