From: leetminiwheat <LeetMiniWheat@gmail.com>
To: Sebastian Moeller <moeller0@gmx.de>
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] squash/ignore DSCP and mangle table questions
Date: Mon, 13 Apr 2015 06:27:10 -0400 [thread overview]
Message-ID: <CAGHZhqFBFOy=+V53upcqujyqXo4nngQHOuMXvZr2XM85t6YMdA@mail.gmail.com> (raw)
In-Reply-To: <F733B7A1-A2D2-4F1E-9B47-0F9F6BFFA597@gmx.de>
[-- Attachment #1: Type: text/plain, Size: 3080 bytes --]
Thanks for the reply,
On Mon, Apr 13, 2015 at 3:36 AM, Sebastian Moeller <moeller0@gmx.de> wrote:
> "Ignore DSCP on ingress”, this basically uses an 1-tier HTB
shaper on ingress, DSCP marks in the packets are simply ignored, but not
touched.
So if I understand this correctly, this means they're kind of in
passthrough mode on ignore but the qdiscs don't act on them due to no
iptables MARKing? And If *not* ignoring DSCP on ingress, they're still
passed through untouched but prioritized internally with the qdiscs?
> "Squash DSCP on inbound packets (ingress):” this will replace all
DSCP marks with 0x0 (I believe), but only after the ingress qdisc.
> In essence this means you can actually interpret ingress DSCP marks from
upstream ("Ignore DSCP on ingress” set to ALLOW) but wipe them after the
ingress shaping (with "Squash DSCP on inbound packets (ingress);” active).
So the default should be “Ignore DSCP on ingress” and Squash (the second
can be argued, as long as no one bases routing decisions on the marks they
do not hurt). The rest of your questions are beyond my expertise...
Hmm, why would we want to remove all DSCP on output then? I assume many
ISPs and routers will squash them anyways, but wouldn't it serve *some*
purpose to differentiate between different traffic types?
Also, regarding my mangling questions I think I figured out the correct
chains to insert my rules in. mangle PREROUTING and mangle POSTROUTING
because both of those have a jump at the end to a chain that MARKs for
qdiscs based on DSCP values. They appear to be working since I see the MARK
rules counting upward. I assume PRE and POST go through FORWARD anyways so
it's redundant, and using FORWARD only didn't appear to be working. I've
ended up with this:
# Mangle sw10 packets to reclassify mumble traffic. Hopefully this passes
through DSCP so WMM can recognize 0x2e as VoIP traffic
iptables -t mangle -N RECLASS_sw10
iptables -t mangle -A RECLASS_sw10 -p tcp -m tcp --sport 6484 -j DSCP
--set-dscp 0x2e
iptables -t mangle -A RECLASS_sw10 -p tcp -m tcp --dport 6484 -j DSCP
--set-dscp 0x2e
iptables -t mangle -A RECLASS_sw10 -p udp -m udp --sport 6484 -j DSCP
--set-dscp 0x2e
iptables -t mangle -A RECLASS_sw10 -p udp -m udp --dport 6484 -j DSCP
--set-dscp 0x2e
iptables -t mangle -I PREROUTING -i sw10 -j RECLASS_sw10
iptables -t mangle -I POSTROUTING -o sw10 -j RECLASS_sw10
# Mangle gw00 to reclassify guest as low priority
iptables -t mangle -N RECLASS_gw00
iptables -t mangle -A RECLASS_gw00 -j DSCP --set-dscp 0x08
iptables -t mangle -I PREROUTING -i gw00 -j RECLASS_gw00
iptables -t mangle -I POSTROUTING -o gw00 -j RECLASS_gw00
However, I'm not sure how the port specific rules handle
RELATED,ESTABLISHED because I believe the initial connection is done on
port 6484 but then it uses a random high port. I'm not sure how I could add
a RELATED,ESTABLISHED match to connections on port 6484 to my custom zone
that reclassifies to 0x2e to catch *all* traffic related to it.
[-- Attachment #2: Type: text/html, Size: 3493 bytes --]
next prev parent reply other threads:[~2015-04-13 10:27 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-13 6:37 leetminiwheat
2015-04-13 7:36 ` Sebastian Moeller
2015-04-13 10:27 ` leetminiwheat [this message]
2015-04-13 10:36 ` leetminiwheat
[not found] ` <ECC39EB0-9C54-4C17-9285-2484AD08ACF3@gmx.de>
2015-04-13 13:43 ` leetminiwheat
2015-04-13 14:16 ` leetminiwheat
2015-04-13 14:23 ` Sebastian Moeller
2015-04-13 16:48 ` leetminiwheat
2015-04-13 21:39 ` Sebastian Moeller
2015-04-15 1:35 ` leetminiwheat
2015-04-15 9:05 ` Sebastian Moeller
2015-04-22 0:19 ` leetminiwheat
2015-04-22 0:28 ` leetminiwheat
2015-04-22 9:19 ` Sebastian Moeller
2015-04-22 9:03 ` Sebastian Moeller
2015-04-22 10:17 ` leetminiwheat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGHZhqFBFOy=+V53upcqujyqXo4nngQHOuMXvZr2XM85t6YMdA@mail.gmail.com' \
--to=leetminiwheat@gmail.com \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=moeller0@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox