diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2023-03-10 18:19:26 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2023-03-10 18:19:26 +0100 |
commit | e275caddb607b8ff37569be66f1bf44303919502 (patch) | |
tree | 760068f7662115f44ef2b46fe89405078761370f | |
parent | 4c0e9c5d6d93a183ae60e711be3eb041dcc710a3 (diff) | |
download | nixos-e275caddb607b8ff37569be66f1bf44303919502.tar nixos-e275caddb607b8ff37569be66f1bf44303919502.tar.gz nixos-e275caddb607b8ff37569be66f1bf44303919502.tar.bz2 nixos-e275caddb607b8ff37569be66f1bf44303919502.tar.xz nixos-e275caddb607b8ff37569be66f1bf44303919502.zip |
vidhar: dscp
-rw-r--r-- | hosts/vidhar/borg/default.nix | 2 | ||||
-rw-r--r-- | hosts/vidhar/network/default.nix | 8 | ||||
-rw-r--r-- | hosts/vidhar/network/dsl.nix | 11 | ||||
-rw-r--r-- | hosts/vidhar/network/ruleset.nft | 183 |
4 files changed, 200 insertions, 4 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index dfd4885e..d6d64ec8 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix | |||
@@ -19,6 +19,8 @@ let | |||
19 | BatchMode yes | 19 | BatchMode yes |
20 | ServerAliveInterval 10 | 20 | ServerAliveInterval 10 |
21 | ServerAliveCountMax 30 | 21 | ServerAliveCountMax 30 |
22 | |||
23 | IPQoS cs1 | ||
22 | ''; | 24 | ''; |
23 | 25 | ||
24 | checkBorgUnit = { | 26 | checkBorgUnit = { |
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index 1d0f5465..e89f304a 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix | |||
@@ -43,6 +43,14 @@ with lib; | |||
43 | id = 4; | 43 | id = 4; |
44 | interface = "eno2"; | 44 | interface = "eno2"; |
45 | }; | 45 | }; |
46 | printer = { | ||
47 | id = 5; | ||
48 | interface = "eno2"; | ||
49 | }; | ||
50 | modem = { | ||
51 | id = 6; | ||
52 | interface = "eno2"; | ||
53 | }; | ||
46 | }; | 54 | }; |
47 | 55 | ||
48 | firewall.enable = false; | 56 | firewall.enable = false; |
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index aa2adf4b..2655b09a 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix | |||
@@ -66,16 +66,19 @@ in { | |||
66 | text = '' | 66 | text = '' |
67 | ethtool -K telekom tso off gso off gro off | 67 | ethtool -K telekom tso off gso off gro off |
68 | 68 | ||
69 | tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit | ||
70 | |||
71 | modprobe ifb | 69 | modprobe ifb |
72 | ip link del "ifb4${pppInterface}" || true | 70 | ip link del "ifb4${pppInterface}" || true |
73 | ip link add name "ifb4${pppInterface}" type ifb | 71 | ip link add name "ifb4${pppInterface}" type ifb |
72 | ip link set "ifb4${pppInterface}" up | ||
73 | |||
74 | tc qdisc del dev "ifb4${pppInterface}" root || true | ||
74 | tc qdisc del dev "${pppInterface}" ingress || true | 75 | tc qdisc del dev "${pppInterface}" ingress || true |
76 | tc qdisc del dev "${pppInterface}" root || true | ||
77 | |||
75 | tc qdisc add dev "${pppInterface}" handle ffff: ingress | 78 | tc qdisc add dev "${pppInterface}" handle ffff: ingress |
79 | tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}" | ||
76 | tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit | 80 | tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit |
77 | ip link set "ifb4${pppInterface}" up | 81 | tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit |
78 | tc filter add dev "${pppInterface}" parent ffff: matchall action mirred egress redirect dev "ifb4${pppInterface}" | ||
