4 files changed, 200 insertions, 4 deletions
diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
index dfd4885e..d6d64ec8 100644
--- a/hosts/vidhar/borg/default.nix
+++ b/hosts/vidhar/borg/default.nix
@@ -19,6 +19,8 @@ let
      BatchMode yes
      ServerAliveInterval 10
      ServerAliveCountMax 30
+      IPQoS cs1
  '';
  checkBorgUnit = {
diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix
index 1d0f5465..e89f304a 100644
--- a/hosts/vidhar/network/default.nix
+++ b/hosts/vidhar/network/default.nix
@@ -43,6 +43,14 @@ with lib;
          id = 4;
          interface = "eno2";
        };
+        printer = {
+          id = 5;
+          interface = "eno2";
+        };
+        modem = {
+          id = 6;
+          interface = "eno2";
+        };
      };
      firewall.enable = false;
diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix
index aa2adf4b..2655b09a 100644
--- a/hosts/vidhar/network/dsl.nix
+++ b/hosts/vidhar/network/dsl.nix
@@ -66,16 +66,19 @@ in {
          text = ''
            ethtool -K telekom tso off gso off gro off
-            tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit
            modprobe ifb
            ip link del "ifb4${pppInterface}" || true
            ip link add name "ifb4${pppInterface}" type ifb
+            ip link set "ifb4${pppInterface}" up
+            tc qdisc del dev "ifb4${pppInterface}" root || true
            tc qdisc del dev "${pppInterface}" ingress || true
+            tc qdisc del dev "${pppInterface}" root || true
            tc qdisc add dev "${pppInterface}" handle ffff: ingress
+            tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
            tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit
-            ip link set "ifb4${pppInterface}" up
+            tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit
-            tc filter add dev "${pppInterface}" parent ffff: matchall action mirred egress redirect dev "ifb4${pppInterface}"
          '';
        };
      in "${app}/bin/${app.meta.mainProgram}";
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 833013e9..30db0ac3 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -270,3 +270,186 @@ table ip mss_clamp {
    oifname dsl tcp flags & (syn|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu
  }
 }
+## Masks for extracting/storing data in the conntrack mark
+# define ct_dscp = 0x0000003f
+# define ct_dyn = 0x00000080
+# define ct_dyn_static_dscp = 0x000000ff
+define ct_static = 0x00000040
+define ct_unused = 0xffffff80
+# define ct_unused_dscp = 0xffffff3f
+# define ct_unused_dyn = 0xffffff80
+## DSCP classification values
+define cs0 = 0
+define lephb = 1
+define cs1 = 8
+define af11 = 10
+define af12 = 12
+define af13 = 14
+define cs2 = 16
+define af21 = 18
+define af22 = 20
+define af23 = 22
+define cs3 = 24
+define af31 = 26
+define af32 = 28
+define af33 = 30
+define cs4 = 32
+define af41 = 34
+define af42 = 36
+define af43 = 38
+define cs5 = 40
+define va = 44
+define ef = 46
+define cs6 = 48
+define cs7 = 56
+table inet dscpclassify {
+    ## Set conntrack DSCP mark without modifying unused bits
+    chain ct_set_cs0 {
+        ct mark set ct mark and $ct_unused or $cs0
+    }
+    chain ct_set_lephb {
+        ct mark set ct mark and $ct_unused or $lephb or $ct_static
+    }
+    chain ct_set_cs1 {
+        ct mark set ct mark and $ct_unused or $cs1 or $ct_static
+    }
+    chain ct_set_af11 {
+        ct mark set ct mark and $ct_unused or $af11 or $ct_static
+    }
+    chain ct_set_af12 {
+        ct mark set ct mark and $ct_unused or $af12 or $ct_static
+    }
+    chain ct_set_af13 {
+        ct mark set ct mark and $ct_unused or $af13 or $ct_static
+    }
+    chain ct_set_cs2 {
+        ct mark set ct mark and $ct_unused or $cs2 or $ct_static
