DSCP tagging for SQM + DSCP + Aria2

Device: Xiaomi R3g v1

Network: Altice MEO Portugal ipv4 and ipv6
ADSL2+ over ISP Router in bridge mode

Speed: Download 13000kbit, Upload 925kbit

ISP have IPTV over multicast in ipv4.
Using max 3400kbit of download
Traffic of iptv going of ethernet tagged with AF41.
Box have dhcp reserved with 192.168.2.200
I using igmpproxy on wan

config igmpproxy
	option quickleave 1
	option verbose 0

config phyint
	option network wan
	option zone wan
	option direction upstream
	list altnet ---/32
	list altnet ---/16
	list altnet ---/20
	list altnet ---/23

config phyint
	option network lan
	option zone lan
	option direction downstream
	list altnet 192.168.2.200/32

SQM config

config queue
	option debug_logging '0'
	option verbosity '5'
	option ingress_ecn 'ECN'
	option tcMTU '2047'
	option tcTSIZE '128'
	option qdisc 'cake'
	option qdisc_advanced '1'
	option squash_dscp '0'
	option squash_ingress '0'
	option qdisc_really_really_advanced '1'
	option linklayer_advanced '1'
	option shaper_burst '1'
	option script 'layer_cake.qos'
	option interface 'eth0.2'
	option linklayer 'atm'
	option overhead '44'
	option tcMPU '0'
	option egress_ecn 'NOECN'
	option upload '825'
	option enabled '1'
	option download '12350'
	option linklayer_adaptation_mechanism 'cake'
	option iqdisc_opts 'diffserv8'
	option eqdisc_opts 'diffserv8'

I have Wireguard VPN and IPv6 Tunnel Broker for static ipv6

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '64'
	option igmp_snooping '1'
	option ipaddr '192.168.2.1'
	list ip6class 'wan6'
	option ifname 'eth0.1'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr '---'

config interface 'wan'
	option proto 'dhcp'
	list dns '1.1.1.1'
	list dns '1.0.0.1'
	option peerdns '0'
	option metric '10'
	option ifname 'eth0.2'

config interface 'wan6'
	option proto 'dhcpv6'
	option reqprefix 'auto'
	option reqaddress 'try'
	option peerdns '0'
	list dns '2606:4700:4700::1111'
	list dns '2606:4700:4700::1001'
	option ifname 'eth0.2'

config interface 'wan6_tun'
	option proto '6in4'
	option username '---'
	option peeraddr '---'
	list ip6prefix '---'
	option ip6addr '---'
	option tunnelid '---'
	option password '---'

config interface 'wg0'
	option proto 'wireguard'
	option private_key '---'
	option listen_port '51820'
	list addresses '192.168.5.1/24'
	list addresses '---::1/64'

config wireguard_wg0
	option route_allowed_ips '1'
	option persistent_keepalive '25'
	list allowed_ips '192.168.5.2/32'
	list allowed_ips '---::2/128'
	option description 'Samsung'
	option public_key '---'

config wireguard_wg0
	option public_key '---'
	option route_allowed_ips '1'
	option persistent_keepalive '25'
	list allowed_ips '192.168.5.3'
	list allowed_ips '---::3/64'
	option description 'OMEN-HP'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '6t 3 2'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t 1'
	option vid '2'

I have more aria2 deamon run on router

config aria2 'main'
	option bt_enable_lpd 'true'
	option enable_dht 'true'
	option follow_torrent 'true'
	option save_session_interval '30'
	option enabled '1'
	option user 'root'
	option dir '/mnt/sda1/.aria2/incomplete'
	option config_dir '/mnt/sda1/.aria2/conf'
	option pause_metadata 'true'
	option rpc_auth_method 'token'
	option rpc_secret '---'
	option rpc_secure 'true'
	option rpc_certificate '/etc/ssl/server.cert'
	option rpc_private_key '/etc/ssl/server.key'
	option enable_proxy '0'
	option check_certificate 'true'
	option ca_certificate '/etc/ssl/certs/ca-certificates.crt'
	option http_accept_gzip 'true'
	option max_connection_per_server '16'
	option enable_dht6 'true'
	option enable_peer_exchange 'true'
	option bt_remove_unselected_file 'true'
	option bt_seed_unverified 'true'
	option listen_port '60001'
	option dht_listen_port '60001'
	option seed_ratio '0.0'
	option seed_time '0'
	option disk_cache '0'
	option file_allocation 'falloc'
	list extra_settings 'dscp=8'
	list extra_settings 'enable-http-pipelining=true'
	list extra_settings 'on-download-complete=/mnt/sda1/.aria2/scripts/mvcompleted.sh'
	list extra_settings 'quiet=false'
	option enable_logging '1'
	option log '/mnt/sda1/.aria2/log/aria2.log'
	option log_level 'warn'

