On Wed, 20 Mar 2019 at 07:57, Kevin Darbyshire-Bryant <ke...@darbyshire-bryant.me.uk> wrote: > > > > > On 19 Mar 2019, at 21:24, Ryan Mounce <r...@mounce.com.au> wrote: > > > > Hi Kevin, > > > > I've finally applied your patches, compiled, and flashed on my router. > > Could you share your tc filter action for conndscp to get me started? > > Ahh! Ooops yes knew I forgot something - here’s my hacked up > sqm-scripts/my_layer_cake.qos
Okay... I've just spent far longer than I'd like to admit relearning the basics of tc filter in order to minify my scripts, but everything is working now. See attached for my usage. I'm back to using the Turris Omnia which has more than enough grunt to handle my 100/40 link, so I haven't put much thought into optimisation. The only gotcha I ran into with your patch is the explanation > MODE get (typically ingress) set (typically egress) This is backwards, but it's confusing anyway. 'get' also sets bits in the connmark while 'set' also gets bits from the connmark. I'd suggest changing 'get' to 'save', and 'set' to 'restore'.
# /etc/rc.local # EGRESS tc qdisc del dev eth2 root tc qdisc replace dev eth2 root handle 1111: cake \ dual-srchost nat fwmark 0x03 wash ack-filter oceanic mpu 64 overhead 26 bandwidth 40Mbit tc -s qdisc show dev eth2 tc filter del dev eth2 parent 1111: tc filter replace dev eth2 parent 1111: matchall action \ conndscp mask 0xfc000000 statemask 0x01000000 mode get tc -s filter show dev eth2 parent 1111: # INGRESS ip link add name ibe2 type ifb ip link set dev ibe2 up tc qdisc del dev ibe2 root tc qdisc replace dev ibe2 root cake \ ingress dual-dsthost nat fwmark 0x03 ack-filter oceanic mpu 64 overhead 26 bandwidth 99Mbit tc -s qdisc show dev ibe2 tc qdisc del dev eth2 ingress tc qdisc replace dev eth2 ingress handle ffff: tc filter del dev eth2 parent ffff: tc filter replace dev eth2 parent ffff: matchall action \ connmark \ conndscp mask 0xfc000000 statemask 0x01000000 mode set \ mirred egress redirect dev ibe2 tc -s filter show dev eth2 parent ffff: # /etc/firewall.user iptables -t mangle -N mangle_forward_eth2 ip6tables -t mangle -N mangle_forward_eth2 iptables -t mangle -A mangle_forward_eth2 -j CONNMARK --restore-mark --ctmask 0x03 ip6tables -t mangle -A mangle_forward_eth2 -j CONNMARK --restore-mark --ctmask 0x03 iptables -t mangle -A mangle_forward_eth2 -m mark ! --mark 0 -j RETURN ip6tables -t mangle -A mangle_forward_eth2 -m mark ! --mark 0 -j RETURN # Put all traffic to/from this host in cake's bulk tin iptables -t mangle -A mangle_forward_eth2 -m mac --mac-source 01:23:45:67:89:ab -j MARK --set-mark 1 ip6tables -t mangle -A mangle_forward_eth2 -m mac --mac-source 01:23:45:67:89:ab -j MARK --set-mark 1 iptables -t mangle -A mangle_forward_eth2 -m mark --mark 0 -j RETURN ip6tables -t mangle -A mangle_forward_eth2 -m mark --mark 0 -j RETURN iptables -t mangle -A mangle_forward_eth2 -j CONNMARK --save-mark --ctmask 0x03 --nfmask 0x03 ip6tables -t mangle -A mangle_forward_eth2 -j CONNMARK --save-mark --ctmask 0x03 --nfmask 0x03 iptables -t mangle -A FORWARD -o eth2 -j mangle_forward_eth2 ip6tables -t mangle -A FORWARD -o eth2 -j mangle_forward_eth2
_______________________________________________ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake