My take on it was doing it in iptables was inefficient, error prone, and slow. Interfacing to other people's iptables implementations was and remains especially error prone.
My view has always been that iptables should be used mostly for firewall rules. I had also had delusions of being able to apply this code and user facing to other OSes like BSD, which lack iptables, per se'. I further had delusions of ultimately replacing tc_mirred with something that could do it as directly part of the ingress qdisc, where I hoped it would speed up by lot by avoiding a copy. as for the dscp re-writing issue, by all means, if you want to rewrite it further than 0, do it with other, custom rules, which eliminates the api issue jonathon mentioned, after rewriting it to 0, and after nat is translated. We need better iptables functionality to do dscp more right in the first place. Am I the only one whose ISP (comcast) remarks all non-best effort traffic as background? On Wed, Jun 1, 2016 at 6:51 AM, Jonathan Morton <chromati...@gmail.com> wrote: > >> On 1 Jun, 2016, at 15:25, Benjamin Cronce <bcro...@gmail.com> wrote: >> >> 1) Ideally, regardless of platform, should an AQM or scheduler have the >> responsibility of changing anything other than ECN? > > This was in part my original objection to having the squash/wash feature in > Cake. > > The other part is that if we are going to rewrite the rest of the TOS byte > (not just the ECN bits), then we should do it properly, which requires a > rather substantial extension to the configuration API, even if we only try to > cover the most obvious use-cases. > > This would then be a “semi proprietary” DSCP configurator, acting > independently of Cake’s core AQM and shaping functions, which would have to > be duplicated in other AQMs which had similar aims to Cake. That’s not a > good thing, and feeds back into the first point. > > Hence the correct solution is to put DSCP rewriting elsewhere, making it > reusable. > > In Linux, doing ingress DSCP rewriting before it hits the ingress qdisc > presently requires the rewriter itself to be a qdisc, but this can have Cake > as a child qdisc. For the simple “clearing” case iptables can be used > instead, as long as Cake is configured to ignore the inbound DSCP using the > “besteffort” flag. > > - Jonathan Morton > > _______________________________________________ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake -- Dave Täht Let's go make home routers and wifi faster! With better software! http://blog.cerowrt.org _______________________________________________ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake
