[Cake] act_conndscp

Kevin Darbyshire-Bryant kevin at darbyshire-bryant.me.uk
Sat Mar 23 14:35:17 EDT 2019 


> On 22 Mar 2019, at 21:24, Kevin Darbyshire-Bryant <kevin at darbyshire-bryant.me.uk> wrote:
> 
> It looks like act_conndscp has been shot down by the kernel people, at least in its current form.  Setting a conntrack mark from tc is regarded as “not sure if it is a good idea”.  The other way (conntrack to skb) is fine.  That’s sort of good news in that ingress is the hard bit as it’s problematic with iptables.
> 
> egress is within iptables coverage - ‘just’ need a way to store a DSCP & flag to conntrack mark.

Never give in, never surrender.

Hacked together an iptables connmark extension that saves the DSCP (and optional status bit/s) to the conntrack mark ready for the ’set’ part of the tc conndscp action.  So we have the two parts of the operation happening across two different subsystems (iptables for the DSCP->connmark - tc action for the connmark -> DSCP)

Two patches - one kernel space and possibly tolerable.  One user space which is an iptables copy&paste abomination but it *does* work on my openwrt router.

And yet another version of ‘my_layer_cake’ showing how I use it.


Cheers,

Kevin D-B

gpg: 012C ACB2 28C6 C53E 9775  9123 B3A2 389B 9DE2 334A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-xt_connmark-savedscp.patch
Type: application/octet-stream
Size: 2533 bytes
Desc: 0001-xt_connmark-savedscp.patch
URL: <https://lists.bufferbloat.net/pipermail/cake/attachments/20190323/b1155c5f/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-savedscp.patch
Type: application/octet-stream
Size: 8256 bytes
Desc: 0001-savedscp.patch
URL: <https://lists.bufferbloat.net/pipermail/cake/attachments/20190323/b1155c5f/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: my_layer_cake.qos
Type: application/octet-stream
Size: 6260 bytes
Desc: my_layer_cake.qos
URL: <https://lists.bufferbloat.net/pipermail/cake/attachments/20190323/b1155c5f/attachment-0005.obj>

More information about the Cake mailing list