All of lore.kernel.org
 help / color / mirror / Atom feed
* [wireguard-devel ] traffic shapping
@ 2017-03-06 17:40 Nicolas Prochazka
  2017-03-08 11:26 ` Nicolas Prochazka
  0 siblings, 1 reply; 5+ messages in thread
From: Nicolas Prochazka @ 2017-03-06 17:40 UTC (permalink / raw)
  To: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 2131 bytes --]

Hello,
is there an incompatibilty between wireguard and traffic shaping or i
misconfig something  ?

After configuring Qos , I need to add filter to flow

If i'm trying with simple tc command :
tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80
0xffff flowid 1:10

or If i'm trying with tc + iptables,

tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
and iptables mark rules,

traffic seems to be not "apply" to queue .

Regards,
Nicolas Prochazka.

-----
Example :  after this configuration, traffic on wg0 on port 80,443,8080 are
going to 1:30 ,not to 1:10
_trafficShappingMaxRate=15

tc qdisc del dev wg0 root

tc qdisc add dev wg0 root handle 1: htb default 30

# Base
tc class add dev wg0 parent 1: classid 1:1 htb rate
${_trafficShappingMaxRate}mbit burst 15k

# http/https

# Class 1:10,
tc class add dev wg0 parent 1:1 classid 1:10 htb rate
${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k

# Class 1:20,
tc class add dev wg0 parent 1:1 classid 1:20 htb rate
${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k

# Class 1:30, which has a rate of 1kbit. This one is the default class.
tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit
burst 15k

tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn

# --- associate queue with traffic

#tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid
1:10
# http/https
tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport 80
0xffff flowid 1:10
tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
443 0xffff flowid 1:10
tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
8080 0xffff flowid 1:10
# ncfs
tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport
16379 0xffff flowid 1:20
# icmp
tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match  ip protocol 1
0xff flowid 1:30

tc -s qdisc ls dev wg0

[-- Attachment #2: Type: text/html, Size: 2537 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [wireguard-devel ] traffic shapping
  2017-03-06 17:40 [wireguard-devel ] traffic shapping Nicolas Prochazka
@ 2017-03-08 11:26 ` Nicolas Prochazka
  2017-03-08 13:39   ` Nicolas Prochazka
  0 siblings, 1 reply; 5+ messages in thread
From: Nicolas Prochazka @ 2017-03-08 11:26 UTC (permalink / raw)
  To: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 2692 bytes --]

Hello again,
So i verify my configuration,
- on a virtual tap , traffic shaping is ok with same configuration
- on physical card, traffic shaping is ok
- on wg0 , all traffic are going to default queue,filter seems to be not
applied ,  tcpdump on wg0 is ok with my queue definition, only difference
is wg0 is configured as ipv6 tunnel.


Regards,
NIcolas



2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <nicolas.prochazka@gmail.com>:

> Hello,
> is there an incompatibilty between wireguard and traffic shaping or i
> misconfig something  ?
>
> After configuring Qos , I need to add filter to flow
>
> If i'm trying with simple tc command :
> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80
> 0xffff flowid 1:10
>
> or If i'm trying with tc + iptables,
>
> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
> and iptables mark rules,
>
> traffic seems to be not "apply" to queue .
>
> Regards,
> Nicolas Prochazka.
>
> -----
> Example :  after this configuration, traffic on wg0 on port 80,443,8080
> are going to 1:30 ,not to 1:10
> _trafficShappingMaxRate=15
>
> tc qdisc del dev wg0 root
>
> tc qdisc add dev wg0 root handle 1: htb default 30
>
> # Base
> tc class add dev wg0 parent 1: classid 1:1 htb rate
> ${_trafficShappingMaxRate}mbit burst 15k
>
> # http/https
>
> # Class 1:10,
> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k
>
> # Class 1:20,
> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k
>
> # Class 1:30, which has a rate of 1kbit. This one is the default class.
> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit
> burst 15k
>
> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
>
> # --- associate queue with traffic
>
> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid
> 1:10
> # http/https
> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> 80 0xffff flowid 1:10
> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> 443 0xffff flowid 1:10
> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> 8080 0xffff flowid 1:10
> # ncfs
> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport
> 16379 0xffff flowid 1:20
> # icmp
> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match  ip protocol
> 1 0xff flowid 1:30
>
> tc -s qdisc ls dev wg0
>
>

