summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-03-10 18:19:26 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-03-10 18:19:26 +0100
commite275caddb607b8ff37569be66f1bf44303919502 (patch)
tree760068f7662115f44ef2b46fe89405078761370f
parent4c0e9c5d6d93a183ae60e711be3eb041dcc710a3 (diff)
downloadnixos-e275caddb607b8ff37569be66f1bf44303919502.tar
nixos-e275caddb607b8ff37569be66f1bf44303919502.tar.gz
nixos-e275caddb607b8ff37569be66f1bf44303919502.tar.bz2
nixos-e275caddb607b8ff37569be66f1bf44303919502.tar.xz
nixos-e275caddb607b8ff37569be66f1bf44303919502.zip
vidhar: dscp
-rw-r--r--hosts/vidhar/borg/default.nix2
-rw-r--r--hosts/vidhar/network/default.nix8
-rw-r--r--hosts/vidhar/network/dsl.nix11
-rw-r--r--hosts/vidhar/network/ruleset.nft183
4 files changed, 200 insertions, 4 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index dfd4885e..d6d64ec8 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -19,6 +19,8 @@ let
19 BatchMode yes 19 BatchMode yes
20 ServerAliveInterval 10 20 ServerAliveInterval 10
21 ServerAliveCountMax 30 21 ServerAliveCountMax 30
22
23 IPQoS cs1
22 ''; 24 '';
23 25
24 checkBorgUnit = { 26 checkBorgUnit = {
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index 1d0f5465..e89f304a 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -43,6 +43,14 @@ with lib;
43 id = 4; 43 id = 4;
44 interface = "eno2"; 44 interface = "eno2";
45 }; 45 };
46 printer = {
47 id = 5;
48 interface = "eno2";
49 };
50 modem = {
51 id = 6;
52 interface = "eno2";
53 };
46 }; 54 };
47 55
48 firewall.enable = false; 56 firewall.enable = false;
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix
index aa2adf4b..2655b09a 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/dsl.nix
@@ -66,16 +66,19 @@ in {
66 text = '' 66 text = ''
67 ethtool -K telekom tso off gso off gro off 67 ethtool -K telekom tso off gso off gro off
68 68
69 tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit
70
71 modprobe ifb 69 modprobe ifb
72 ip link del "ifb4${pppInterface}" || true 70 ip link del "ifb4${pppInterface}" || true
73 ip link add name "ifb4${pppInterface}" type ifb 71 ip link add name "ifb4${pppInterface}" type ifb
72 ip link set "ifb4${pppInterface}" up
73
74 tc qdisc del dev "ifb4${pppInterface}" root || true
74 tc qdisc del dev "${pppInterface}" ingress || true 75 tc qdisc del dev "${pppInterface}" ingress || true
76 tc qdisc del dev "${pppInterface}" root || true
77
75 tc qdisc add dev "${pppInterface}" handle ffff: ingress 78 tc qdisc add dev "${pppInterface}" handle ffff: ingress
79 tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
76 tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit 80 tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit
77 ip link set "ifb4${pppInterface}" up 81 tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit
78 tc filter add dev "${pppInterface}" parent ffff: matchall action mirred egress redirect dev "ifb4${pppInterface}"
79 ''; 82 '';
80 }; 83 };
81 in "${app}/bin/${app.meta.mainProgram}"; 84 in "${app}/bin/${app.meta.mainProgram}";
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 833013e9..30db0ac3 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -270,3 +270,186 @@ table ip mss_clamp {
270 oifname dsl tcp flags & (syn|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu 270 oifname dsl tcp flags & (syn|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu
271 } 271 }
272} 272}
273
274## Masks for extracting/storing data in the conntrack mark
275# define ct_dscp = 0x0000003f
276# define ct_dyn = 0x00000080
277# define ct_dyn_static_dscp = 0x000000ff
278define ct_static = 0x00000040
279define ct_unused = 0xffffff80
280# define ct_unused_dscp = 0xffffff3f
281# define ct_unused_dyn = 0xffffff80
282
283## DSCP classification values
284define cs0 = 0
285define lephb = 1
286define cs1 = 8
287define af11 = 10
288define af12 = 12
289define af13 = 14
290define cs2 = 16
291define af21 = 18
292define af22 = 20
293define af23 = 22
294define cs3 = 24
295define af31 = 26
296define af32 = 28
297define af33 = 30
298define cs4 = 32
299define af41 = 34
