From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: nicolas.prochazka@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id cb2b213c for ; Wed, 8 Mar 2017 16:36:51 +0000 (UTC) Received: from mail-lf0-f47.google.com (mail-lf0-f47.google.com [209.85.215.47]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id e9008ecd for ; Wed, 8 Mar 2017 16:36:50 +0000 (UTC) Received: by mail-lf0-f47.google.com with SMTP id k202so16936293lfe.1 for ; Wed, 08 Mar 2017 08:39:33 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <20170308160004.GA21799@tuxmachine.polynome.dn42> References: <20170308160004.GA21799@tuxmachine.polynome.dn42> From: Nicolas Prochazka Date: Wed, 8 Mar 2017 17:39:31 +0100 Message-ID: Subject: Re: [wireguard-devel ] traffic shapping To: Baptiste Jonglez Content-Type: multipart/alternative; boundary=94eb2c0d8d7cec19c3054a3ac54d Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --94eb2c0d8d7cec19c3054a3ac54d Content-Type: text/plain; charset=UTF-8 in doubt i add all ipv6 kernel options ... and i'm using tc filter , not iptables fwmark. Regards, Nicolas 2017-03-08 17:00 GMT+01:00 Baptiste Jonglez : > Hi Nicolas, > > For posterity, can you be more specific about how you solved your issue? > You were simply missing traffic shaping support for IPv6 in your kernel? > Which symbols were needed? > > Thanks, > Baptiste > > On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote: > > hello, > > to close, it's working perfectly well in ipv4 and then when i correctly > > configure my kernel, perfectly well for ipv6. > > Regards, > > Nicolas > > > > 2017-03-08 12:26 GMT+01:00 Nicolas Prochazka < > nicolas.prochazka@gmail.com>: > > > > > Hello again, > > > So i verify my configuration, > > > - on a virtual tap , traffic shaping is ok with same configuration > > > - on physical card, traffic shaping is ok > > > - on wg0 , all traffic are going to default queue,filter seems to be > not > > > applied , tcpdump on wg0 is ok with my queue definition, only > difference > > > is wg0 is configured as ipv6 tunnel. > > > > > > > > > Regards, > > > NIcolas > > > > > > > > > > > > 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka < > nicolas.prochazka@gmail.com> > > > : > > > > > >> Hello, > > >> is there an incompatibilty between wireguard and traffic shaping or i > > >> misconfig something ? > > >> > > >> After configuring Qos , I need to add filter to flow > > >> > > >> If i'm trying with simple tc command : > > >> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip > dport 80 > > >> 0xffff flowid 1:10 > > >> > > >> or If i'm trying with tc + iptables, > > >> > > >> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid > 1:10 > > >> and iptables mark rules, > > >> > > >> traffic seems to be not "apply" to queue . > > >> > > >> Regards, > > >> Nicolas Prochazka. > > >> > > >> ----- > > >> Example : after this configuration, traffic on wg0 on port > 80,443,8080 > > >> are going to 1:30 ,not to 1:10 > > >> _trafficShappingMaxRate=15 > > >> > > >> tc qdisc del dev wg0 root > > >> > > >> tc qdisc add dev wg0 root handle 1: htb default 30 > > >> > > >> # Base > > >> tc class add dev wg0 parent 1: classid 1:1 htb rate > > >> ${_trafficShappingMaxRate}mbit burst 15k > > >> > > >> # http/https > > >> > > >> # Class 1:10, > > >> tc class add dev wg0 parent 1:1 classid 1:10 htb rate > > >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst > 15k > > >> > > >> # Class 1:20, > > >> tc class add dev wg0 parent 1:1 classid 1:20 htb rate > > >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit > burst 15k > > >> > > >> # Class 1:30, which has a rate of 1kbit. This one is the default > class. > > >> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil > 1mbit > > >> burst 15k > > >> > > >> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn > > >> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn > > >> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn > > >> > > >> # --- associate queue with traffic > > >> > > >> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw > flowid > > >> 1:10 > > >> # http/https > > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip > dport > > >> 80 0xffff flowid 1:10 > > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip > dport > > >> 443 0xffff flowid 1:10 > > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip > dport > > >> 8080 0xffff flowid 1:10 > > >> # ncfs > > >> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip > dport > > >> 16379 0xffff flowid 1:20 > > >> # icmp > > >> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match ip > protocol > > >> 1 0xff flowid 1:30 > > >> > > >> tc -s qdisc ls dev wg0 > > >> > > >> > > > > > > _______________________________________________ > > WireGuard mailing list > > WireGuard@lists.zx2c4.com > > https://lists.zx2c4.com/mailman/listinfo/wireguard > > --94eb2c0d8d7cec19c3054a3ac54d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
in doubt i add all ipv6 kernel options ...<= br>
and i'm using tc filter , not iptables fwmark.

