I will check the veth solution later.
Here is my other approach using connmarks.
When using imq, i think this is the better solution.
Since traffic only needs to be classified on the egress side.
After classifying set some connmarks.
use those marks on egress and ingress to set the appropriate dscp flags.
###################################################################
# Make use of Cake's DiffServ4 Implementation
# by dscp flags
###################################################################
# Setup some custom chains
$IPT -t mangle -N sqm
$IPT -t mangle -N sqm_mark_cs0
$IPT -t mangle -N sqm_mark_cs1
$IPT -t mangle -N sqm_mark_cs3
$IPT -t mangle -N sqm_mark_cs7
$IPT -t mangle -N sqm_set_dscp
# Since we dont know if lan users are messing around with dscp flags
# and my isp is doing weird stuff with dscp flags too
# default all packets to cs0 (BE) and override later on
$IPT -t mangle -A PREROUTING -j DSCP --set-dscp-class CS0 -m comment --comment "Set CS0 as default"
# Only try to match traffic thats is going to be forwarded to internet
$IPT -t mangle -A FORWARD -o eth1 -j sqm
$IPT -t mangle -A FORWARD -o eth1 -j sqm_set_dscp
# Match marks on ingress and set dscp flags
$IPT -t mangle -A PREROUTING -i eth1 -j sqm_set_dscp
# match packet mark and set appropriate dscp flag
$IPT -t mangle -A sqm_set_dscp -j CONNMARK --restore-mark
$IPT -t mangle -A sqm_set_dscp -m mark --mark 0 -j DSCP --set-dscp-class CS0 -m comment --comment "CS0 Best Effort"
$IPT -t mangle -A sqm_set_dscp -m mark --mark 0 -j RETURN
$IPT -t mangle -A sqm_set_dscp -m mark --mark 1 -j DSCP --set-dscp-class CS1 -m comment --comment "CS1 Background"
$IPT -t mangle -A sqm_set_dscp -m mark --mark 1 -j RETURN
$IPT -t mangle -A sqm_set_dscp -m mark --mark 3 -j DSCP --set-dscp-class CS3 -m comment --comment "CS3 Streaming"
$IPT -t mangle -A sqm_set_dscp -m mark --mark 3 -j RETURN
$IPT -t mangle -A sqm_set_dscp -m mark --mark 7 -j DSCP --set-dscp-class CS7 -m comment --comment "CS7 Latency Sensitive"
$IPT -t mangle -A sqm_set_dscp -m mark --mark 7 -j RETURN
# set connection mark
# return back to main table/chain
$IPT -t mangle -A sqm_mark_cs1 -j CONNMARK --set-mark 1
$IPT -t mangle -A sqm_mark_cs1 -j RETURN
$IPT -t mangle -A sqm_mark_cs3 -j CONNMARK --set-mark 3
$IPT -t mangle -A sqm_mark_cs3 -j RETURN
$IPT -t mangle -A sqm_mark_cs7 -j CONNMARK --set-mark 7
$IPT -t mangle -A sqm_mark_cs7 -j RETURN
# Restore connmark to packet mark
# check if packet has already been marked
# if true return to back to main table/chain
$IPT -t mangle -A sqm -j CONNMARK --restore-mark
$IPT -t mangle -A sqm -m mark ! --mark 0 -j RETURN
###################################################################
# Latency Sensitive (Voice Tin)
###################################################################
# Generic
$IPT -t mangle -A sqm -m ndpi --NTP -g sqm_mark_cs7
# Gaming
$IPT -t mangle -A sqm -s 10.0.1.60 -p udp -m multiport ! --dports 9000 -g sqm_mark_cs7 -m comment --comment "PS4 UDP"
$IPT -t mangle -A sqm -s 10.0.1.60 -p tcp -m multiport ! --dports 80,443 -g sqm_mark_cs7 -m comment --comment "PS4 TCP"
$IPT -t mangle -A sqm -p udp -m multiport --dports 5000:5500 -g sqm_mark_cs7 -m comment --comment "League of Legends"
$IPT -t mangle -A sqm -m ndpi --CSGO -g sqm_mark_cs7
$IPT -t mangle -A sqm -m ndpi --WorldOfWarcraft -g sqm_mark_cs7
# Voice
$IPT -t mangle -A sqm -m ndpi --TeamSpeak -g sqm_mark_cs7
$IPT -t mangle -A sqm -m ndpi --WhatsAppVoice -g sqm_mark_cs7
###################################################################
# Streaming Media (Video Tin)
###################################################################
$IPT -t mangle -A sqm -m ndpi --YouTube -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --NetFlix -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --AmazonVideo -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --Vevo -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --Twitch -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --GoogleHangout -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --Spotify -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --Deezer -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --SoundCloud -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --LastFM -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --Skype -g sqm_mark_cs3
# Remote Administration
$IPT -t mangle -A sqm -m ndpi --TeamViewer -g sqm_mark_cs3
$IPT -t mangle -A sqm -m ndpi --VNC -g sqm_mark_cs3
###################################################################
# Background Traffic (Bulk Tin)
###################################################################
# Mail
$IPT -t mangle -A sqm -m ndpi --SMTP -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --SMTPS -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --IMAP -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --IMAPS -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --POP3 -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --POPS -g sqm_mark_cs1
# P2P
$IPT -t mangle -A sqm -m ndpi --BitTorrent -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --eDonkey -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --Thunder -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --AppleJuice -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --Soulseek -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --Gnutella -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --DirectConnect -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --FastTrack -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --Stealthnet -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --Filetopia -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --Usenet -g sqm_mark_cs1
# Cloud
$IPT -t mangle -A sqm -m ndpi --Dropbox -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --GoogleDrive -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --MS_OneDrive -g sqm_mark_cs1
# Other
$IPT -t mangle -A sqm -m ndpi --Steam -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --PlayStore -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --GoogleDocs -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --YouTubeUpload -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --WhatsAppFiles -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --FTP_DATA -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --Git -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --RSYNC -g sqm_mark_cs1
$IPT -t mangle -A sqm -m ndpi --WindowsUpdate -g sqm_mark_cs1
# Consider "large" HTTP/S traffic (out/in) as Bulk
# Need some better solution for this
# But should work for most use cases
$IPT -t mangle -A sqm -p tcp -m connbytes --connbytes 1048576: --connbytes-dir both --connbytes-mode bytes -m multiport --dports 80,443 -g sqm_mark_cs1