-
Notifications
You must be signed in to change notification settings - Fork 0
/
nss.qos
84 lines (70 loc) · 3.49 KB
/
nss.qos
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
################################################################################
# nss.qos (HW Accelerated Simple Traffic Shaper)
################################################################################
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
# Copyright (C) 2021
################################################################################
. ${SQM_LIB_DIR}/defaults.sh
################################################################################
ipt_setup() {
ipt -t mangle -N QOS_MARK_${IFACE}
case $QDISC in
cake*)
sqm_debug "cake does all the diffserv work - no need for iptables rules"
;;
*)
ipt -t mangle -A QOS_MARK_${IFACE} -j MARK --set-mark 0x2/${IPT_MASK}
ipt -t mangle -A QOS_MARK_${IFACE} -m dscp --dscp-class CS1 -j MARK --set-mark 0x3/${IPT_MASK}
ipt -t mangle -A QOS_MARK_${IFACE} -m dscp --dscp-class CS6 -j MARK --set-mark 0x1/${IPT_MASK}
ipt -t mangle -A QOS_MARK_${IFACE} -m dscp --dscp-class EF -j MARK --set-mark 0x1/${IPT_MASK}
ipt -t mangle -A QOS_MARK_${IFACE} -m dscp --dscp-class AF42 -j MARK --set-mark 0x1/${IPT_MASK}
ipt -t mangle -A QOS_MARK_${IFACE} -m tos --tos Minimize-Delay -j MARK --set-mark 0x1/${IPT_MASK}
esac
# Turn it on. Preserve classification if already performed
#
#sm: is it correct to do this in $IFACE? Should ingress not be on $DEV? since HTB acts on $DEV?
#
# ZERO also does not work on $DEV (that is the IFB will still see the
# incoming ToS bits whether we squash or not)
#
# ZERO is still useful to protect internal machines...
if [ "$ZERO_DSCP_INGRESS" = "1" ]; then
sqm_debug "Squashing differentiated services code points (DSCP) from ingress."
ipt -t mangle -I PREROUTING -i $IFACE -m dscp ! --dscp 0 -j DSCP --set-dscp-class be
else
sqm_debug "Keeping differentiated services code points (DSCP) from ingress."
ipt -t mangle -A PREROUTING -i $IFACE -m mark --mark 0x00/${IPT_MASK} -g QOS_MARK_${IFACE}
fi
ipt -t mangle -A POSTROUTING -o $IFACE -m mark --mark 0x00/${IPT_MASK} -g QOS_MARK_${IFACE}
ipt -t mangle -A OUTPUT -p udp -m multiport --ports 123,53 -j DSCP --set-dscp-class AF42
}
cake_egress() {
sqm_debug "(EGRESS) Nothing here."
}
egress() {
$TC qdisc add dev $IFACE root handle 1: nsstbl rate ${UPLINK}kbit burst 1Mb
$TC qdisc add dev $IFACE parent 1: handle 10: nssfq_codel limit 4096 flows 1024 quantum 1514 target 5ms interval 100ms set_default
$TC filter add dev $IFACE parent 1:0 protocol ip prio 0 u32 match ip protocol 1 0xff flowid 1:13
$TC filter add dev $IFACE parent 1:0 protocol ipv6 prio 1 u32 match ip protocol 1 0xff flowid 1:13
}
cake_ingress() {
sqm_debug "(INGRESS) Nothing here."
}
ingress() {
#cut off ifb4
DEV=`echo $DEV | cut -c 5-`
printf $DEV > /sys/module/nss_ifb/parameters/nss_dev_name
DEV=nssifb
$TC qdisc add dev $DEV root handle 1: nsstbl rate ${DOWNLINK}kbit burst 1Mb
$TC qdisc add dev $DEV parent 1: handle 10: nssfq_codel limit 4096 flows 1024 quantum 1514 target 5ms interval 100ms set_default
$IP link set up nssifb
}
sqm_prepare_script() {
do_modules
#quick workaround to fill dropdown, will fix this later
touch /var/run/sqm/available_qdiscs/nssfq_codel
verify_qdisc "nssfq_codel" || 1
ipt_setup
}