Re: [Cake] act_conndscp
On Wed, 20 Mar 2019 at 07:57, Kevin Darbyshire-Bryant wrote: > > > > > On 19 Mar 2019, at 21:24, Ryan Mounce wrote: > > > > Hi Kevin, > > > > I've finally applied your patches, compiled, and flashed on my router. > > Could you share your tc filter action for conndscp to get me started? > > Ahh! Ooops yes knew I forgot something - here’s my hacked up > sqm-scripts/my_layer_cake.qos Okay... I've just spent far longer than I'd like to admit relearning the basics of tc filter in order to minify my scripts, but everything is working now. See attached for my usage. I'm back to using the Turris Omnia which has more than enough grunt to handle my 100/40 link, so I haven't put much thought into optimisation. The only gotcha I ran into with your patch is the explanation > MODE get (typically ingress) set (typically egress) This is backwards, but it's confusing anyway. 'get' also sets bits in the connmark while 'set' also gets bits from the connmark. I'd suggest changing 'get' to 'save', and 'set' to 'restore'. # /etc/rc.local # EGRESS tc qdisc del dev eth2 root tc qdisc replace dev eth2 root handle : cake \ dual-srchost nat fwmark 0x03 wash ack-filter oceanic mpu 64 overhead 26 bandwidth 40Mbit tc -s qdisc show dev eth2 tc filter del dev eth2 parent : tc filter replace dev eth2 parent : matchall action \ conndscp mask 0xfc00 statemask 0x0100 mode get tc -s filter show dev eth2 parent : # INGRESS ip link add name ibe2 type ifb ip link set dev ibe2 up tc qdisc del dev ibe2 root tc qdisc replace dev ibe2 root cake \ ingress dual-dsthost nat fwmark 0x03 ack-filter oceanic mpu 64 overhead 26 bandwidth 99Mbit tc -s qdisc show dev ibe2 tc qdisc del dev eth2 ingress tc qdisc replace dev eth2 ingress handle : tc filter del dev eth2 parent : tc filter replace dev eth2 parent : matchall action \ connmark \ conndscp mask 0xfc00 statemask 0x0100 mode set \ mirred egress redirect dev ibe2 tc -s filter show dev eth2 parent : # /etc/firewall.user iptables -t mangle -N mangle_forward_eth2 ip6tables -t mangle -N mangle_forward_eth2 iptables -t mangle -A mangle_forward_eth2 -j CONNMARK --restore-mark --ctmask 0x03 ip6tables -t mangle -A mangle_forward_eth2 -j CONNMARK --restore-mark --ctmask 0x03 iptables -t mangle -A mangle_forward_eth2 -m mark ! --mark 0 -j RETURN ip6tables -t mangle -A mangle_forward_eth2 -m mark ! --mark 0 -j RETURN # Put all traffic to/from this host in cake's bulk tin iptables -t mangle -A mangle_forward_eth2 -m mac --mac-source 01:23:45:67:89:ab -j MARK --set-mark 1 ip6tables -t mangle -A mangle_forward_eth2 -m mac --mac-source 01:23:45:67:89:ab -j MARK --set-mark 1 iptables -t mangle -A mangle_forward_eth2 -m mark --mark 0 -j RETURN ip6tables -t mangle -A mangle_forward_eth2 -m mark --mark 0 -j RETURN iptables -t mangle -A mangle_forward_eth2 -j CONNMARK --save-mark --ctmask 0x03 --nfmask 0x03 ip6tables -t mangle -A mangle_forward_eth2 -j CONNMARK --save-mark --ctmask 0x03 --nfmask 0x03 iptables -t mangle -A FORWARD -o eth2 -j mangle_forward_eth2 ip6tables -t mangle -A FORWARD -o eth2 -j mangle_forward_eth2 ___ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake
Re: [Cake] act_conndscp
Kevin Darbyshire-Bryant writes: >> On 19 Mar 2019, at 21:41, Toke Høiland-Jørgensen wrote: >> >> Kevin Darbyshire-Bryant writes: >> On 19 Mar 2019, at 21:24, Ryan Mounce wrote: Hi Kevin, I've finally applied your patches, compiled, and flashed on my router. Could you share your tc filter action for conndscp to get me started? >>> >>> Ahh! Ooops yes knew I forgot something - here’s my hacked up >>> sqm-scripts/my_layer_cake.qos >> >> So this only works with your patched version of CAKE that interprets the >> fwmark as a DSCP value, right? >> > > No. It is completely qdisc agnostic/independent. > > The tc conndscp action stores/restores DSCP to/from the conntrack > mark. CAKE is completely unmodified and looking at DSCP for tin > selection. Ohh, right, silly me... It also goes the other way; of course :) -Toke ___ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake
