date:20170308

Re: [wireguard-devel ] traffic shapping

2017-03-08 Thread Nicolas Prochazka

in doubt i add all ipv6 kernel options ...
and i'm using tc filter , not iptables fwmark.

Regards,
Nicolas

2017-03-08 17:00 GMT+01:00 Baptiste Jonglez :

> Hi Nicolas,
>
> For posterity, can you be more specific about how you solved your issue?
> You were simply missing traffic shaping support for IPv6 in your kernel?
> Which symbols were needed?
>
> Thanks,
> Baptiste
>
> On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote:
> > hello,
> > to close, it's working perfectly well in ipv4 and then when i correctly
> > configure my kernel, perfectly well for ipv6.
> > Regards,
> > Nicolas
> >
> > 2017-03-08 12:26 GMT+01:00 Nicolas Prochazka <
> nicolas.procha...@gmail.com>:
> >
> > > Hello again,
> > > So i verify my configuration,
> > > - on a virtual tap , traffic shaping is ok with same configuration
> > > - on physical card, traffic shaping is ok
> > > - on wg0 , all traffic are going to default queue,filter seems to be
> not
> > > applied ,  tcpdump on wg0 is ok with my queue definition, only
> difference
> > > is wg0 is configured as ipv6 tunnel.
> > >
> > >
> > > Regards,
> > > NIcolas
> > >
> > >
> > >
> > > 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <
> nicolas.procha...@gmail.com>
> > > :
> > >
> > >> Hello,
> > >> is there an incompatibilty between wireguard and traffic shaping or i
> > >> misconfig something  ?
> > >>
> > >> After configuring Qos , I need to add filter to flow
> > >>
> > >> If i'm trying with simple tc command :
> > >> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip
> dport 80
> > >> 0x flowid 1:10
> > >>
> > >> or If i'm trying with tc + iptables,
> > >>
> > >> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid
> 1:10
> > >> and iptables mark rules,
> > >>
> > >> traffic seems to be not "apply" to queue .
> > >>
> > >> Regards,
> > >> Nicolas Prochazka.
> > >>
> > >> -
> > >> Example :  after this configuration, traffic on wg0 on port
> 80,443,8080
> > >> are going to 1:30 ,not to 1:10
> > >> _trafficShappingMaxRate=15
> > >>
> > >> tc qdisc del dev wg0 root
> > >>
> > >> tc qdisc add dev wg0 root handle 1: htb default 30
> > >>
> > >> # Base
> > >> tc class add dev wg0 parent 1: classid 1:1 htb rate
> > >> ${_trafficShappingMaxRate}mbit burst 15k
> > >>
> > >> # http/https
> > >>
> > >> # Class 1:10,
> > >> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
> > >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst
> 15k
> > >>
> > >> # Class 1:20,
> > >> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
> > >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit
> burst 15k
> > >>
> > >> # Class 1:30, which has a rate of 1kbit. This one is the default
> class.
> > >> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil
> 1mbit
> > >> burst 15k
> > >>
> > >> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
> > >> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
> > >> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
> > >>
> > >> # --- associate queue with traffic
> > >>
> > >> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw
> flowid
> > >> 1:10
> > >> # http/https
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 80 0x flowid 1:10
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 443 0x flowid 1:10
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 8080 0x flowid 1:10
> > >> # ncfs
> > >> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip
> dport
> > >> 16379 0x flowid 1:20
> > >> # icmp
> > >> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match  ip
> protocol
> > >> 1 0xff flowid 1:30
> > >>
> > >> tc -s qdisc ls dev wg0
> > >>
> > >>
> > >
>
> > ___
> > WireGuard mailing list
> > WireGuard@lists.zx2c4.com
> > https://lists.zx2c4.com/mailman/listinfo/wireguard
>
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Release monitoring (Was: Wireguard added to Alpine Linux)

2017-03-08 Thread Baptiste Jonglez

Hi Stuart,

On Thu, Mar 02, 2017 at 09:49:53PM +, Stuart Cardall wrote:
> To monitor releases @ Alpine we use https://release-monitoring.org/ - if
> it doesn't pick up the changes I'll subscribe.

Thanks for mentioning this, it's a nice tool!  I started using it for
other projects.  By the way, receiving notification emails is non-obvious:
you have to register on https://apps.fedoraproject.org/notifications and
add a filter that matches the upstream projects you are interested in.

I just added wireguard [1], the monitoring system is configured to scrape
https://git.zx2c4.com/WireGuard/ and look for "WireGuard-([\d\.]*).tar.xz"
to extract a version number.

Baptiste

[1] https://release-monitoring.org/project/13481/

signature.asc
Description: PGP signature
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [wireguard-devel ] traffic shapping

2017-03-08 Thread Baptiste Jonglez

Hi Nicolas,

For posterity, can you be more specific about how you solved your issue?
You were simply missing traffic shaping support for IPv6 in your kernel?
Which symbols were needed?

