CAKE w/ DSCPs - cake-qos-simple

I’m interested in applying cake-qos-simple to only specific MAC’s. I’ve commented out the necessary parts and it appears to work. Is there a better way to go about it?

ether saddr { XX:XX:XX:XX:XX:XX, XX:XX:XX:XX:XX:XX } oifname wan ct mark & 128 == 0 goto store-dscp-in-conntrack

Looks like there’s more I would need to do and I’m not sure it’s within this projects scope. Sorry for the noise.

Looks fine to me - only classify connections coming from certain source MACs that have yet to be classified?

Seems well within scope to me. Helpful to explore ways to customize things.

I‘ve been running with it since I posted about it and it’s working well. I just feel more comfortable applying conntrack to only machines that need it and that I’m in complete control of. It limits the potential for abuse and unforeseen issues.

I thought I could make it more efficient if I did it via the ‘tc filter’ portion of the script but my knowledge is lacking. It seems I would need to add a new line per MAC if I go that route. I didn’t get too far. I just have this in my notes should I get motivated to come back to this.

u32 match ether src XX:XX:XX:XX:XX:XX

@Lynx do we agree that with this script we need to add our own dscp marks for it to be effective and fair?

I wouldn't go that route. What you could do instead is have nftables apply a mark and then match on that mark in tc - like so:

But I'm not sure what the advantage of that would be versus instead just limiting classification in nftables to source MAC as you do already.

Correct - it's up to the user to set the outbound DSCPs as desired using nftables and/or by setting it in the individual LAN clients. I personally have mixture - e.g. router sets stuff like DNS requests or NTP requests to 'voice' and my office computer sets Teams/Zoom traffic to mixture of 'video' and 'voice'.


ok thanks for your reply
to be clear, the rules I want to set are not to be added in the script itself, but in luci traffic rules for example.

or an own .nft script

1 Like

You can tweak /root/cake-qos-simple/nft.rules and follow template or add your own rules. Or use LuCi.

1 Like

That’s reassuring, thank you! If you think this feature is worthy of addition then I’d be happy to test.

It's difficult to generalise. My thinking is that with the custom nft.rules file users can easily add their own rules for individual use cases by following the nftables format. I don't see the point in making a separate system for cake-qos-simple that translates to nftables rules.

That’s a big reason why I chose this solution. It’s easily hackable! :smiley:

1 Like

Yes it’s very powerful. I think leveraging connection tracking is super useful to enable setting of DSCPs on upload at router and/or by individual LAN clients, saving those to conntrack, and then restoring DSCPs on download. And harnessing nftables directly provides the flexibility and power that comes with that.