From: Nicolas Prochazka <nicolas.prochazka@gmail.com>
To: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: [wireguard-devel ] traffic shapping
Date: Mon, 6 Mar 2017 18:40:46 +0100 [thread overview]
Message-ID: <CADdae-hV6TSfo+1JqgKYE9TUTXhK9MzHHLKYf3SU6Yd5eMa1QA@mail.gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2131 bytes --]
Hello,
is there an incompatibilty between wireguard and traffic shaping or i
misconfig something ?
After configuring Qos , I need to add filter to flow
If i'm trying with simple tc command :
tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80
0xffff flowid 1:10
or If i'm trying with tc + iptables,
tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
and iptables mark rules,
traffic seems to be not "apply" to queue .
Regards,
Nicolas Prochazka.
-----
Example : after this configuration, traffic on wg0 on port 80,443,8080 are
going to 1:30 ,not to 1:10
_trafficShappingMaxRate=15
tc qdisc del dev wg0 root
tc qdisc add dev wg0 root handle 1: htb default 30
# Base
tc class add dev wg0 parent 1: classid 1:1 htb rate
${_trafficShappingMaxRate}mbit burst 15k
# http/https
# Class 1:10,
tc class add dev wg0 parent 1:1 classid 1:10 htb rate
${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k
# Class 1:20,
tc class add dev wg0 parent 1:1 classid 1:20 htb rate
${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k
# Class 1:30, which has a rate of 1kbit. This one is the default class.
tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit
burst 15k
tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
# --- associate queue with traffic
#tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid
1:10
# http/https
tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport 80
0xffff flowid 1:10
tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
443 0xffff flowid 1:10
tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
8080 0xffff flowid 1:10
# ncfs
tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport
16379 0xffff flowid 1:20
# icmp
tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match ip protocol 1
0xff flowid 1:30
tc -s qdisc ls dev wg0
[-- Attachment #2: Type: text/html, Size: 2537 bytes --]
next reply other threads:[~2017-03-06 17:38 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-06 17:40 Nicolas Prochazka [this message]
2017-03-08 11:26 ` Nicolas Prochazka
2017-03-08 13:39 ` Nicolas Prochazka
2017-03-08 16:00 ` Baptiste Jonglez
2017-03-08 16:39 ` Nicolas Prochazka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CADdae-hV6TSfo+1JqgKYE9TUTXhK9MzHHLKYf3SU6Yd5eMa1QA@mail.gmail.com \
--to=nicolas.prochazka@gmail.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).