From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 1D73221F2F1 for ; Sun, 12 Apr 2015 23:37:42 -0700 (PDT) Received: by qkhg7 with SMTP id g7so164412786qkh.2 for ; Sun, 12 Apr 2015 23:37:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:content-type; bh=NI6sGXYgrRQEcr+bfoJg+XwjzKtblEox8yHX7/bknjo=; b=J6+7JUqZMnLzwRGhNQNEDg22kIPfaODlGnAlRg1L+NNuj1avpSND+EcLR9JR4xS9BN BJbt8pwBdfTTUJ4HQWnDx3l9oBMVFXhQMkEkYgQSQaR9gPNU3m1WP3hqrWRpP6KlYsof BgBxWyKb4hPuXLVcvMgqI7mvbpsbojHj92stgH0qhbWcJqbq09pVKLN32M+MuU+tEeTQ 0YQl2MCjOMkmC5kDLQGnFji6bCL6QzVqY74HVddlbC0txKr2GyFtiWM6pAH7qEVkLCKW Gctw/ZKOFUFBmhN6F61OQC+uii+XEDPu0RAVGPED6QZBFUQKy+abZgw5OWkJl7Sb3hrc jw7Q== X-Received: by 10.182.255.231 with SMTP id at7mr11030805obd.20.1428907056902; Sun, 12 Apr 2015 23:37:36 -0700 (PDT) MIME-Version: 1.0 Sender: white.phoenix@gmail.com Received: by 10.202.188.8 with HTTP; Sun, 12 Apr 2015 23:37:06 -0700 (PDT) From: leetminiwheat Date: Mon, 13 Apr 2015 02:37:06 -0400 X-Google-Sender-Auth: vt9Jf-8dqlEU_HQwBJItqbBZEQg Message-ID: To: cerowrt-devel Content-Type: multipart/alternative; boundary=001a1134aaae8b37460513955910 Subject: [Cerowrt-devel] squash/ignore DSCP and mangle table questions X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Apr 2015 06:38:11 -0000 --001a1134aaae8b37460513955910 Content-Type: text/plain; charset=UTF-8 Apologies if this is the wrong list, but cerowrt-users is empty and I'm not sure if I should spam the codel or sqm related lists. I can't quite wrap my head around how the "Squash DSCP on inbound packets (ingress):" and "Ignore DSCP on ingress" work under the SQM Luci page and how this might affect my rules for --set-dscp I'm trying to flag all packets on a certain port to/from a certain interface (sw10) as DSCP 0x2e (or EF), which WMM should set as VoIP (for mumble voice traffic, which the mobile phone app or the server doesn't seem to set properly so the phone thinks it's regular traffic) I took a look at the simple.qos script, as well as the mangle table but I'm still a bit confused. Here's the relevant snippet from 'iptables -S -t mangle' with it set to "DO NOT SQUASH" and "ALLOW" -N QOS_MARK_ge00 -N fwmark -A PREROUTING -i vtun+ -p tcp -j MARK --set-xmark 0x2/0xff -A PREROUTING -i ge00 -m mark --mark 0x0/0xff -g QOS_MARK_ge00 -A PREROUTING -j fwmark -A POSTROUTING -o ge00 -m mark --mark 0x0/0xff -g QOS_MARK_ge00 -A QOS_MARK_ge00 -j MARK --set-xmark 0x2/0xff -A QOS_MARK_ge00 -m dscp --dscp 0x08 -j MARK --set-xmark 0x3/0xff -A QOS_MARK_ge00 -m dscp --dscp 0x30 -j MARK --set-xmark 0x1/0xff -A QOS_MARK_ge00 -m dscp --dscp 0x2e -j MARK --set-xmark 0x1/0xff -A QOS_MARK_ge00 -m dscp --dscp 0x24 -j MARK --set-xmark 0x1/0xff -A QOS_MARK_ge00 -m tos --tos 0x10/0x3f -j MARK --set-xmark 0x1/0xff and the full iptables -vnL -t mangle output is here (to reduce spam): https://pastebin.com/raw.php?i=uba2n1qw >From what I understand, this is just MARKing all incoming packets from ge00 for use in fq_codel based on it's DSCP tag? But does it change the DSCP when coming in and going out? Also curious why this isn't enabled by default, does it cause excessive CPU load? It seems like a gain to me. Anyways, back to my other question. I'm trying to flag tcp/udp port 6484 going to/from sw10 and these rules seems to work -t mangle -I -i sw10 -p udp -m udp --dport 6484 -m comment --comment "reclassify mumble traffic as VoIP" -j DSCP --set-dscp 0x2e -t mangle -I
-i sw10 -p tcp -m tcp --dport 6484 -m comment --comment "reclassify mumble traffic as VoIP" -j DSCP --set-dscp 0x2e -t mangle -I
-o sw10 -p udp -m udp --sport 6484 -m comment --comment "reclassify mumble traffic as VoIP" -j DSCP --set-dscp 0x2e -t mangle -I
-o sw10 -p tcp -m tcp --sport 6484 -m comment --comment "reclassify mumble traffic as VoIP" -j DSCP --set-dscp 0x2e However, I'm a bit uncertain which mangle zone to insert them into. My first thought would be to put them in the mangle FOWARD chain since it's traffic passing through the router, which I made two new zones to jump through if it sees traffic to/from sw10 but I'm not entirely certain it was working in the FORWARD chain. I did see pkts and bytes counting upward but I'm not sure it was catching ALL the traffic, or how it is related to WMM/WME which I need to function properly. next I tried the mangle PREROUTING, mangle FORWARD, and mangle POSTROUTING chains, which all 3 showed pkts and bytes but the most were in FORWARD. this is probably redundant so perhaps it only needs PREROUTING/POSTROUTING? or only FORWARD? Also, the "fwmark" chain doesn't appear to do anything unless I'm misunderstanding it. I don't see anything else referencing the chain. what is it's purpose? should this have the same MARKing rules as the QOS_MARK_ge00 table, but for forwarding? Or does marking in the PREROUTING table automatically apply to FORWARD traffic making that redundant? Chain PREROUTING (policy ACCEPT 425K packets, 395M bytes) pkts bytes target prot opt in out source destination 0 0 MARK tcp -- vtun+ * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x2/0xff 1705K 2048M QOS_MARK_ge00 all -- ge00 * 0.0.0.0/0 0.0.0.0/0 [goto] mark match 0x0/0xff 188K 86M fwmark all -- * * 0.0.0.0/0 0.0.0.0/0 Thanks in advance, and I appreciate all the work Dave and everyone else here is doing to improve the internet. I understand Cero is more of a proof of concept and testing tool, but I like to stay more on the bleeding edge of this sort of stuff due to my highly latency sensitive traffic requirements. --001a1134aaae8b37460513955910 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Apologies if this is the wrong list, but cerowrt-users is = empty and I'm not sure if I should spam the codel or sqm related lists.=