79 | ''; | 82 | ''; |
80 | }; | 83 | }; |
81 | in "${app}/bin/${app.meta.mainProgram}"; | 84 | in "${app}/bin/${app.meta.mainProgram}"; |
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 833013e9..30db0ac3 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft | |||
@@ -270,3 +270,186 @@ table ip mss_clamp { | |||
270 | oifname dsl tcp flags & (syn|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu | 270 | oifname dsl tcp flags & (syn|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu |
271 | } | 271 | } |
272 | } | 272 | } |
273 | |||
274 | ## Masks for extracting/storing data in the conntrack mark | ||
275 | # define ct_dscp = 0x0000003f | ||
276 | # define ct_dyn = 0x00000080 | ||
277 | # define ct_dyn_static_dscp = 0x000000ff | ||
278 | define ct_static = 0x00000040 | ||
279 | define ct_unused = 0xffffff80 | ||
280 | # define ct_unused_dscp = 0xffffff3f | ||
281 | # define ct_unused_dyn = 0xffffff80 | ||
282 | |||
283 | ## DSCP classification values | ||
284 | define cs0 = 0 | ||
285 | define lephb = 1 | ||
286 | define cs1 = 8 | ||
287 | define af11 = 10 | ||
288 | define af12 = 12 | ||
289 | define af13 = 14 | ||
290 | define cs2 = 16 | ||
291 | define af21 = 18 | ||
292 | define af22 = 20 | ||
293 | define af23 = 22 | ||
294 | define cs3 = 24 | ||
295 | define af31 = 26 | ||
296 | define af32 = 28 | ||
297 | define af33 = 30 | ||
298 | define cs4 = 32 | ||
299 | define af41 = 34 | ||
300 | define af42 = 36 | ||
301 | define af43 = 38 | ||
302 | define cs5 = 40 | ||
303 | define va = 44 | ||
304 | define ef = 46 | ||
305 | define cs6 = 48 | ||
306 | define cs7 = 56 | ||
307 | |||
308 | table inet dscpclassify { | ||
309 | ## Set conntrack DSCP mark without modifying unused bits | ||
310 | chain ct_set_cs0 { | ||
311 | ct mark set ct mark and $ct_unused or $cs0 | ||
312 | } | ||
313 | |||
314 | chain ct_set_lephb { | ||
315 | ct mark set ct mark and $ct_unused or $lephb or $ct_static | ||
316 | } | ||
317 | |||
318 | chain ct_set_cs1 { | ||
319 | ct mark set ct mark and $ct_unused or $cs1 or $ct_static | ||
320 | } | ||
321 | |||
322 | chain ct_set_af11 { | ||
323 | ct mark set ct mark and $ct_unused or $af11 or $ct_static | ||
324 | } | ||
325 | |||
326 | chain ct_set_af12 { | ||
327 | ct mark set ct mark and $ct_unused or $af12 or $ct_static | ||
328 | } | ||
329 | |||
330 | chain ct_set_af13 { | ||
331 | ct mark set ct mark and $ct_unused or $af13 or $ct_static | ||
332 | } | ||
333 | |||
334 | chain ct_set_cs2 { | ||
335 | ct mark set ct mark and $ct_unused or $cs2 or $ct_static | ||
336 | } | ||
337 | |||
338 | chain ct_set_af21 { | ||
339 | ct mark set ct mark and $ct_unused or $af21 or $ct_static | ||
340 | } | ||
341 | |||
342 | chain ct_set_af22 { | ||
343 | ct mark set ct mark and $ct_unused or $af22 or $ct_static | ||
344 | } | ||
345 | |||
346 | chain ct_set_af23 { | ||
347 | ct mark set ct mark and $ct_unused or $af23 or $ct_static | ||
348 | } | ||
349 | |||
350 | chain ct_set_cs3 { | ||
351 | ct mark set ct mark and $ct_unused or $cs3 or $ct_static | ||
352 | } | ||
353 | |||
354 | chain ct_set_af31 { | ||
355 | ct mark set ct mark and $ct_unused or $af31 or $ct_static | ||
356 | } | ||
357 | |||
358 | chain ct_set_af32 { | ||
359 | ct mark set ct mark and $ct_unused or $af32 or $ct_static | ||
