From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi0-x233.google.com (mail-oi0-x233.google.com [IPv6:2607:f8b0:4003:c06::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 3944C3B25E for ; Wed, 12 Oct 2016 04:11:15 -0400 (EDT) Received: by mail-oi0-x233.google.com with SMTP id m72so52695538oik.3 for ; Wed, 12 Oct 2016 01:11:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ufIU2lJEi4pHUUMSM+rW79iARkz1dl+AzteU7mr7pog=; b=vBeN6ffnrBaJRQ/l20OKuthoznkUEcFk5H1e894C4Ello0Z34FRWUbx02aeMvOMgs9 N8Vzqmp8qwMf/qSC9mAUELIRVm+GHsEMgQFUbhAYE4wqDdxJmAsUzvnv3222n6b37Wea WiAXfZJ9RWZrbB5p7p7OlAAdJ5/4YyxnnqFvn4nz95Cfr8P+IDnC6mb5cHF6vjeXsFQk B6Feap60aigYfyKEmZ6p6CC/YRT6/5C7M3LQGlvOO5sA6J83m0QLRPmVLKU5P7bOAqP6 wH9Si8ti2Ib02P4/itgeuEl1hy74gL1R7D7eC+TZSKILT9EXvHvGSPoNg/NoKjob/Prr hZOw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ufIU2lJEi4pHUUMSM+rW79iARkz1dl+AzteU7mr7pog=; b=lXYboyVgef9ffbS6s61mqSHsmhCDSaX0jAELt3c3cV/CIYC7N9vNiS2RCQyD5WBoq3 4mLtV+avpZ97l+p2BXigW0o+mWb+O7DTXd6TuN5V0t39PSXuuFPBgFeYENJyI3DJApQf eTGAevb76OnzqvhX8tFEc/7IjloK4f1k4mLlafLh8heWdc0NBDAyiw5RYHsiw0wIYFHI PAGCc6sRJ91SYs0qXivi+58tjM0DK/q8HBudUBdrU5M/BLeW0/flBA5HST6VLdvUl/iC N+8l20SDwY1h1wOpEk0wc0k1unJNxFsP29AlwQaNbr+iKpoeF8ZRelSQog8R7uauBWYH bZrg== X-Gm-Message-State: AA6/9Rlprb3RwvSPjgSYPFcjxSjZiq9wdVwUkNef2+Jngkt+iafyWsZiNu1RpGwSOwyVZ2vUT1CMc0dRdA8iKQ== X-Received: by 10.202.253.212 with SMTP id b203mr5116592oii.171.1476259874610; Wed, 12 Oct 2016 01:11:14 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.49.136 with HTTP; Wed, 12 Oct 2016 01:11:14 -0700 (PDT) In-Reply-To: <4D2419FB-6649-4250-9D42-E6EDECFFCCDE@gmail.com> References: <4D2419FB-6649-4250-9D42-E6EDECFFCCDE@gmail.com> From: ching lu Date: Wed, 12 Oct 2016 16:11:14 +0800 Message-ID: To: Jonathan Morton Cc: cake@lists.bufferbloat.net Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [Cake] diffserv based on firewall mark X-BeenThere: cake@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Cake - FQ_codel the next generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Oct 2016 08:11:15 -0000 For egress, setting DSCP field should work. iptables -> wan egress -> cake But is it possible to set DSCP to 0x0 after cake's classification? i do not know how ISP handle non-zero DSCP, there seems to be no standard for this. For ingress, DSCP field may not be set by network peer at all, and i have multiple LAN interfaces AFAIK, the order is "wan ingress -> ifb egress -> cake -> iptables" The trick of setting DSCP by iptables do not work because cake comes first On Wed, Oct 12, 2016 at 3:26 PM, Jonathan Morton wr= ote: > >> On 12 Oct, 2016, at 08:52, ching lu wrote: >> >> I deprioritize bittorrent traffic by marking related connections in >> iptables (e.g. detect by port number) and route them to corresponding >> HTB class and qdisc. >> >> How can i archive the same goal using the cake qdisc? > > Modify your iptables rules to set the DSCP rather than a kernel-internal = mark. You probably want "-j DSCP =E2=80=94set-dscp-class CS1=E2=80=9D, as = CS1 is the =E2=80=9Cbulk low priority=E2=80=9D code. Cake=E2=80=99s defaul= t Diffserv mode will pick that up appropriately. > > You also need to make sure Cake sees your packets *after* they=E2=80=99ve= been through the firewall, which generally means attaching it to the egres= s port in each direction, not the ingress port. You=E2=80=99ve probably al= ready done this, if you=E2=80=99re happy with your HTB setup. > > If you have multiple LAN interfaces (eg, both Ethernet and wifi), you sho= uld loop the inbound traffic through a common IFB device (and attach Cake t= o that instead of the physical interfaces) to simplify configuration. > > - Jonathan Morton >