Re: [Cake] act_conndscp
> On 19 Mar 2019, at 21:41, Toke Høiland-Jørgensen wrote: > > Kevin Darbyshire-Bryant writes: > >>> On 19 Mar 2019, at 21:24, Ryan Mounce wrote: >>> >>> Hi Kevin, >>> >>> I've finally applied your patches, compiled, and flashed on my router. >>> Could you share your tc filter action for conndscp to get me started? >> >> Ahh! Ooops yes knew I forgot something - here’s my hacked up >> sqm-scripts/my_layer_cake.qos > > So this only works with your patched version of CAKE that interprets the > fwmark as a DSCP value, right? > No. It is completely qdisc agnostic/independent. The tc conndscp action stores/restores DSCP to/from the conntrack mark. CAKE is completely unmodified and looking at DSCP for tin selection. Cheers, Kevin D-B gpg: 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A ___ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake
Re: [Cake] act_conndscp
Kevin Darbyshire-Bryant writes: >> On 19 Mar 2019, at 21:24, Ryan Mounce wrote: >> >> Hi Kevin, >> >> I've finally applied your patches, compiled, and flashed on my router. >> Could you share your tc filter action for conndscp to get me started? > > Ahh! Ooops yes knew I forgot something - here’s my hacked up > sqm-scripts/my_layer_cake.qos So this only works with your patched version of CAKE that interprets the fwmark as a DSCP value, right? -Toke ___ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake
Re: [Cake] act_conndscp
> On 19 Mar 2019, at 21:24, Ryan Mounce wrote: > > Hi Kevin, > > I've finally applied your patches, compiled, and flashed on my router. > Could you share your tc filter action for conndscp to get me started? Ahh! Ooops yes knew I forgot something - here’s my hacked up sqm-scripts/my_layer_cake.qos Cheers, Kevin D-B gpg: 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A my_layer_cake.qos Description: my_layer_cake.qos ___ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake
Re: [Cake] act_conndscp
Hi Kevin, I've finally applied your patches, compiled, and flashed on my router. Could you share your tc filter action for conndscp to get me started? -Ryan On Wed, 20 Mar 2019 at 06:39, Kevin Darbyshire-Bryant wrote: > > I’m not looking forward to the response/s from upstream but we shall see :-) > > Here are the patches for a new tc action conndscp - both the kernel module > and tc’s control of it. > > > > > Cheers, > > Kevin D-B > > gpg: 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A > ___ > Cake mailing list > Cake@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cake ___ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake
[Cake] act_conndscp
I’m not looking forward to the response/s from upstream but we shall see :-) Here are the patches for a new tc action conndscp - both the kernel module and tc’s control of it. Cheers, Kevin D-B gpg: 012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A 0001-initial-experimental-support-for-act_conndscp.patch Description: 0001-initial-experimental-support-for-act_conndscp.patch 0001-net-sched-Introduce-conndscp-action-5.0.patch Description: 0001-net-sched-Introduce-conndscp-action-5.0.patch 0001-net-sched-Introduce-conndscp-action-14.4.patch Description: 0001-net-sched-Introduce-conndscp-action-14.4.patch ___ Cake mailing list Cake@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cake