360 | } | ||
361 | |||
362 | chain ct_set_af33 { | ||
363 | ct mark set ct mark and $ct_unused or $af33 or $ct_static | ||
364 | } | ||
365 | |||
366 | chain ct_set_cs4 { | ||
367 | ct mark set ct mark and $ct_unused or $cs4 or $ct_static | ||
368 | } | ||
369 | |||
370 | chain ct_set_af41 { | ||
371 | ct mark set ct mark and $ct_unused or $af41 or $ct_static | ||
372 | } | ||
373 | |||
374 | chain ct_set_af42 { | ||
375 | ct mark set ct mark and $ct_unused or $af42 or $ct_static | ||
376 | } | ||
377 | |||
378 | chain ct_set_af43 { | ||
379 | ct mark set ct mark and $ct_unused or $af43 or $ct_static | ||
380 | } | ||
381 | |||
382 | chain ct_set_cs5 { | ||
383 | ct mark set ct mark and $ct_unused or $cs5 or $ct_static | ||
384 | } | ||
385 | |||
386 | chain ct_set_va { | ||
387 | ct mark set ct mark and $ct_unused or $va or $ct_static | ||
388 | } | ||
389 | |||
390 | chain ct_set_ef { | ||
391 | ct mark set ct mark and $ct_unused or $ef or $ct_static | ||
392 | } | ||
393 | |||
394 | chain ct_set_cs6 { | ||
395 | ct mark set ct mark and $ct_unused or $cs6 or $ct_static | ||
396 | } | ||
397 | |||
398 | chain ct_set_cs7 { | ||
399 | ct mark set ct mark and $ct_unused or $cs7 or $ct_static | ||
400 | } | ||
401 | |||
402 | chain postrouting { | ||
403 | type filter hook postrouting priority filter + 1; policy accept | ||
404 | |||
405 | oifname != dsl return | ||
406 | |||
407 | ip dscp cs0 goto ct_set_cs0 | ||
408 | ip dscp lephb goto ct_set_lephb | ||
409 | ip dscp cs1 goto ct_set_cs1 | ||
410 | ip dscp af11 goto ct_set_af11 | ||
411 | ip dscp af12 goto ct_set_af12 | ||
412 | ip dscp af13 goto ct_set_af13 | ||
413 | ip dscp cs2 goto ct_set_cs2 | ||
414 | ip dscp af21 goto ct_set_af21 | ||
415 | ip dscp af22 goto ct_set_af22 | ||
416 | ip dscp af23 goto ct_set_af23 | ||
417 | ip dscp cs3 goto ct_set_cs3 | ||
418 | ip dscp af31 goto ct_set_af31 | ||
419 | ip dscp af32 goto ct_set_af32 | ||
420 | ip dscp af33 goto ct_set_af33 | ||
421 | ip dscp cs4 goto ct_set_cs4 | ||
422 | ip dscp af41 goto ct_set_af41 | ||
423 | ip dscp af42 goto ct_set_af42 | ||
424 | ip dscp af43 goto ct_set_af43 | ||
425 | ip dscp cs5 goto ct_set_cs5 | ||
426 | ip dscp va goto ct_set_va | ||
427 | ip dscp ef goto ct_set_ef | ||
428 | ip dscp cs6 goto ct_set_cs6 | ||
429 | ip dscp cs7 goto ct_set_cs7 | ||
430 | |||
431 | ip6 dscp cs0 goto ct_set_cs0 | ||
432 | ip6 dscp lephb goto ct_set_lephb | ||
433 | ip6 dscp cs1 goto ct_set_cs1 | ||
434 | ip6 dscp af11 goto ct_set_af11 | ||
435 | ip6 dscp af12 goto ct_set_af12 | ||
436 | ip6 dscp af13 goto ct_set_af13 | ||
437 | ip6 dscp cs2 goto ct_set_cs2 | ||
438 | ip6 dscp af21 goto ct_set_af21 | ||
439 | ip6 dscp af22 goto ct_set_af22 | ||
440 | ip6 dscp af23 goto ct_set_af23 | ||
441 | ip6 dscp cs3 goto ct_set_cs3 | ||
442 | ip6 dscp af31 goto ct_set_af31 | ||
443 | ip6 dscp af32 goto ct_set_af32 | ||
444 | ip6 dscp af33 goto ct_set_af33 | ||
445 | ip6 dscp cs4 goto ct_set_cs4 | ||
446 | ip6 dscp af41 goto ct_set_af41 | ||
447 | ip6 dscp af42 goto ct_set_af42 | ||
448 | ip6 dscp af43 goto ct_set_af43 | ||
449 | ip6 dscp cs5 goto ct_set_cs5 | ||
450 | ip6 dscp va goto ct_set_va | ||
451 | ip6 dscp ef goto ct_set_ef | ||
452 | ip6 dscp cs6 goto ct_set_cs6 | ||
453 | ip6 dscp cs7 goto ct_set_cs7 | ||
454 | } | ||
455 | } | ||