[wireguard-devel ] traffic shapping
Nicolas Prochazka
nicolas.prochazka at gmail.com
Wed Mar 8 14:39:23 CET 2017
hello,
to close, it's working perfectly well in ipv4 and then when i correctly
configure my kernel, perfectly well for ipv6.
Regards,
Nicolas
2017-03-08 12:26 GMT+01:00 Nicolas Prochazka <nicolas.prochazka at gmail.com>:
> Hello again,
> So i verify my configuration,
> - on a virtual tap , traffic shaping is ok with same configuration
> - on physical card, traffic shaping is ok
> - on wg0 , all traffic are going to default queue,filter seems to be not
> applied , tcpdump on wg0 is ok with my queue definition, only difference
> is wg0 is configured as ipv6 tunnel.
>
>
> Regards,
> NIcolas
>
>
>
> 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <nicolas.prochazka at gmail.com>
> :
>
>> Hello,
>> is there an incompatibilty between wireguard and traffic shaping or i
>> misconfig something ?
>>
>> After configuring Qos , I need to add filter to flow
>>
>> If i'm trying with simple tc command :
>> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80
>> 0xffff flowid 1:10
>>
>> or If i'm trying with tc + iptables,
>>
>> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
>> and iptables mark rules,
>>
>> traffic seems to be not "apply" to queue .
>>
>> Regards,
>> Nicolas Prochazka.
>>
>> -----
>> Example : after this configuration, traffic on wg0 on port 80,443,8080
>> are going to 1:30 ,not to 1:10
>> _trafficShappingMaxRate=15
>>
>> tc qdisc del dev wg0 root
>>
>> tc qdisc add dev wg0 root handle 1: htb default 30
>>
>> # Base
>> tc class add dev wg0 parent 1: classid 1:1 htb rate
>> ${_trafficShappingMaxRate}mbit burst 15k
>>
>> # http/https
>>
>> # Class 1:10,
>> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
>> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k
>>
>> # Class 1:20,
>> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
>> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k
>>
>> # Class 1:30, which has a rate of 1kbit. This one is the default class.
>> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit
>> burst 15k
>>
>> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
>> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
>> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
>>
>> # --- associate queue with traffic
>>
>> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid
>> 1:10
>> # http/https
>> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
>> 80 0xffff flowid 1:10
>> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
>> 443 0xffff flowid 1:10
>> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
>> 8080 0xffff flowid 1:10
>> # ncfs
>> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport
>> 16379 0xffff flowid 1:20
>> # icmp
>> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match ip protocol
>> 1 0xff flowid 1:30
>>
>> tc -s qdisc ls dev wg0
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170308/d5206015/attachment.html>
More information about the WireGuard
mailing list