/
cake-qos-simple.nft
107 lines (76 loc) · 2.49 KB
/
cake-qos-simple.nft
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# cake-qos-simple
# This nft script:
# 1) classifies DSCPs (to supplement or replace those set by LAN clients); and
# 2) stores DSCPs in conntracks for restoration using tc action ctinfo dscp 63 128
# author: Lynx of OpenWrt
table inet cake-qos-simple
flush table inet cake-qos-simple
# local interfaces
define IFACE_NAMES = {
br-lan,
br-guest
}
# local MAC addresses to set to bulk (e.g. IoT devices)
#define BULK_MACS = {
# XX,
# YY
#}
table inet cake-qos-simple {
chain hook-output {
type filter hook output priority filter
# OpenWrt->wan
oifname wan goto classify-and-store-dscp
}
chain hook-forward {
type filter hook forward priority filter
# lan->wan
iifname $IFACE_NAMES goto classify-and-store-dscp
}
chain hook-postrouting {
type filter hook postrouting priority filter
# fix ttl to help disguise use of router over mobile network
# for bridge mode set ttl to 64
# for USB tethering set ttl to 65
oifname wan ip ttl set 65
}
chain classify-and-store-dscp {
jump classify-dscp
jump store-dscp-in-conntrack
}
chain classify-dscp {
meta l4proto . th dport vmap @rules_proto_dport
# IoT devices (uncomment to use)
# ether saddr $BULK_MACS goto dscp_set_bulk
}
map rules_proto_dport {
type inet_proto . inet_service : verdict
elements = {
tcp . 53 : goto dscp_set_voice, # DNS
udp . 53 : goto dscp_set_voice, # DNS
tcp . 853 : goto dscp_set_voice, # DNS-over-TLS
udp . 853 : goto dscp_set_voice, # DNS-over-TLS
udp . 123 : goto dscp_set_voice # NTP
}
}
# designate packet for cake tin: bulk
chain dscp_set_bulk {
ip dscp set cs1
}
# designate packet for cake tin: besteffort
chain dscp_set_besteffort {
ip dscp set cs0
}
# designate packet for cake tin: video
chain dscp_set_video {
ip dscp set cs2
}
# designate packet for cake tin: voice
chain dscp_set_voice {
ip dscp set cs4
}
chain store-dscp-in-conntrack {
ip version 4 ct mark set (@nh,8,8 & 252) >> 2
ip6 version 6 ct mark set (@nh,0,16 & 4032) >> 6
ct mark set ct mark or 128
}
}