I can't quite wrap my head around how the &quo= t;Squash DSCP on inbound packets (ingress):" and "Ignore DSCP on = ingress" work under the SQM Luci page and how this might affect my rul= es for --set-dscp

I'm trying to flag all packe= ts on a certain port to/from a certain interface (sw10) as DSCP 0x2e (or EF= ), which WMM should set as VoIP (for mumble voice traffic, which the mobile= phone app or the server doesn't seem to set properly so the phone thin= ks it's regular traffic)

I took a look at the = simple.qos script, as well as the mangle table but I'm still a bit conf= used. Here's the relevant snippet from 'iptables -S -t mangle' = with it set to "DO NOT SQUASH" and "ALLOW"
-N QOS_MARK_ge00
-N fwmark
-A= PREROUTING -i vtun+ -p tcp -j MARK --set-xmark 0x2/0xff
-A PRERO= UTING -i ge00 -m mark --mark 0x0/0xff -g QOS_MARK_ge00
-A PREROUT= ING -j fwmark
-A POSTROUTING -o ge00 -m mark --mark 0x= 0/0xff -g QOS_MARK_ge00
-A QOS_MARK_ge00 -j MARK --set= -xmark 0x2/0xff
-A QOS_MARK_ge00 -m dscp --dscp 0x08 -j MARK --se= t-xmark 0x3/0xff
-A QOS_MARK_ge00 -m dscp --dscp 0x30 -j MARK --s= et-xmark 0x1/0xff
-A QOS_MARK_ge00 -m dscp --dscp 0x2e -j MARK --= set-xmark 0x1/0xff
-A QOS_MARK_ge00 -m dscp --dscp 0x24 -j MARK -= -set-xmark 0x1/0xff
-A QOS_MARK_ge00 -m tos --tos 0x10/0x3f -j MA= RK --set-xmark 0x1/0xff

and the full iptable= s -vnL -t mangle output is here (to reduce spam):=C2=A0https://pastebin.com/raw.php?i=3Duba2n1qw=

