I'm not exactly sure why it's not working or what i'm missing but...
root@OpenWrt:~# cat /proc/version
Linux version 5.4.72 (builder@buildhost) (gcc version 8.4.0 (OpenWrt GCC 8.4.0 r14731-b90a4a8e08)) #0 Tue Oct 20 19:46:20 2020
root@OpenWrt:~# uname -r
5.4.72
root@OpenWrt:~# cat /etc/os-release
NAME="OpenWrt"
VERSION="SNAPSHOT"
ID="openwrt"
ID_LIKE="lede openwrt"
PRETTY_NAME="OpenWrt SNAPSHOT"
VERSION_ID="snapshot"
HOME_URL="https://openwrt.org/"
BUG_URL="https://bugs.openwrt.org/"
SUPPORT_URL="https://forum.openwrt.org/"
BUILD_ID="r14731-b90a4a8e08"
OPENWRT_BOARD="ath79/generic"
OPENWRT_ARCH="mips_24kc"
OPENWRT_TAINTS=""
OPENWRT_DEVICE_MANUFACTURER="OpenWrt"
OPENWRT_DEVICE_MANUFACTURER_URL="https://openwrt.org/"
OPENWRT_DEVICE_PRODUCT="Generic"
OPENWRT_DEVICE_REVISION="v0"
OPENWRT_RELEASE="OpenWrt SNAPSHOT r14731-b90a4a8e08"
root@OpenWrt:~# lsmod | grep act_ctinfo
act_ctinfo 4706 2
nf_conntrack 74701 16 xt_state,xt_nat,xt_helper,xt_conntrack,xt_connmark,xt_connlimit,xt_connbytes,xt_REDIRECT,xt_MASQUERADE,xt_CT,nf_nat,nf_flow_table,nf_conntrack_rtcache,nf_conncount,act_ctinfo,act_connmark
root@OpenWrt:~# tc -s filter show parent ffff: dev eth0.2
filter protocol all pref 10 u32 chain 0
filter protocol all pref 10 u32 chain 0 fh 800: ht divisor 1
filter protocol all pref 10 u32 chain 0 fh 800::800 order 2048 key ht 800 bkt 0 flowid ffff:1 not_in_hw
match 00000000/00000000 at 0
action order 1: ctinfo zone 0 pipe
index 2 ref 1 bind 1 dscp 0xfc000000 0x01000000 installed 628 sec used 0 sec firstused 628 sec DSCP set 0 error 0 CPMARK set 0
Action statistics:
Sent 4650473 bytes 13219 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
action order 2: mirred (Egress Redirect to device ifb4eth0.2) stolen
index 1 ref 1 bind 1 installed 628 sec used 0 sec firstused 628 sec
Action statistics:
Sent 4650473 bytes 13219 pkt (dropped 0, overlimits 0 requeues 0)
backlog 0b 0p requeues 0
root@OpenWrt:~# cat /usr/lib/sqm/ct_layer_cake.qos
#!/bin/sh
# Cero3 Shaper
# A cake shaper and AQM solution that allows several diffserv marking schemes
# for ethernet gateways
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 as
# published by the Free Software Foundation.
#
# Copyright (C) 2012-5 Michael D. Taht, Toke Høiland-Jørgensen, Sebastian Moeller
#sm: TODO pass in the cake diffserv keyword
. ${SQM_LIB_DIR}/defaults.sh
QDISC=cake
# Default traffic classication is passed in INGRESS_CAKE_OPTS and EGRESS_CAKE_OPTS, defined in defaults.sh now
egress() {
SILENT=1 $TC qdisc del dev $IFACE root
$TC qdisc add dev $IFACE root handle cacf: $( get_stab_string ) cake \
bandwidth ${UPLINK}kbit $( get_cake_lla_string ) ${EGRESS_CAKE_OPTS} ${EQDISC_OPTS}