[-- Attachment #2: Type: text/html, Size: 3412 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [wireguard-devel ] traffic shapping
  2017-03-08 11:26 ` Nicolas Prochazka
@ 2017-03-08 13:39   ` Nicolas Prochazka
  2017-03-08 16:00     ` Baptiste Jonglez
  0 siblings, 1 reply; 5+ messages in thread
From: Nicolas Prochazka @ 2017-03-08 13:39 UTC (permalink / raw)
  To: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 3015 bytes --]

hello,
to close, it's working perfectly well in ipv4 and then when i correctly
configure my kernel, perfectly well for ipv6.
Regards,
Nicolas

2017-03-08 12:26 GMT+01:00 Nicolas Prochazka <nicolas.prochazka@gmail.com>:

> Hello again,
> So i verify my configuration,
> - on a virtual tap , traffic shaping is ok with same configuration
> - on physical card, traffic shaping is ok
> - on wg0 , all traffic are going to default queue,filter seems to be not
> applied ,  tcpdump on wg0 is ok with my queue definition, only difference
> is wg0 is configured as ipv6 tunnel.
>
>
> Regards,
> NIcolas
>
>
>
> 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <nicolas.prochazka@gmail.com>
> :
>
>> Hello,
>> is there an incompatibilty between wireguard and traffic shaping or i
>> misconfig something  ?
>>
>> After configuring Qos , I need to add filter to flow
>>
>> If i'm trying with simple tc command :
>> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80
>> 0xffff flowid 1:10
>>
>> or If i'm trying with tc + iptables,
>>
>> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
>> and iptables mark rules,
>>
>> traffic seems to be not "apply" to queue .
>>
>> Regards,
>> Nicolas Prochazka.
>>
>> -----
>> Example :  after this configuration, traffic on wg0 on port 80,443,8080
>> are going to 1:30 ,not to 1:10
>> _trafficShappingMaxRate=15
>>
>> tc qdisc del dev wg0 root
>>
>> tc qdisc add dev wg0 root handle 1: htb default 30
>>
>> # Base
>> tc class add dev wg0 parent 1: classid 1:1 htb rate
>> ${_trafficShappingMaxRate}mbit burst 15k
>>
>> # http/https
>>
>> # Class 1:10,
>> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
>> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k
>>
>> # Class 1:20,
>> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
>> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k
>>
>> # Class 1:30, which has a rate of 1kbit. This one is the default class.
>> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit
>> burst 15k
>>
>> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
>> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
>> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
>>
>> # --- associate queue with traffic
>>
>> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid
>> 1:10
>> # http/https
>> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
>> 80 0xffff flowid 1:10
>> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
>> 443 0xffff flowid 1:10
>> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
>> 8080 0xffff flowid 1:10
>> # ncfs
>> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport
>> 16379 0xffff flowid 1:20
>> # icmp
>> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match  ip protocol
>> 1 0xff flowid 1:30
>>
>> tc -s qdisc ls dev wg0
>>
>>
>

[-- Attachment #2: Type: text/html, Size: 4034 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [wireguard-devel ] traffic shapping
  2017-03-08 13:39   ` Nicolas Prochazka
@ 2017-03-08 16:00     ` Baptiste Jonglez
  2017-03-08 16:39       ` Nicolas Prochazka
  0 siblings, 1 reply; 5+ messages in thread
From: Baptiste Jonglez @ 2017-03-08 16:00 UTC (permalink / raw)
  To: Nicolas Prochazka; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 3755 bytes --]

Hi Nicolas,

For posterity, can you be more specific about how you solved your issue?
You were simply missing traffic shaping support for IPv6 in your kernel?
Which symbols were needed?