From what I understand, this is just MARKing = all incoming packets from ge00 for use in fq_codel based on it's DSCP t= ag? But does it change the DSCP when coming in and going out? Also curious = why this isn't enabled by default, does it cause excessive CPU load? It= seems like a gain to me.

Anyways, back to my othe= r question. I'm trying to flag tcp/udp port 6484 going to/from sw10 and= these rules seems to work

-t mangle -I <t= able> -i sw10 -p udp -m udp --dport 6484 -m comment --comment "recl= assify mumble traffic as VoIP" -j DSCP --set-dscp 0x2e
-t ma= ngle -I <table> -i sw10 -p tcp -m tcp --dport 6484 -m comment --comme= nt "reclassify mumble traffic as VoIP" -j DSCP --set-dscp 0x2e
-t mangle -I <table> -o sw10 -p udp -m udp --sport= 6484 -m comment --comment "reclassify mumble traffic as VoIP" -j= DSCP --set-dscp 0x2e
-t mangle -I <table> -o sw10 -p tcp -= m tcp --sport 6484 -m comment --comment "reclassify mumble traffic as = VoIP" -j DSCP --set-dscp 0x2e

However, = I'm a bit uncertain which mangle zone to insert them into. My first tho= ught would be to put them in the mangle FOWARD chain since it's traffic= passing through the router, which I made two new zones to jump through if = it sees traffic to/from sw10 but I'm not entirely certain it was workin= g in the FORWARD chain. I did see pkts and bytes counting upward but I'= m not sure it was catching ALL the traffic, or how it is related to WMM/WME= which I need to function properly. next I tried the mangle PREROUTING, man= gle FORWARD, and mangle POSTROUTING chains, which all 3 showed pkts and byt= es but the most were in FORWARD. this is probably redundant so perhaps it o= nly needs PREROUTING/POSTROUTING? or only FORWARD?

Also, the "fwmark" chain doesn't appear to do anything unles= s I'm misunderstanding it. I don't see anything else referencing th= e chain. what is it's purpose? should this have the same MARKing rules = as the QOS_MARK_ge00 table, but for forwarding? Or does marking in the PRER= OUTING table automatically apply to FORWARD traffic making that redundant?<= /div>

Chain PREROUTING (policy ACCEPT 425K packets,= 395M bytes)
=C2=A0pkts bytes target =C2=A0 =C2=A0 prot opt in = =C2=A0 =C2=A0 out =C2=A0 =C2=A0 source =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 destination
=C2=A0 =C2=A0 0 =C2=A0 =C2=A0 0 MARK = =C2=A0 =C2=A0 =C2=A0 tcp =C2=A0-- =C2=A0vtun+ =C2=A0* =C2=A0 =C2=A0 =C2=A0 = 0.0.0.0/0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A00.0.0.0/0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0MARK xset 0x2/0xff
1705K 2048M QOS_MARK_ge00 = =C2=A0all =C2=A0-- =C2=A0ge00 =C2=A0 * =C2=A0 =C2=A0 =C2=A0 0.0.0.0/0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A00.0.0.0/0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 [go= to] =C2=A0mark match 0x0/0xff
=C2=A0188K =C2=A0 86M fwmark =C2=A0= =C2=A0 all =C2=A0-- =C2=A0* =C2=A0 =C2=A0 =C2=A0* =C2=A0 =C2=A0 =C2=A0 0.0.0.0/0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A00.0.0.0/0

=

Thanks in advance, and I appreciate all the work Dave a= nd everyone else here is doing to improve the internet. I understand Cero i= s more of a proof of concept and testing tool, but I like to stay more on t= he bleeding edge of this sort of stuff due to my highly latency sensitive t= raffic requirements.










--001a1134aaae8b37460513955910--