Hello again, So i verify my configuration, - on a virtual tap , traffic shaping is ok with same configuration - on physical card, traffic shaping is ok - on wg0 , all traffic are going to default queue,filter seems to be not applied , tcpdump on wg0 is ok with my queue definition, only difference is wg0 is configured as ipv6 tunnel. Regards, NIcolas 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka : > Hello, > is there an incompatibilty between wireguard and traffic shaping or i > misconfig something ? > > After configuring Qos , I need to add filter to flow > > If i'm trying with simple tc command : > tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80 > 0xffff flowid 1:10 > > or If i'm trying with tc + iptables, > > tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10 > and iptables mark rules, > > traffic seems to be not "apply" to queue . > > Regards, > Nicolas Prochazka. > > ----- > Example : after this configuration, traffic on wg0 on port 80,443,8080 > are going to 1:30 ,not to 1:10 > _trafficShappingMaxRate=15 > > tc qdisc del dev wg0 root > > tc qdisc add dev wg0 root handle 1: htb default 30 > > # Base > tc class add dev wg0 parent 1: classid 1:1 htb rate > ${_trafficShappingMaxRate}mbit burst 15k > > # http/https > > # Class 1:10, > tc class add dev wg0 parent 1:1 classid 1:10 htb rate > ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k > > # Class 1:20, > tc class add dev wg0 parent 1:1 classid 1:20 htb rate > ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k > > # Class 1:30, which has a rate of 1kbit. This one is the default class. > tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit > burst 15k > > tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn > tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn > tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn > > # --- associate queue with traffic > > #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid > 1:10 > # http/https > tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport > 80 0xffff flowid 1:10 > tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport > 443 0xffff flowid 1:10 > tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport > 8080 0xffff flowid 1:10 > # ncfs > tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport > 16379 0xffff flowid 1:20 > # icmp > tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match ip protocol > 1 0xff flowid 1:30 > > tc -s qdisc ls dev wg0 > >