# put an action on the egress interface to set DSCP from the stored connmark.
# this seems counter intuitive but it ensures once the mark is set that all
# subsequent egress packets have the same stored DSCP avoiding iptables rules
# to mark every packet, ctinfo does it for us and then CAKE is happy using the
# DSCP
$TC filter add dev $IFACE protocol all prio 10 u32 match u32 0 0 \
action ctinfo dscp 0xfc000000 0x01000000
}
ingress() {
SILENT=1 $TC qdisc del dev $IFACE handle ffff: ingress
$TC qdisc add dev $IFACE handle ffff: ingress
SILENT=1 $TC qdisc del dev $DEV root
[ "$IGNORE_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS besteffort"
[ "$ZERO_DSCP_INGRESS" -eq "1" ] && INGRESS_CAKE_OPTS="$INGRESS_CAKE_OPTS wash"
$TC qdisc add dev $DEV root handle cace: $( get_stab_string ) cake \
bandwidth ${DOWNLINK}kbit $( get_cake_lla_string ) ${INGRESS_CAKE_OPTS} ${IQDISC_OPTS}
$IP link set dev $DEV up
# redirect all IP packets arriving in $IFACE to ifb0
# set DSCP from conntrack mark
$TC filter add dev $IFACE parent ffff: protocol all prio 10 u32 \
match u32 0 0 \
action ctinfo dscp 0xfc000000 0x01000000 \
mirred egress redirect dev $DEV
# Configure iptables chain to mark packets
ipt -t mangle -F QOS_MARK_${IFACE}
ipt -t mangle -X QOS_MARK_${IFACE}
ipt -t mangle -N QOS_MARK_${IFACE}
# Change DSCP of relevant hosts/packets
# and save the DSCP to the connmark using savedscp
#From sched_cake.c:
# /* Further pruned list of traffic classes for four-class system:
# *
# * Latency Sensitive (CS7, CS6, EF, VA, CS5, CS4)
# * Streaming Media (AF4x, AF3x, CS3, AF2x, TOS4, CS2, TOS1)
# * Best Effort (CS0, AF1x, TOS2, and those not specified)
# * Background Traffic (CS1)
# *
# * Total 4 traffic classes.
# */
#and for diffserv8:
# /* Pruned list of traffic classes for typical applications:
# *
# * Network Control (CS6, CS7)
# * Minimum Latency (EF, VA, CS5, CS4)
# * Interactive Shell (CS2, TOS1)
# * Low Latency Transactions (AF2x, TOS4)
# * Video Streaming (AF4x, AF3x, CS3)
# * Bog Standard (CS0 etc.)
# * High Throughput (AF1x, TOS2)
# * Background Traffic (CS1)
# *
# * Total 8 traffic classes.
# */
ipt -t mangle -A QOS_MARK_${IFACE} -s 192.168.2.223 -p udp -m multiport --sports 3074,3478:3479,9308 -j DSCP --set-dscp-class EF
ipt -t mangle -A QOS_MARK_${IFACE} -s 192.168.2.223 -p tcp -m multiport --dports 80,443 -j DSCP --set-dscp-class CS1
ipt -t mangle -A QOS_MARK_${IFACE} -p icmp -j DSCP --set-dscp-class CS1
ipt -A QOS_MARK_${IFACE} -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000
# Send unmarked connections to the marking chain
# top 6 bits are DSCP, LSB is DSCP is valid flag
# ipt -t mangle -A PREROUTING -i $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}
ipt -t mangle -A POSTROUTING -o $IFACE -m connmark --mark 0x00000000/0x01000000 -g QOS_MARK_${IFACE}
#you could just send every packet to the marking chain and update the stored DSCP for every packet
#which should work for dynamic type marking but at a cpu cost
}
sqm_prepare_script() {
do_modules
verify_qdisc $QDISC "cake" || return 1
eth_setup
}
root@OpenWrt:~# cat /etc/config/sqm
config queue 'eth1'
option ingress_ecn 'ECN'
option itarget 'auto'
option etarget 'auto'
option enabled '1'
option interface 'eth0.2'
option debug_logging '1'
option verbosity '5'
option qdisc 'cake'
option script 'ct_layer_cake.qos'
option qdisc_advanced '1'
option squash_dscp '0'
option squash_ingress '0'
option egress_ecn 'NOECN'
option qdisc_really_really_advanced '1'
option linklayer 'ethernet'
option overhead '23'
option linklayer_advanced '1'
option tcMTU '2047'
option tcTSIZE '128'
option tcMPU '0'
option linklayer_adaptation_mechanism 'cake'
option download '45000'
option iqdisc_opts 'dual-dsthost nat ingress rtt 150ms'
option upload '9750'
option eqdisc_opts 'diffserv3 dual-srchost nat rtt 150ms'