+    }
+    chain ct_set_af21 {
+        ct mark set ct mark and $ct_unused or $af21 or $ct_static
+    }
+    chain ct_set_af22 {
+        ct mark set ct mark and $ct_unused or $af22 or $ct_static
+    }
+    chain ct_set_af23 {
+        ct mark set ct mark and $ct_unused or $af23 or $ct_static
+    }
+    chain ct_set_cs3 {
+        ct mark set ct mark and $ct_unused or $cs3 or $ct_static
+    }
+    chain ct_set_af31 {
+        ct mark set ct mark and $ct_unused or $af31 or $ct_static
+    }
+    chain ct_set_af32 {
+        ct mark set ct mark and $ct_unused or $af32 or $ct_static
+    }
+    chain ct_set_af33 {
+        ct mark set ct mark and $ct_unused or $af33 or $ct_static
+    }
+    chain ct_set_cs4 {
+        ct mark set ct mark and $ct_unused or $cs4 or $ct_static
+    }
+    chain ct_set_af41 {
+        ct mark set ct mark and $ct_unused or $af41 or $ct_static
+    }
+    chain ct_set_af42 {
+        ct mark set ct mark and $ct_unused or $af42 or $ct_static
+    }
+    chain ct_set_af43 {
+        ct mark set ct mark and $ct_unused or $af43 or $ct_static
+    }
+    chain ct_set_cs5 {
+        ct mark set ct mark and $ct_unused or $cs5 or $ct_static
+    }
+    chain ct_set_va {
+        ct mark set ct mark and $ct_unused or $va or $ct_static
+    }
+    chain ct_set_ef {
+        ct mark set ct mark and $ct_unused or $ef or $ct_static
+    }
+    chain ct_set_cs6 {
+        ct mark set ct mark and $ct_unused or $cs6 or $ct_static
+    }
+    chain ct_set_cs7 {
+        ct mark set ct mark and $ct_unused or $cs7 or $ct_static
+    }
+    chain postrouting {
+        type filter hook postrouting priority filter + 1; policy accept
+        oifname != dsl return
+        ip dscp cs0 goto ct_set_cs0
+        ip dscp lephb goto ct_set_lephb
+        ip dscp cs1 goto ct_set_cs1
+        ip dscp af11 goto ct_set_af11
+        ip dscp af12 goto ct_set_af12
+        ip dscp af13 goto ct_set_af13
+        ip dscp cs2 goto ct_set_cs2
+        ip dscp af21 goto ct_set_af21
+        ip dscp af22 goto ct_set_af22
+        ip dscp af23 goto ct_set_af23
+        ip dscp cs3 goto ct_set_cs3
+        ip dscp af31 goto ct_set_af31
+        ip dscp af32 goto ct_set_af32
+        ip dscp af33 goto ct_set_af33
+        ip dscp cs4 goto ct_set_cs4
+        ip dscp af41 goto ct_set_af41
+        ip dscp af42 goto ct_set_af42
+        ip dscp af43 goto ct_set_af43
+        ip dscp cs5 goto ct_set_cs5
+        ip dscp va goto ct_set_va
+        ip dscp ef goto ct_set_ef
+        ip dscp cs6 goto ct_set_cs6
+        ip dscp cs7 goto ct_set_cs7
+        ip6 dscp cs0 goto ct_set_cs0
+        ip6 dscp lephb goto ct_set_lephb
+        ip6 dscp cs1 goto ct_set_cs1
+        ip6 dscp af11 goto ct_set_af11
+        ip6 dscp af12 goto ct_set_af12
+        ip6 dscp af13 goto ct_set_af13
+        ip6 dscp cs2 goto ct_set_cs2
+        ip6 dscp af21 goto ct_set_af21
+        ip6 dscp af22 goto ct_set_af22
+        ip6 dscp af23 goto ct_set_af23
+        ip6 dscp cs3 goto ct_set_cs3
+        ip6 dscp af31 goto ct_set_af31
+        ip6 dscp af32 goto ct_set_af32
+        ip6 dscp af33 goto ct_set_af33
+        ip6 dscp cs4 goto ct_set_cs4
+        ip6 dscp af41 goto ct_set_af41
+        ip6 dscp af42 goto ct_set_af42
+        ip6 dscp af43 goto ct_set_af43
+        ip6 dscp cs5 goto ct_set_cs5
+        ip6 dscp va goto ct_set_va
+        ip6 dscp ef goto ct_set_ef
+        ip6 dscp cs6 goto ct_set_cs6
+        ip6 dscp cs7 goto ct_set_cs7
+    }
+}

diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index dfd4885e..d6d64ec8 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix
@@ -19,6 +19,8 @@ let
19	BatchMode yes	19	BatchMode yes
20	ServerAliveInterval 10	20	ServerAliveInterval 10
21	ServerAliveCountMax 30	21	ServerAliveCountMax 30