Re= gards,
Nicolas

2017-03-08 17:00 GMT+01:00 Baptiste Jonglez <ba= ptiste@bitsofnetworks.org>:
Hi Nicolas,

For posterity, can you be more specific about how you solved your issue? You were simply missing traffic shaping support for IPv6 in your kernel? Which symbols were needed?

Thanks,
Baptiste

On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote:
> hello,
> to close, it's working perfectly well in ipv4 and then when i corr= ectly
> configure my kernel, perfectly well for ipv6.
> Regards,
> Nicolas
>
> 2017-03-08 12:26 GMT+01:00 Nicolas Prochazka <nicolas.prochazka@gmail.com>:
>
> > Hello again,
> > So i verify my configuration,
> > - on a virtual tap , traffic shaping is ok with same configuratio= n
> > - on physical card, traffic shaping is ok
> > - on wg0 , all traffic are going to default queue,filter seems to= be not
> > applied ,=C2=A0 tcpdump on wg0 is ok with my queue definition, on= ly difference
> > is wg0 is configured as ipv6 tunnel.
> >
> >
> > Regards,
> > NIcolas
> >
> >
> >
> > 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <nicolas.prochazka@gmail.com>
> > :
> >
> >> Hello,
> >> is there an incompatibilty between wireguard and traffic shap= ing or i
> >> misconfig something=C2=A0 ?
> >>
> >> After configuring Qos , I need to add filter to flow
> >>
> >> If i'm trying with simple tc command :
> >> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match= ip dport 80
> >> 0xffff flowid 1:10
> >>
> >> or If i'm trying with tc + iptables,
> >>
> >> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 f= w flowid 1:10
> >> and iptables mark rules,
> >>
> >> traffic seems to be not "apply" to queue .
> >>
> >> Regards,
> >> Nicolas Prochazka.
> >>
> >> -----
> >> Example :=C2=A0 after this configuration, traffic on wg0 on p= ort 80,443,8080
> >> are going to 1:30 ,not to 1:10
> >> _trafficShappingMaxRate=3D15
> >>
> >> tc qdisc del dev wg0 root
> >>
> >> tc qdisc add dev wg0 root handle 1: htb default 30
> >>
> >> # Base
> >> tc class add dev wg0 parent 1: classid 1:1 htb rate
> >> ${_trafficShappingMaxRate}mbit burst 15k
> >>
> >> # http/https
> >>
> >> # Class 1:10,
> >> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
> >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate= } burst 15k
> >>
> >> # Class 1:20,
> >> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
> >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate= }mbit burst 15k
> >>
> >> # Class 1:30, which has a rate of 1kbit. This one is the defa= ult class.
> >> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit = ceil 1mbit
> >> burst 15k
> >>
> >> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum = 300 noecn
> >> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum = 300 noecn
> >> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum = 300 noecn
> >>
> >> # --- associate queue with traffic
> >>
> >> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle = 6 fw flowid
> >> 1:10
> >> # http/https
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 mat= ch ip dport
> >> 80 0xffff flowid 1:10
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 mat= ch ip dport
> >> 443 0xffff flowid 1:10
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 mat= ch ip dport
> >> 8080 0xffff flowid 1:10
> >> # ncfs
> >> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 matc= h ip dport
> >> 16379 0xffff flowid 1:20
> >> # icmp
> >> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match= =C2=A0 ip protocol
> >> 1 0xff flowid 1:30
> >>
> >> tc -s qdisc ls dev wg0
> >>
> >>
> >

> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com=
> https://lists.zx2c4.com/mailman/listinfo= /wireguard


--94eb2c0d8d7cec19c3054a3ac54d--