From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: nicolas.prochazka@gmail.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 70b7345d for ; Wed, 8 Mar 2017 13:36:43 +0000 (UTC) Received: from mail-lf0-f48.google.com (mail-lf0-f48.google.com [209.85.215.48]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id f8ef5a80 for ; Wed, 8 Mar 2017 13:36:43 +0000 (UTC) Received: by mail-lf0-f48.google.com with SMTP id j90so14616780lfk.2 for ; Wed, 08 Mar 2017 05:39:25 -0800 (PST) MIME-Version: 1.0 In-Reply-To: References: From: Nicolas Prochazka Date: Wed, 8 Mar 2017 14:39:23 +0100 Message-ID: Subject: Re: [wireguard-devel ] traffic shapping To: WireGuard mailing list Content-Type: multipart/alternative; boundary=001a11411b30b093a0054a384113 List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a11411b30b093a0054a384113 Content-Type: text/plain; charset=UTF-8 hello, to close, it's working perfectly well in ipv4 and then when i correctly configure my kernel, perfectly well for ipv6. Regards, Nicolas 2017-03-08 12:26 GMT+01:00 Nicolas Prochazka : > Hello again, > So i verify my configuration, > - on a virtual tap , traffic shaping is ok with same configuration > - on physical card, traffic shaping is ok > - on wg0 , all traffic are going to default queue,filter seems to be not > applied , tcpdump on wg0 is ok with my queue definition, only difference > is wg0 is configured as ipv6 tunnel. > > > Regards, > NIcolas > > > > 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka > : > >> Hello, >> is there an incompatibilty between wireguard and traffic shaping or i >> misconfig something ? >> >> After configuring Qos , I need to add filter to flow >> >> If i'm trying with simple tc command : >> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80 >> 0xffff flowid 1:10 >> >> or If i'm trying with tc + iptables, >> >> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10 >> and iptables mark rules, >> >> traffic seems to be not "apply" to queue . >> >> Regards, >> Nicolas Prochazka. >> >> ----- >> Example : after this configuration, traffic on wg0 on port 80,443,8080 >> are going to 1:30 ,not to 1:10 >> _trafficShappingMaxRate=15 >> >> tc qdisc del dev wg0 root >> >> tc qdisc add dev wg0 root handle 1: htb default 30 >> >> # Base >> tc class add dev wg0 parent 1: classid 1:1 htb rate >> ${_trafficShappingMaxRate}mbit burst 15k >> >> # http/https >> >> # Class 1:10, >> tc class add dev wg0 parent 1:1 classid 1:10 htb rate >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k >> >> # Class 1:20, >> tc class add dev wg0 parent 1:1 classid 1:20 htb rate >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k >> >> # Class 1:30, which has a rate of 1kbit. This one is the default class. >> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit >> burst 15k >> >> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn >> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn >> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn >> >> # --- associate queue with traffic >> >> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid >> 1:10 >> # http/https >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport >> 80 0xffff flowid 1:10 >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport >> 443 0xffff flowid 1:10 >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport >> 8080 0xffff flowid 1:10 >> # ncfs >> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport >> 16379 0xffff flowid 1:20 >> # icmp >> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match ip protocol >> 1 0xff flowid 1:30 >> >> tc -s qdisc ls dev wg0 >> >> > --001a11411b30b093a0054a384113 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
hello,
to close, it's working= perfectly well in ipv4 and then when i correctly configure my kernel, perf= ectly well for ipv6.
Regards,
Nicolas

2017-03-08 12:26 GMT+01:00= Nicolas Prochazka <nicolas.prochazka@gmail.com>:<= br>
Hello again,
So i verify my configuration,
- on a= virtual tap , traffic shaping is ok with same configuration
- on = physical card, traffic shaping is ok
- on wg0 , all traffic are g= oing to default queue,filter seems to be not applied ,=C2=A0 tcpdump on wg0= is ok with my queue definition, only difference is wg0 is configured as ip= v6 tunnel.


Regards,
NIcolas


2017-03-06 18:40 GMT+0= 1:00 Nicolas Prochazka <nicolas.prochazka@gmail.com>:
Hello,
is there an incompatibilty between wireguard and traffic shaping or = i misconfig something=C2=A0 ?

After configuring Qos , I need t= o add filter to flow

If i'm tryin= g with simple tc command :
tc filter add dev wg0 protocol ip parent 1: = prio 10 u32 match ip dport 80 0xffff flowid 1:10

<= div>or If i'm trying with tc + iptables,

tc filter a= dd dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
and iptables mark rules,

traffic seems to be not &quo= t;apply" to queue .

Regards,
<= div>Nicolas Prochazka.

-----
Example :=C2=A0 after thi= s configuration, traffic on wg0 on port 80,443,8080 are going to 1:30 ,not = to 1:10
_trafficShappingMaxRate=3D15

tc qdisc del dev wg0 root
tc qdisc add dev wg0 root handle 1: htb default 30

# Base
tc= class add dev wg0 parent 1: classid 1:1 htb rate ${_trafficShappingMaxRate= }mbit burst 15k

# http/https

# Class 1:10,
tc class add d= ev wg0 parent 1:1 classid 1:10 htb rate ${_trafficShappingMaxRate}mbit ceil= ${_trafficShappingMaxRate} burst 15k

# Class 1:20,
tc class add= dev wg0 parent 1:1 classid 1:20 htb rate ${_trafficShappingMaxRate}mbit ce= il ${_trafficShappingMaxRate}mbit burst 15k

# Class 1:30, which has = a rate of 1kbit. This one is the default class.
tc class add dev wg0 par= ent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit=C2=A0 burst 15k

tc q= disc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
tc qd= isc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
tc qdi= sc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn

# -= -- associate queue with traffic

#tc filter add dev wg0 protocol ipv6= parent 1: prio 1 handle 6 fw flowid 1:10
# http/https
tc filter add = dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport 80 0xffff flowid= 1:10
tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip= dport 443 0xffff flowid 1:10
tc filter add dev wg0 protocol ipv6 parent= 1: prio 10 u32 match ip dport 8080 0xffff flowid 1:10
# ncfs
tc filt= er add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport 16379 0xff= ff flowid 1:20
# icmp
tc filter add dev wg0 parent 1: protocol ip pri= o 1 u32 match=C2=A0 ip protocol 1 0xff flowid 1:30

tc -s qdisc ls de= v wg0



--001a11411b30b093a0054a384113--