		22
		23	IPQoS cs1
22	'';	24	'';
23		25
24	checkBorgUnit = {	26	checkBorgUnit = {


diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index 1d0f5465..e89f304a 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix
@@ -43,6 +43,14 @@ with lib;
43	id = 4;	43	id = 4;
44	interface = "eno2";	44	interface = "eno2";
45	};	45	};
		46	printer = {
		47	id = 5;
		48	interface = "eno2";
		49	};
		50	modem = {
		51	id = 6;
		52	interface = "eno2";
		53	};
46	};	54	};
47		55
48	firewall.enable = false;	56	firewall.enable = false;


diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index aa2adf4b..2655b09a 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix
@@ -66,16 +66,19 @@ in {
66	text = ''	66	text = ''
67	ethtool -K telekom tso off gso off gro off	67	ethtool -K telekom tso off gso off gro off
68		68
69	tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit
70
71	modprobe ifb	69	modprobe ifb
72	ip link del "ifb4${pppInterface}" \|\| true	70	ip link del "ifb4${pppInterface}" \|\| true
73	ip link add name "ifb4${pppInterface}" type ifb	71	ip link add name "ifb4${pppInterface}" type ifb
		72	ip link set "ifb4${pppInterface}" up
		73
		74	tc qdisc del dev "ifb4${pppInterface}" root \|\| true
74	tc qdisc del dev "${pppInterface}" ingress \|\| true	75	tc qdisc del dev "${pppInterface}" ingress \|\| true
		76	tc qdisc del dev "${pppInterface}" root \|\| true
		77
75	tc qdisc add dev "${pppInterface}" handle ffff: ingress	78	tc qdisc add dev "${pppInterface}" handle ffff: ingress
		79	tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}"
76	tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit	80	tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit
77	ip link set "ifb4${pppInterface}" up	81	tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit
78	tc filter add dev "${pppInterface}" parent ffff: matchall action mirred egress redirect dev "ifb4${pppInterface}"
79	'';	82	'';
80	};	83	};
81	in "${app}/bin/${app.meta.mainProgram}";	84	in "${app}/bin/${app.meta.mainProgram}";


diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 833013e9..30db0ac3 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -270,3 +270,186 @@ table ip mss_clamp {
270	oifname dsl tcp flags & (syn\|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu	270	oifname dsl tcp flags & (syn\|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu
271	}	271	}
272	}	272	}
		273
		274	## Masks for extracting/storing data in the conntrack mark
		275	# define ct_dscp = 0x0000003f
		276	# define ct_dyn = 0x00000080
		277	# define ct_dyn_static_dscp = 0x000000ff
		278	define ct_static = 0x00000040
		279	define ct_unused = 0xffffff80
		280	# define ct_unused_dscp = 0xffffff3f
		281	# define ct_unused_dyn = 0xffffff80
		282
		283	## DSCP classification values
		284	define cs0 = 0
		285	define lephb = 1
		286	define cs1 = 8
		287	define af11 = 10
		288	define af12 = 12
		289	define af13 = 14
		290	define cs2 = 16
		291	define af21 = 18
		292	define af22 = 20
		293	define af23 = 22
		294	define cs3 = 24
		295	define af31 = 26
		296	define af32 = 28
		297	define af33 = 30
		298	define cs4 = 32
		299	define af41 = 34
		300	define af42 = 36
		301	define af43 = 38
		302	define cs5 = 40
		303	define va = 44
		304	define ef = 46
		305	define cs6 = 48
		306	define cs7 = 56
		307
		308	table inet dscpclassify {
		309	## Set conntrack DSCP mark without modifying unused bits
		310	chain ct_set_cs0 {
		311	ct mark set ct mark and $ct_unused or $cs0
		312	}
		313
		314	chain ct_set_lephb {
		315	ct mark set ct mark and $ct_unused or $lephb or $ct_static
		316	}
		317
		318	chain ct_set_cs1 {
		319	ct mark set ct mark and $ct_unused or $cs1 or $ct_static
		320	}
		321
		322	chain ct_set_af11 {
		323	ct mark set ct mark and $ct_unused or $af11 or $ct_static