Thanks,
Baptiste

On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote:
> hello,
> to close, it's working perfectly well in ipv4 and then when i correctly
> configure my kernel, perfectly well for ipv6.
> Regards,
> Nicolas
> 
> 2017-03-08 12:26 GMT+01:00 Nicolas Prochazka <nicolas.prochazka@gmail.com>:
> 
> > Hello again,
> > So i verify my configuration,
> > - on a virtual tap , traffic shaping is ok with same configuration
> > - on physical card, traffic shaping is ok
> > - on wg0 , all traffic are going to default queue,filter seems to be not
> > applied ,  tcpdump on wg0 is ok with my queue definition, only difference
> > is wg0 is configured as ipv6 tunnel.
> >
> >
> > Regards,
> > NIcolas
> >
> >
> >
> > 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <nicolas.prochazka@gmail.com>
> > :
> >
> >> Hello,
> >> is there an incompatibilty between wireguard and traffic shaping or i
> >> misconfig something  ?
> >>
> >> After configuring Qos , I need to add filter to flow
> >>
> >> If i'm trying with simple tc command :
> >> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip dport 80
> >> 0xffff flowid 1:10
> >>
> >> or If i'm trying with tc + iptables,
> >>
> >> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid 1:10
> >> and iptables mark rules,
> >>
> >> traffic seems to be not "apply" to queue .
> >>
> >> Regards,
> >> Nicolas Prochazka.
> >>
> >> -----
> >> Example :  after this configuration, traffic on wg0 on port 80,443,8080
> >> are going to 1:30 ,not to 1:10
> >> _trafficShappingMaxRate=15
> >>
> >> tc qdisc del dev wg0 root
> >>
> >> tc qdisc add dev wg0 root handle 1: htb default 30
> >>
> >> # Base
> >> tc class add dev wg0 parent 1: classid 1:1 htb rate
> >> ${_trafficShappingMaxRate}mbit burst 15k
> >>
> >> # http/https
> >>
> >> # Class 1:10,
> >> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
> >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst 15k
> >>
> >> # Class 1:20,
> >> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
> >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit burst 15k
> >>
> >> # Class 1:30, which has a rate of 1kbit. This one is the default class.
> >> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil 1mbit
> >> burst 15k
> >>
> >> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
> >> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
> >> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
> >>
> >> # --- associate queue with traffic
> >>
> >> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw flowid
> >> 1:10
> >> # http/https
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> >> 80 0xffff flowid 1:10
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> >> 443 0xffff flowid 1:10
> >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip dport
> >> 8080 0xffff flowid 1:10
> >> # ncfs
> >> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip dport
> >> 16379 0xffff flowid 1:20
> >> # icmp
> >> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match  ip protocol
> >> 1 0xff flowid 1:30
> >>
> >> tc -s qdisc ls dev wg0
> >>
> >>
> >

> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [wireguard-devel ] traffic shapping
  2017-03-08 16:00     ` Baptiste Jonglez
@ 2017-03-08 16:39       ` Nicolas Prochazka
  0 siblings, 0 replies; 5+ messages in thread
From: Nicolas Prochazka @ 2017-03-08 16:39 UTC (permalink / raw)
  To: Baptiste Jonglez; +Cc: WireGuard mailing list

[-- Attachment #1: Type: text/plain, Size: 4085 bytes --]

in doubt i add all ipv6 kernel options ...
and i'm using tc filter , not iptables fwmark.

Regards,
Nicolas

2017-03-08 17:00 GMT+01:00 Baptiste Jonglez <baptiste@bitsofnetworks.org>:

