Hey @ricsc, thanks a lot for making your nss.qos script available via this repo.
While trying to find a reasonable SQM config on @ACwifidude's NSS build of OpenWrt (22.03 Stable), I compared your nss.qos script with @ACwifidude's configuration instructions and now I'm wondering:
What does ipt_setup exactly do?
|
ipt_setup() { |
|
|
|
IFACE=eth0 |
|
|
|
ipt -t mangle -N QOS_MARK_${IFACE} |
|
ipt -t mangle -A QOS_MARK_${IFACE} -j MARK --set-mark 0x2/${IPT_MASK} |
|
ipt -t mangle -A QOS_MARK_${IFACE} -m dscp --dscp-class CS1 -j MARK --set-mark 0x3/${IPT_MASK} |
|
ipt -t mangle -A QOS_MARK_${IFACE} -m dscp --dscp-class CS6 -j MARK --set-mark 0x1/${IPT_MASK} |
|
ipt -t mangle -A QOS_MARK_${IFACE} -m dscp --dscp-class EF -j MARK --set-mark 0x1/${IPT_MASK} |
|
ipt -t mangle -A QOS_MARK_${IFACE} -m dscp --dscp-class AF42 -j MARK --set-mark 0x1/${IPT_MASK} |
|
ipt -t mangle -A QOS_MARK_${IFACE} -m tos --tos Minimize-Delay -j MARK --set-mark 0x1/${IPT_MASK} |
|
|
|
# Turn it on. Preserve classification if already performed |
|
# |
|
#sm: is it correct to do this in $IFACE? Should ingress not be on $DEV? since HTB acts on $DEV? |
|
# |
|
# ZERO also does not work on $DEV (that is the IFB will still see the |
|
# incoming ToS bits whether we squash or not) |
|
# |
|
# ZERO is still useful to protect internal machines... |
|
if [ "$ZERO_DSCP_INGRESS" = "1" ]; then |
|
sqm_debug "Squashing differentiated services code points (DSCP) from ingress." |
|
ipt -t mangle -I PREROUTING -i $IFACE -m dscp ! --dscp 0 -j DSCP --set-dscp-class be |
|
else |
|
sqm_debug "Keeping differentiated services code points (DSCP) from ingress." |
|
ipt -t mangle -A PREROUTING -i $IFACE -m mark --mark 0x00/${IPT_MASK} -g QOS_MARK_${IFACE} |
|
fi |
|
|
|
ipt -t mangle -A POSTROUTING -o $IFACE -m mark --mark 0x00/${IPT_MASK} -g QOS_MARK_${IFACE} |
|
ipt -t mangle -A OUTPUT -p udp -m multiport --ports 123,53 -j DSCP --set-dscp-class AF42 |
|
} |
Or asked differently: What are potential drawbacks if we set up SQM without these iptables rules?
