> On 22 Mar 2019, at 21:24, Kevin Darbyshire-Bryant > <ke...@darbyshire-bryant.me.uk> wrote: > > It looks like act_conndscp has been shot down by the kernel people, at least > in its current form. Setting a conntrack mark from tc is regarded as “not > sure if it is a good idea”. The other way (conntrack to skb) is fine. > That’s sort of good news in that ingress is the hard bit as it’s problematic > with iptables. > > egress is within iptables coverage - ‘just’ need a way to store a DSCP & flag > to conntrack mark.
Never give in, never surrender. Hacked together an iptables connmark extension that saves the DSCP (and optional status bit/s) to the conntrack mark ready for the ’set’ part of the tc conndscp action. So we have the two parts of the operation happening across two different subsystems (iptables for the DSCP->connmark - tc action for the connmark -> DSCP) Two patches - one kernel space and possibly tolerable. One user space which is an iptables copy&paste abomination but it *does* work on my openwrt router. And yet another version of ‘my_layer_cake’ showing how I use it. Cheers, Kevin D-B gpg: 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
0001-xt_connmark-savedscp.patch
Description: 0001-xt_connmark-savedscp.patch
0001-savedscp.patch
Description: 0001-savedscp.patch
my_layer_cake.qos
Description: my_layer_cake.qos
_______________________________________________ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake
