Skip to content
/ dscpclassify Public
forked from jeverley/dscpclassify

nftables ruleset for OpenWrt fw4 for dynamically setting DSCP packet marks

6 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ldir-EDB0/dscpclassify

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
etc/nftables.d
etc/nftables.d
 
 
usr/lib/sqm
usr/lib/sqm
 
 
README.md
README.md
 
 

Repository files navigation

nft-dscpclassify

An nftables ruleset for OpenWrt's firewall4 for dynamically setting DSCP packet marks (this only works in OpenWrt 22.03 and above).

This should be used in conjunction with layer-cake SQM queue with ctinfo configured to restore DSCP on the device ingress. The nft-dscpclassify rules use the last 8 bits of the conntrack mark (0x000000ff).

image

The nftables rule file must be placed in:

"/etc/nftables.d"

The SQM queue setup script 'layer_cake_ct.qos' must be placed in:

"/usr/lib/sqm"

Your SQM config must use the new 'layer_cake_ct.qos' queue setup script.

Tested working SQM config for the script:

Config parameter Value
qdisc_advanced '1'
squash_dscp '0'
squash_ingress '0'
qdisc_really_really_advanced '1'
iqdisc_opts 'nat dual-dsthost ingress diffserv4'
eqdisc_opts 'nat dual-srchost ack-filter diffserv4'
script 'layer_cake_ct.qos'

About

nftables ruleset for OpenWrt fw4 for dynamically setting DSCP packet marks

Resources

Readme
Activity

Stars

6 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 95.1%
  • Makefile 4.9%