[wireguard-devel ] traffic shapping
Nicolas Prochazka
nicolas.prochazka at gmail.com
Wed Mar 8 17:39:31 CET 2017
in doubt i add all ipv6 kernel options ...
and i'm using tc filter , not iptables fwmark.
Regards,
Nicolas
2017-03-08 17:00 GMT+01:00 Baptiste Jonglez <baptiste at bitsofnetworks.org>:
> Hi Nicolas,
>
> For posterity, can you be more specific about how you solved your issue?
> You were simply missing traffic shaping support for IPv6 in your kernel?
> Which symbols were needed?
>
> Thanks,
> Baptiste
>
> On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote:
> > hello,
> > to close, it's working perfectly well in ipv4 and then when i correctly
> > configure my kernel, perfectly well for ipv6.
> > Regards,
> > Nicolas
> >
> > 2017-03-08 12:26 GMT+01:00 Nicolas Prochazka <
> nicolas.prochazka at gmail.com>:
> >
> > > Hello again,
> > > So i verify my configuration,
> > > - on a virtual tap , traffic shaping is ok with same configuration
> > > - on physical card, traffic shaping is ok
> > > - on wg0 , all traffic are going to default queue,filter seems to be
> not
> > > applied , tcpdump on wg0 is ok with my queue definition, only
> difference
> > > is wg0 is configured as ipv6 tunnel.
> > >
> > >
> > > Regards,
> > > NIcolas
> > >
> > >
> > >
> > > 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <
> nicolas.prochazka at gmail.com>
> > > :
> > >
> > >> Hello,
> > >> is there an incompatibilty between wireguard and traffic shaping or i
> > >> misconfig something ?
> > >>
> > >> After configuring Qos , I need to add filter to flow
> > >>
> > >> If i'm trying with simple tc command :
> > >> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip
> dport 80
> > >> 0xffff flowid 1:10
> > >>
> > >> or If i'm trying with tc + iptables,
> > >>
> > >> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid
> 1:10
> > >> and iptables mark rules,
> > >>
> > >> traffic seems to be not "apply" to queue .
> > >>
> > >> Regards,
> > >> Nicolas Prochazka.
> > >>
> > >> -----
> > >> Example : after this configuration, traffic on wg0 on port
> 80,443,8080
> > >> are going to 1:30 ,not to 1:10
> > >> _trafficShappingMaxRate=15
> > >>
> > >> tc qdisc del dev wg0 root
> > >>
> > >> tc qdisc add dev wg0 root handle 1: htb default 30
> > >>
> > >> # Base
> > >> tc class add dev wg0 parent 1: classid 1:1 htb rate
> > >> ${_trafficShappingMaxRate}mbit burst 15k
> > >>
> > >> # http/https
> > >>
> > >> # Class 1:10,
> > >> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
> > >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst
> 15k
> > >>
> > >> # Class 1:20,
> > >> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
> > >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit
> burst 15k
> > >>
> > >> # Class 1:30, which has a rate of 1kbit. This one is the default
> class.
> > >> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil
> 1mbit
> > >> burst 15k
> > >>
> > >> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
> > >> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
> > >> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
> > >>
> > >> # --- associate queue with traffic
> > >>
> > >> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw
> flowid
> > >> 1:10
> > >> # http/https
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 80 0xffff flowid 1:10
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 443 0xffff flowid 1:10
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 8080 0xffff flowid 1:10
> > >> # ncfs
> > >> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip
> dport
> > >> 16379 0xffff flowid 1:20
> > >> # icmp
> > >> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match ip
> protocol
> > >> 1 0xff flowid 1:30
> > >>
> > >> tc -s qdisc ls dev wg0
> > >>
> > >>
> > >
>
> > _______________________________________________
> > WireGuard mailing list
> > WireGuard at lists.zx2c4.com
> > https://lists.zx2c4.com/mailman/listinfo/wireguard
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20170308/830cbbbf/attachment.html>
More information about the WireGuard
mailing list