From e275caddb607b8ff37569be66f1bf44303919502 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Fri, 10 Mar 2023 18:19:26 +0100 Subject: vidhar: dscp --- hosts/vidhar/network/default.nix | 8 ++ hosts/vidhar/network/dsl.nix | 11 ++- hosts/vidhar/network/ruleset.nft | 183 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 198 insertions(+), 4 deletions(-) (limited to 'hosts/vidhar/network') diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index 1d0f5465..e89f304a 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix @@ -43,6 +43,14 @@ with lib; id = 4; interface = "eno2"; }; + printer = { + id = 5; + interface = "eno2"; + }; + modem = { + id = 6; + interface = "eno2"; + }; }; firewall.enable = false; diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index aa2adf4b..2655b09a 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix @@ -66,16 +66,19 @@ in { text = '' ethtool -K telekom tso off gso off gro off - tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit - modprobe ifb ip link del "ifb4${pppInterface}" || true ip link add name "ifb4${pppInterface}" type ifb + ip link set "ifb4${pppInterface}" up + + tc qdisc del dev "ifb4${pppInterface}" root || true tc qdisc del dev "${pppInterface}" ingress || true + tc qdisc del dev "${pppInterface}" root || true + tc qdisc add dev "${pppInterface}" handle ffff: ingress + tc filter add dev "${pppInterface}" parent ffff: basic action ctinfo dscp 0x0000003f 0x00000040 action mirred egress redirect dev "ifb4${pppInterface}" tc qdisc replace dev "ifb4${pppInterface}" root cake memlimit 64Mb pppoe-ptm diffserv4 bandwidth 93mbit - ip link set "ifb4${pppInterface}" up - tc filter add dev "${pppInterface}" parent ffff: matchall action mirred egress redirect dev "ifb4${pppInterface}" + tc qdisc replace dev "${pppInterface}" root cake memlimit 64Mb pppoe-ptm nat diffserv4 wash bandwidth 35mbit ''; }; in "${app}/bin/${app.meta.mainProgram}"; diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 833013e9..30db0ac3 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft @@ -270,3 +270,186 @@ table ip mss_clamp { oifname dsl tcp flags & (syn|rst) == syn counter name dsl-mss-clamp tcp option maxseg size set rt mtu } } + +## Masks for extracting/storing data in the conntrack mark +# define ct_dscp = 0x0000003f +# define ct_dyn = 0x00000080 +# define ct_dyn_static_dscp = 0x000000ff +define ct_static = 0x00000040 +define ct_unused = 0xffffff80 +# define ct_unused_dscp = 0xffffff3f +# define ct_unused_dyn = 0xffffff80 + +## DSCP classification values +define cs0 = 0 +define lephb = 1 +define cs1 = 8 +define af11 = 10 +define af12 = 12 +define af13 = 14 +define cs2 = 16 +define af21 = 18 +define af22 = 20 +define af23 = 22 +define cs3 = 24 +define af31 = 26 +define af32 = 28 +define af33 = 30 +define cs4 = 32 +define af41 = 34 +define af42 = 36 +define af43 = 38 +define cs5 = 40 +define va = 44 +define ef = 46 +define cs6 = 48 +define cs7 = 56 + +table inet dscpclassify { + ## Set conntrack DSCP mark without modifying unused bits + chain ct_set_cs0 { + ct mark set ct mark and $ct_unused or $cs0 + } + + chain ct_set_lephb { + ct mark set ct mark and $ct_unused or $lephb or $ct_static + } + + chain ct_set_cs1 { + ct mark set ct mark and $ct_unused or $cs1 or $ct_static + } + + chain ct_set_af11 { + ct