Thanks,
Baptiste

On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote:
> hello,
> to close, it's working perfectly well in ipv4 and then when i correctly
> configure my kernel, perfectly well for ipv6.
> Regards,
> Nicolas
> 
> 2017-03-08 12:26 GMT+01:00 Nicolas Prochazka :
> 
> > Hello again,
> > So i verify my configuration,
> > - on a virtual tap , traffic shaping is ok with same configuration
> > - on physical card, traffic shaping is ok
> > - on wg0 , all traffic are going to default queue,filter seems to be not
> > applied ,  tcpdump on wg0 is ok with my queue definition, only difference
> > is wg0 is configured as ipv6 tunnel.
> >
> >
> > Regards,
> > NIcolas
> >
> >
> >
> > 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka 
> > :
> >
> >> Hello,
> >> is there an incompatibilty between wireguard and traffic shaping or i
> >> misconfig something  ?
> >>
> >> After configuring Qos , I need to add filter to flow
> >>
> >> If i'm trying with simple tc command :
> >> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80
> >> 0x flowid 1:10
> >>
> >> or If i'm trying with tc + iptables,
> >>
> >> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
> >> and iptables mark rules,
> >>
> >> traffic seems to be not "apply" to queue .
> >>
> >> Regards,
> >> Nicolas Prochazka.
> >>
> >> -
> >> Example :  after this configuration, traffic on wg0 on port 80,443,8080
> >> are going to 1:30 ,not to 1:10
> >> _trafficShappingMaxRate=15
> >>
> >> tc qdisc del dev wg0 root
> >>
> >> tc qdisc add dev wg0 root handle 1: htb default 30
> >>
> >> # Base
> >> tc class add dev wg0 parent 1: classid 1:1 htb rate
> >> ${_trafficShappingMaxRate}mbit burst 15k
> >>
> >> # http/https
> >>
> >> # Class 1:10,
> >> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
> >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k
> >>
> >> # Class 1:20,
> >> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
> >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 
> >> 15k
> >>
> >> # Class 1:30, which has a rate of 1kbit. This one is the default class.
> >> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit
> >> burst 15k
> >>
> >> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
> >> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
> >> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
> >>
> >> # --- associate queue with traffic
> >>
> >> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid
> >> 1:10
> >> # http/https
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> >> 80 0x flowid 1:10
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> >> 443 0x flowid 1:10
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> >> 8080 0x flowid 1:10
> >> # ncfs
> >> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport
> >> 16379 0x flowid 1:20
> >> # icmp
> >> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match  ip protocol
> >> 1 0xff flowid 1:30
> >>
> >> tc -s qdisc ls dev wg0
> >>
> >>
> >

> ___
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard



signature.asc
Description: PGP signature
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [wireguard-devel ] traffic shapping

2017-03-08 Thread Nicolas Prochazka

Hello again,
So i verify my configuration,
- on a virtual tap , traffic shaping is ok with same configuration
- on physical card, traffic shaping is ok
- on wg0 , all traffic are going to default queue,filter seems to be not
applied ,  tcpdump on wg0 is ok with my queue definition, only difference
is wg0 is configured as ipv6 tunnel.


Regards,
NIcolas



2017-03-06 18:40 GMT+01:00 Nicolas Prochazka :

> Hello,
> is there an incompatibilty between wireguard and traffic shaping or i
> misconfig something  ?
>
> After configuring Qos , I need to add filter to flow
>
> If i'm trying with simple tc command :
> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80
> 0x flowid 1:10
>
> or If i'm trying with tc + iptables,
>
> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
> and iptables mark rules,
>
> traffic seems to be not "apply" to queue .
>
> Regards,
> Nicolas Prochazka.
>
> -
> Example :  after this configuration, traffic on wg0 on port 80,443,8080
> are going to 1:30 ,not to 1:10
> _trafficShappingMaxRate=15
>
> tc qdisc del dev wg0 root
>
> tc qdisc add dev wg0 root handle 1: htb default 30
>
> # Base
> tc class add dev wg0 parent 1: classid 1:1 htb rate
> ${_trafficShappingMaxRate}mbit burst 15k
>
> # http/https
>
> # Class 1:10,
> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k
>
> # Class 1:20,
> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k
>
> # Class 1:30, which has a rate of 1kbit. This one is the default class.
> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit
> burst 15k
>
> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
>
> # --- associate queue with traffic
>
> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid
> 1:10
> # http/https
> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> 80 0x flowid 1:10
> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> 443 0x flowid 1:10
> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> 8080 0x flowid 1:10
> # ncfs
> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport
> 16379 0x flowid 1:20
> # icmp
> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match  ip protocol
> 1 0xff flowid 1:30
>
> tc -s qdisc ls dev wg0
>
>
___
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: [wireguard-devel ] traffic shapping

Release monitoring (Was: Wireguard added to Alpine Linux)

Re: [wireguard-devel ] traffic shapping

Re: [wireguard-devel ] traffic shapping

4 matches

Site Navigation

Mail list logo

Footer information