NFtables and QoS in 2021

Installing and Using OpenWrt
214

This is the cttags table I have replaced from the original conf file. My only disappoinment is in waiting for dnsmasq 2.87 to be published (Simon Kelley is MIA again, relocating to a new country apparently). So I've added sets and rules to eventually be populated by dnsmasq, but they do nothing today with dnsmasq 2.86.

And to be clear, I'm running snapshot with nftables 1.0.0, so if something doesn't work for you, it's probably due to the version differences.

table inet cttags... 
table inet cttags {

	map dscpct {
		typeof ip dscp : ct mark
			elements = {
				cs0 : 0x00,
				cs1 : 0x08,
				cs2 : 0x10,
				cs3 : 0x18,
				cs4 : 0x20,
				cs5 : 0x28,
				cs6 : 0x30,
				cs7 : 0x38,
				be : 0x00,
				af11 : 0x0a,
				af12 : 0x0c,
				af13 : 0x0e,
				af21 : 0x12,
				af22 : 0x14,
				af23 : 0x16,
				af31 : 0x1a,
				af32 : 0x1c,
				af33 : 0x1e,
				af41 : 0x22,
				af42 : 0x24,
				af43 : 0x26,
				ef : 0x2e
			}
	}

	set bulk4 {
		type ipv4_addr
		counter
		comment "Bulk IPv4"
	}

	set bulk6 {
		type ipv6_addr
		counter
		comment "Bulk IPv6"
	}

	set besteffort4 {
		type ipv4_addr
		counter
		comment "BE IPv4"
	}

	set besteffort6 {
		type ipv6_addr
		counter
		comment "BE IPv6"
	}

	set video4 {
		type ipv4_addr
		counter
		comment "Video IPv4"
	}

	set video6 {
		type ipv6_addr
		counter
		comment "Video IPv6"
	}

	set voice4 {
		type ipv4_addr
		counter
		comment "Voice IPv4"
	}

	set voice6 {
		type ipv6_addr
		counter
		comment "Voice IPv6"
	}

	define facetime_ports = { 3478-3497, 16384-16387, 16393-16402 }
	define zoom_ports = { 8801-8810 }

	chain cttags {
		type filter hook postrouting priority 0; policy accept;

		# match sets (populated externally by dnsmasq, et al)
		ip daddr @bulk4 ip dscp set cs1 comment "bulk4 to CS1"
		ip6 daddr @bulk6 ip6 dscp set cs1 comment "bulk6 to CS1"
		ip daddr @besteffort4 ip dscp set cs0 comment "besteffort4 to CS0"
		ip6 daddr @besteffort6 ip6 dscp set cs0 comment "besteffort6 to CS0"
		ip daddr @video4 ip dscp set af41 comment "video4 to AF41"
		ip6 daddr @video6 ip6 dscp set af41 comment "video6 to AF41"
		ip daddr @voice4 ip dscp set cs6 comment "voice4 to CS6"
		ip6 daddr @voice6 ip6 dscp set cs6 comment "voice6 to CS6"

		# individual IP or port rules
		ip daddr 17.0.0.0/8 tcp dport { 993, 5223 } ip dscp set cs0 comment "Apple Mail and APNS CS0"
		udp sport $facetime_ports udp dport $facetime_ports ip dscp set af41 comment "Facetime AF41"
		udp dport $zoom_ports ip dscp set cs3 comment "Zoom CS3"
		udp sport 4500 udp dport 4500 ip dscp set cs6 comment "WiFi Calling CS6"

		# Convert the current DSCP value to an equivalent conntrack mark using the map
		# Then save it in the high bits of the mark for restoration with act_ctinfo
		oifname $wan ct mark set ip dscp map @dscpct counter
		oifname $wan ct mark set ct mark lshift 26 or 0x2000000
	}
}
2 Likes