[Cake] conntrack lookup continuation
john at sager.me.uk
Fri Feb 3 16:25:50 EST 2017
No problem. The distro I use for my firewall (LEAF-bering) doesn't support
cake yet, though I could build the module & cake-aware tc with its
toolchain, so I'll continue with HTB+fq_codel & keep an eye on this list.
On 03/02/17 19:30, Jonathan Morton wrote:
>> On 3 Feb, 2017, at 21:01, John Sager <john at sager.me.uk> wrote:
>> As cake uses diffserv to classify, it would be good to carry dscp in the
>> conntrack & transfer it to incoming packets with an 'action' on the ingress
>> filter, but carrying dscp specifically in the conntrack record would be
>> quite a significant change to other parts of linux. Hence the use of fwmark
>> and the conntrack mark field, which already exist.
> Yes, this is what I thought you meant.
> As fwmark just sets “a number” on the conntrack record, there’s no reason in principle not to have that number be a DSCP (or some reasonably transformed representation of one). The trick is then for cake to extract that number from the conntrack record (having looked it up), and if it looks valid, to use it as the packet’s DSCP instead of the one on the packet itself.
> In principle, that should not be difficult. For the moment however, I’ve got my hands full with writing a report on performance tests I’ve been running, and then getting reacquainted with some code changes that happened while I was looking elsewhere.
> - Jonathan Morton
More information about the Cake