HI,
With my ISP, I need to mark IGMP QoS priority 5 to make Se-Tup-Box IPTV working.
I need to reproduce this kinde of configuration (with exemple QoS priority is marked as 3) ;
thank you
CoS 3 is DSCP mark CS3 (yes, it rhymes like that)
Add the following in a file with .nft extension in /etc/nftables.d directory:
chain raw_output {
type filter hook output priority raw; policy accept;
oifname "wan0.100" meta l4proto igmp ip dscp set cs3
}
triple-spaces to sepatate nftables statements, no other semantic meaning
2 Likes
nft -c -d netlink -f -
table inet testing {
chain raw_output {
type filter hook output priority raw; policy accept;
oifname "wan0.100" meta l4proto igmp ip dscp set cs3
}
}
inet (null) (null) use 0
inet testing raw_output
# you can use oif to avoid strcmp
[ meta load oifname => reg 1 ]
[ cmp eq reg 1 0x306e6177 0x3030312e 0x00000000 0x00000000 ]
# check l4 igmp
[ meta load l4proto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
# implied meta nfproto ipv4 by ip dscp coming next
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
# set dscp
[ payload load 2b @ network header + 0 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x000003ff ) ^ 0x00006000 ]
[ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
2 Likes
Oh, great info, which one of the codes we need then? The first one or the complete? And if the priority is 0, what need to be updated in the complete apart to changing to cs0
Thank you.
The rule is as precise reflection of OP picture as it can get. CoSx is supperseded by DSCP CSx values which fill exactly same packet header. Placed handily in raw table so that whatever fw rules set CS0 are overriden later. Obviously one should not use cake dscp wash on that vlan100 interface.
1 Like
Hi, I tried it with eth1.100 cs5, but stilll doesn't work, I have openwrt 19.07 on GL-B3000, maybe it can handle it because I created the directory nftables.d.
also what is the difference with second block ?
You should ask gl.inet for help, your firmware is not made here.
In general you can bridge wan.100 with some lan ports vlan100, then openwrt and firewall will not interfere with Set-Top-Box traffic.
It appears you are using firmware that is not from the official OpenWrt project.
When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.
You may find that the best options are:
- Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
- Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
- Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).
If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.