		324	}
		325
		326	chain ct_set_af12 {
		327	ct mark set ct mark and $ct_unused or $af12 or $ct_static
		328	}
		329
		330	chain ct_set_af13 {
		331	ct mark set ct mark and $ct_unused or $af13 or $ct_static
		332	}
		333
		334	chain ct_set_cs2 {
		335	ct mark set ct mark and $ct_unused or $cs2 or $ct_static
		336	}
		337
		338	chain ct_set_af21 {
		339	ct mark set ct mark and $ct_unused or $af21 or $ct_static
		340	}
		341
		342	chain ct_set_af22 {
		343	ct mark set ct mark and $ct_unused or $af22 or $ct_static
		344	}
		345
		346	chain ct_set_af23 {
		347	ct mark set ct mark and $ct_unused or $af23 or $ct_static
		348	}
		349
		350	chain ct_set_cs3 {
		351	ct mark set ct mark and $ct_unused or $cs3 or $ct_static
		352	}
		353
		354	chain ct_set_af31 {
		355	ct mark set ct mark and $ct_unused or $af31 or $ct_static
		356	}
		357
		358	chain ct_set_af32 {
		359	ct mark set ct mark and $ct_unused or $af32 or $ct_static
		360	}
		361
		362	chain ct_set_af33 {
		363	ct mark set ct mark and $ct_unused or $af33 or $ct_static
		364	}
		365
		366	chain ct_set_cs4 {
		367	ct mark set ct mark and $ct_unused or $cs4 or $ct_static
		368	}
		369
		370	chain ct_set_af41 {
		371	ct mark set ct mark and $ct_unused or $af41 or $ct_static
		372	}
		373
		374	chain ct_set_af42 {
		375	ct mark set ct mark and $ct_unused or $af42 or $ct_static
		376	}
		377
		378	chain ct_set_af43 {
		379	ct mark set ct mark and $ct_unused or $af43 or $ct_static
		380	}
		381
		382	chain ct_set_cs5 {
		383	ct mark set ct mark and $ct_unused or $cs5 or $ct_static
		384	}
		385
		386	chain ct_set_va {
		387	ct mark set ct mark and $ct_unused or $va or $ct_static
		388	}
		389
		390	chain ct_set_ef {
		391	ct mark set ct mark and $ct_unused or $ef or $ct_static
		392	}
		393
		394	chain ct_set_cs6 {
		395	ct mark set ct mark and $ct_unused or $cs6 or $ct_static
		396	}
		397
		398	chain ct_set_cs7 {
		399	ct mark set ct mark and $ct_unused or $cs7 or $ct_static
		400	}
		401
		402	chain postrouting {
		403	type filter hook postrouting priority filter + 1; policy accept
		404
		405	oifname != dsl return
		406
		407	ip dscp cs0 goto ct_set_cs0
		408	ip dscp lephb goto ct_set_lephb
		409	ip dscp cs1 goto ct_set_cs1
		410	ip dscp af11 goto ct_set_af11
		411	ip dscp af12 goto ct_set_af12
		412	ip dscp af13 goto ct_set_af13
		413	ip dscp cs2 goto ct_set_cs2
		414	ip dscp af21 goto ct_set_af21
		415	ip dscp af22 goto ct_set_af22
		416	ip dscp af23 goto ct_set_af23
		417	ip dscp cs3 goto ct_set_cs3
		418	ip dscp af31 goto ct_set_af31
		419	ip dscp af32 goto ct_set_af32
		420	ip dscp af33 goto ct_set_af33
		421	ip dscp cs4 goto ct_set_cs4
		422	ip dscp af41 goto ct_set_af41
		423	ip dscp af42 goto ct_set_af42
		424	ip dscp af43 goto ct_set_af43
		425	ip dscp cs5 goto ct_set_cs5
		426	ip dscp va goto ct_set_va
		427	ip dscp ef goto ct_set_ef
		428	ip dscp cs6 goto ct_set_cs6
		429	ip dscp cs7 goto ct_set_cs7
		430
		431	ip6 dscp cs0 goto ct_set_cs0
		432	ip6 dscp lephb goto ct_set_lephb
		433	ip6 dscp cs1 goto ct_set_cs1
		434	ip6 dscp af11 goto ct_set_af11
		435	ip6 dscp af12 goto ct_set_af12
		436	ip6 dscp af13 goto ct_set_af13
		437	ip6 dscp cs2 goto ct_set_cs2
		438	ip6 dscp af21 goto ct_set_af21
		439	ip6 dscp af22 goto ct_set_af22
		440	ip6 dscp af23 goto ct_set_af23
		441	ip6 dscp cs3 goto ct_set_cs3
		442	ip6 dscp af31 goto ct_set_af31
		443	ip6 dscp af32 goto ct_set_af32
		444	ip6 dscp af33 goto ct_set_af33
		445	ip6 dscp cs4 goto ct_set_cs4
		446	ip6 dscp af41 goto ct_set_af41
		447	ip6 dscp af42 goto ct_set_af42
		448	ip6 dscp af43 goto ct_set_af43
		449	ip6 dscp cs5 goto ct_set_cs5
		450	ip6 dscp va goto ct_set_va
		451	ip6 dscp ef goto ct_set_ef
		452	ip6 dscp cs6 goto ct_set_cs6
		453	ip6 dscp cs7 goto ct_set_cs7
		454	}
		455	}