I have more adblock, ddns, minidlna. But it's not important for this.

I need tagged traffic of aria2 for CS1 (Bulk), of box Meo(over wan its correct tagged, i need for go to wan).
Possible i need tag on MS Team and Zoom.

I wait for experts ...

@moeller0 @dlakelan
It's possible help with tagging and reorder routing tables ?

I read your post @dlakelan Veth.

You've got a lot going on there. Can you tell us what is the symptoms of problems you are trying to solve? It would help to know what ultimate goal is.

Ok in simple mode.

I create veth pair and setup

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '64'
	option igmp_snooping '1'
	option ipaddr '192.168.2.1'
	list ip6class 'wan6'
	option ifname 'eth0.1'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr '---'

config interface 'wan'
	option proto 'dhcp'
	list dns '1.1.1.1'
	list dns '1.0.0.1'
	option peerdns '0'
	option metric '10'
	option ifname 'veth1'

config interface 'wan6'
	option proto 'dhcpv6'
	option reqprefix 'auto'
	option reqaddress 'try'
	option peerdns '0'
	list dns '2606:4700:4700::1111'
	list dns '2606:4700:4700::1001'
	option ifname 'veth1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '6t 3 2'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t 1'
	option vid '2'

config interface 'prewan'
	option proto 'none'
	option ifname 'eth0.2 veth0'
	option type 'bridge'

sqm

config queue
	option debug_logging '0'
	option verbosity '5'
	option ingress_ecn 'ECN'
	option tcMTU '2047'
	option tcTSIZE '128'
	option qdisc 'cake'
	option qdisc_advanced '1'
	option squash_dscp '0'
	option squash_ingress '0'
	option qdisc_really_really_advanced '1'
	option linklayer_advanced '1'
	option shaper_burst '1'
	option script 'layer_cake.qos'
	option linklayer 'atm'
	option overhead '44'
	option tcMPU '0'
	option enabled '1'
	option linklayer_adaptation_mechanism 'cake'
	option eqdisc_opts 'diffserv8'
	option interface 'veth0'
	option download '0'
	option upload '12350'
	option egress_ecn 'ECN'

config queue
	option debug_logging '0'
	option verbosity '5'
	option squash_dscp '1'
	option squash_ingress '1'
	option ingress_ecn 'ECN'
	option egress_ecn 'NOECN'
	option tcMTU '2047'
	option tcTSIZE '128'
	option tcMPU '0'
	option enabled '1'
	option interface 'veth1'
	option download '0'
	option upload '825'
	option qdisc 'cake'
	option script 'layer_cake.qos'
	option qdisc_advanced '1'
	option qdisc_really_really_advanced '1'
	option eqdisc_opts 'diffserv8'
	option linklayer 'atm'
	option overhead '44'
	option linklayer_advanced '1'
	option linklayer_adaptation_mechanism 'cake'

How i tag trafic with dscp for correct pior on queue's.

For example.
Traffic which outgoing the Box(192.168.2.200) need tag with af41.
How i tag?

Create traffic rules in LUCI using the DSCP tagging option.

Ok. finish and work.

Next
aria2c send traffic tagged with CS1
but i need tagging on incomming. or its not possible?

if you are using a veth, then just use LUCI traffic rule for DSCP and tag with CS1, when it's transmitted towards the LAN it will be in the right tin

hummm
if i tag traffic on lan -> wan, when some traffic wan -> lan auto retagged?

you have options to match only certain traffic by source or destination. so if you want to tag only traffic one way, you just match on destination address or destination network for example