mark set ct mark and $ct_unused or $af11 or $ct_static + } + + chain ct_set_af12 { + ct mark set ct mark and $ct_unused or $af12 or $ct_static + } + + chain ct_set_af13 { + ct mark set ct mark and $ct_unused or $af13 or $ct_static + } + + chain ct_set_cs2 { + ct mark set ct mark and $ct_unused or $cs2 or $ct_static + } + + chain ct_set_af21 { + ct mark set ct mark and $ct_unused or $af21 or $ct_static + } + + chain ct_set_af22 { + ct mark set ct mark and $ct_unused or $af22 or $ct_static + } + + chain ct_set_af23 { + ct mark set ct mark and $ct_unused or $af23 or $ct_static + } + + chain ct_set_cs3 { + ct mark set ct mark and $ct_unused or $cs3 or $ct_static + } + + chain ct_set_af31 { + ct mark set ct mark and $ct_unused or $af31 or $ct_static + } + + chain ct_set_af32 { + ct mark set ct mark and $ct_unused or $af32 or $ct_static + } + + chain ct_set_af33 { + ct mark set ct mark and $ct_unused or $af33 or $ct_static + } + + chain ct_set_cs4 { + ct mark set ct mark and $ct_unused or $cs4 or $ct_static + } + + chain ct_set_af41 { + ct mark set ct mark and $ct_unused or $af41 or $ct_static + } + + chain ct_set_af42 { + ct mark set ct mark and $ct_unused or $af42 or $ct_static + } + + chain ct_set_af43 { + ct mark set ct mark and $ct_unused or $af43 or $ct_static + } + + chain ct_set_cs5 { + ct mark set ct mark and $ct_unused or $cs5 or $ct_static + } + + chain ct_set_va { + ct mark set ct mark and $ct_unused or $va or $ct_static + } + + chain ct_set_ef { + ct mark set ct mark and $ct_unused or $ef or $ct_static + } + + chain ct_set_cs6 { + ct mark set ct mark and $ct_unused or $cs6 or $ct_static + } + + chain ct_set_cs7 { + ct mark set ct mark and $ct_unused or $cs7 or $ct_static + } + + chain postrouting { + type filter hook postrouting priority filter + 1; policy accept + + oifname != dsl return + + ip dscp cs0 goto ct_set_cs0 + ip dscp lephb goto ct_set_lephb + ip dscp cs1 goto ct_set_cs1 + ip dscp af11 goto ct_set_af11 + ip dscp af12 goto ct_set_af12 + ip dscp af13 goto ct_set_af13 + ip dscp cs2 goto ct_set_cs2 + ip dscp af21 goto ct_set_af21 + ip dscp af22 goto ct_set_af22 + ip dscp af23 goto ct_set_af23 + ip dscp cs3 goto ct_set_cs3 + ip dscp af31 goto ct_set_af31 + ip dscp af32 goto ct_set_af32 + ip dscp af33 goto ct_set_af33 + ip dscp cs4 goto ct_set_cs4 + ip dscp af41 goto ct_set_af41 + ip dscp af42 goto ct_set_af42 + ip dscp af43 goto ct_set_af43 + ip dscp cs5 goto ct_set_cs5 + ip dscp va goto ct_set_va + ip dscp ef goto ct_set_ef + ip dscp cs6 goto ct_set_cs6 + ip dscp cs7 goto ct_set_cs7 + + ip6 dscp cs0 goto ct_set_cs0 + ip6 dscp lephb goto ct_set_lephb + ip6 dscp cs1 goto ct_set_cs1 + ip6 dscp af11 goto ct_set_af11 + ip6 dscp af12 goto ct_set_af12 + ip6 dscp af13 goto ct_set_af13 + ip6 dscp cs2 goto ct_set_cs2 + ip6 dscp af21 goto ct_set_af21 + ip6 dscp af22 goto ct_set_af22 + ip6 dscp af23 goto ct_set_af23 + ip6 dscp cs3 goto ct_set_cs3 + ip6 dscp af31 goto ct_set_af31 + ip6 dscp af32 goto ct_set_af32 + ip6 dscp af33 goto ct_set_af33 + ip6 dscp cs4 goto ct_set_cs4 + ip6 dscp af41 goto ct_set_af41 + ip6 dscp af42 goto ct_set_af42 + ip6 dscp af43 goto ct_set_af43 + ip6 dscp cs5 goto ct_set_cs5 + ip6 dscp va goto ct_set_va + ip6 dscp ef goto ct_set_ef + ip6 dscp cs6 goto ct_set_cs6 + ip6 dscp cs7 goto ct_set_cs7 + } +} -- cgit v1.2.3