300define af42 = 36
301define af43 = 38
302define cs5 = 40
303define va = 44
304define ef = 46
305define cs6 = 48
306define cs7 = 56
307
308table inet dscpclassify {
309 ## Set conntrack DSCP mark without modifying unused bits
310 chain ct_set_cs0 {
311 ct mark set ct mark and $ct_unused or $cs0
312 }
313
314 chain ct_set_lephb {
315 ct mark set ct mark and $ct_unused or $lephb or $ct_static
316 }
317
318 chain ct_set_cs1 {
319 ct mark set ct mark and $ct_unused or $cs1 or $ct_static
320 }
321
322 chain ct_set_af11 {
323 ct mark set ct mark and $ct_unused or $af11 or $ct_static
324 }
325
326 chain ct_set_af12 {
327 ct mark set ct mark and $ct_unused or $af12 or $ct_static
328 }
329
330 chain ct_set_af13 {
331 ct mark set ct mark and $ct_unused or $af13 or $ct_static
332 }
333
334 chain ct_set_cs2 {
335 ct mark set ct mark and $ct_unused or $cs2 or $ct_static
336 }
337
338 chain ct_set_af21 {
339 ct mark set ct mark and $ct_unused or $af21 or $ct_static
340 }
341
342 chain ct_set_af22 {
343 ct mark set ct mark and $ct_unused or $af22 or $ct_static
344 }
345
346 chain ct_set_af23 {
347 ct mark set ct mark and $ct_unused or $af23 or $ct_static
348 }
349
350 chain ct_set_cs3 {
351 ct mark set ct mark and $ct_unused or $cs3 or $ct_static
352 }
353
354 chain ct_set_af31 {
355 ct mark set ct mark and $ct_unused or $af31 or $ct_static
356 }
357
358 chain ct_set_af32 {
359 ct mark set ct mark and $ct_unused or $af32 or $ct_static
360 }
361
362 chain ct_set_af33 {
363 ct mark set ct mark and $ct_unused or $af33 or $ct_static
364 }
365
366 chain ct_set_cs4 {
367 ct mark set ct mark and $ct_unused or $cs4 or $ct_static
368 }
369
370 chain ct_set_af41 {
371 ct mark set ct mark and $ct_unused or $af41 or $ct_static
372 }
373
374 chain ct_set_af42 {
375 ct mark set ct mark and $ct_unused or $af42 or $ct_static
376 }
377
378 chain ct_set_af43 {
379 ct mark set ct mark and $ct_unused or $af43 or $ct_static
380 }
381
382 chain ct_set_cs5 {
383 ct mark set ct mark and $ct_unused or $cs5 or $ct_static
384 }
385
386 chain ct_set_va {
387 ct mark set ct mark and $ct_unused or $va or $ct_static
388 }
389
390 chain ct_set_ef {
391 ct mark set ct mark and $ct_unused or $ef or $ct_static
392 }
393
394 chain ct_set_cs6 {
395 ct mark set ct mark and $ct_unused or $cs6 or $ct_static
396 }
397
398 chain ct_set_cs7 {
399 ct mark set ct mark and $ct_unused or $cs7 or $ct_static
400 }
401
402 chain postrouting {
403 type filter hook postrouting priority filter + 1; policy accept
404
405 oifname != dsl return
406
407 ip dscp cs0 goto ct_set_cs0
408 ip dscp lephb goto ct_set_lephb
409 ip dscp cs1 goto ct_set_cs1
410 ip dscp af11 goto ct_set_af11
411 ip dscp af12 goto ct_set_af12
412 ip dscp af13 goto ct_set_af13
413 ip dscp cs2 goto ct_set_cs2
414 ip dscp af21 goto ct_set_af21
415 ip dscp af22 goto ct_set_af22
416 ip dscp af23 goto ct_set_af23
417 ip dscp cs3 goto ct_set_cs3
418 ip dscp af31 goto ct_set_af31
419 ip dscp af32 goto ct_set_af32
420 ip dscp af33 goto ct_set_af33
421 ip dscp cs4 goto ct_set_cs4
422 ip dscp af41 goto ct_set_af41
423 ip dscp af42 goto ct_set_af42
424 ip dscp af43 goto ct_set_af43
425 ip dscp cs5 goto ct_set_cs5
426 ip dscp va goto ct_set_va
427 ip dscp ef goto ct_set_ef
428 ip dscp cs6 goto ct_set_cs6
429 ip dscp cs7 goto ct_set_cs7
430
431 ip6 dscp cs0 goto ct_set_cs0
432 ip6 dscp lephb goto ct_set_lephb
433 ip6 dscp cs1 goto ct_set_cs1
434 ip6 dscp af11 goto ct_set_af11
435 ip6 dscp af12 goto ct_set_af12
436 ip6 dscp af13 goto ct_set_af13
437 ip6 dscp cs2 goto ct_set_cs2
438 ip6 dscp af21 goto ct_set_af21
439 ip6 dscp af22 goto ct_set_af22
440 ip6 dscp af23 goto ct_set_af23
441 ip6 dscp cs3 goto ct_set_cs3
442 ip6 dscp af31 goto ct_set_af31
443 ip6 dscp af32 goto ct_set_af32
444 ip6 dscp af33 goto ct_set_af33
445 ip6 dscp cs4 goto ct_set_cs4
446 ip6 dscp af41 goto ct_set_af41
447 ip6 dscp af42 goto ct_set_af42
448 ip6 dscp af43 goto ct_set_af43
449 ip6 dscp cs5 goto ct_set_cs5
450 ip6 dscp va goto ct_set_va
451 ip6 dscp ef goto ct_set_ef
452 ip6 dscp cs6 goto ct_set_cs6
453 ip6 dscp cs7 goto ct_set_cs7
454 }
455}