> Hi Nicolas,
>
> For posterity, can you be more specific about how you solved your issue?
> You were simply missing traffic shaping support for IPv6 in your kernel?
> Which symbols were needed?
>
> Thanks,
> Baptiste
>
> On Wed, Mar 08, 2017 at 02:39:23PM +0100, Nicolas Prochazka wrote:
> > hello,
> > to close, it's working perfectly well in ipv4 and then when i correctly
> > configure my kernel, perfectly well for ipv6.
> > Regards,
> > Nicolas
> >
> > 2017-03-08 12:26 GMT+01:00 Nicolas Prochazka <
> nicolas.prochazka@gmail.com>:
> >
> > > Hello again,
> > > So i verify my configuration,
> > > - on a virtual tap , traffic shaping is ok with same configuration
> > > - on physical card, traffic shaping is ok
> > > - on wg0 , all traffic are going to default queue,filter seems to be
> not
> > > applied ,  tcpdump on wg0 is ok with my queue definition, only
> difference
> > > is wg0 is configured as ipv6 tunnel.
> > >
> > >
> > > Regards,
> > > NIcolas
> > >
> > >
> > >
> > > 2017-03-06 18:40 GMT+01:00 Nicolas Prochazka <
> nicolas.prochazka@gmail.com>
> > > :
> > >
> > >> Hello,
> > >> is there an incompatibilty between wireguard and traffic shaping or i
> > >> misconfig something  ?
> > >>
> > >> After configuring Qos , I need to add filter to flow
> > >>
> > >> If i'm trying with simple tc command :
> > >> tc filter add dev wg0 protocol ip parent 1: prio 10 u32 match ip
> dport 80
> > >> 0xffff flowid 1:10
> > >>
> > >> or If i'm trying with tc + iptables,
> > >>
> > >> tc filter add dev wg0 protocol ip parent 1: prio 1 handle 6 fw flowid
> 1:10
> > >> and iptables mark rules,
> > >>
> > >> traffic seems to be not "apply" to queue .
> > >>
> > >> Regards,
> > >> Nicolas Prochazka.
> > >>
> > >> -----
> > >> Example :  after this configuration, traffic on wg0 on port
> 80,443,8080
> > >> are going to 1:30 ,not to 1:10
> > >> _trafficShappingMaxRate=15
> > >>
> > >> tc qdisc del dev wg0 root
> > >>
> > >> tc qdisc add dev wg0 root handle 1: htb default 30
> > >>
> > >> # Base
> > >> tc class add dev wg0 parent 1: classid 1:1 htb rate
> > >> ${_trafficShappingMaxRate}mbit burst 15k
> > >>
> > >> # http/https
> > >>
> > >> # Class 1:10,
> > >> tc class add dev wg0 parent 1:1 classid 1:10 htb rate
> > >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate} burst
> 15k
> > >>
> > >> # Class 1:20,
> > >> tc class add dev wg0 parent 1:1 classid 1:20 htb rate
> > >> ${_trafficShappingMaxRate}mbit ceil ${_trafficShappingMaxRate}mbit
> burst 15k
> > >>
> > >> # Class 1:30, which has a rate of 1kbit. This one is the default
> class.
> > >> tc class add dev wg0 parent 1:1 classid 1:30 htb rate 10kbit ceil
> 1mbit
> > >> burst 15k
> > >>
> > >> tc qdisc add dev wg0 parent 1:10 handle 10: fq_codel quantum 300 noecn
> > >> tc qdisc add dev wg0 parent 1:20 handle 20: fq_codel quantum 300 noecn
> > >> tc qdisc add dev wg0 parent 1:30 handle 30: fq_codel quantum 300 noecn
> > >>
> > >> # --- associate queue with traffic
> > >>
> > >> #tc filter add dev wg0 protocol ipv6 parent 1: prio 1 handle 6 fw
> flowid
> > >> 1:10
> > >> # http/https
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 80 0xffff flowid 1:10
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 443 0xffff flowid 1:10
> > >> tc filter add dev wg0 protocol ipv6 parent 1: prio 10 u32 match ip
> dport
> > >> 8080 0xffff flowid 1:10
> > >> # ncfs
> > >> tc filter add dev wg0 parent 1: protocol ipv6 prio 5 u32 match ip
> dport
> > >> 16379 0xffff flowid 1:20
> > >> # icmp
> > >> tc filter add dev wg0 parent 1: protocol ip prio 1 u32 match  ip
> protocol
> > >> 1 0xff flowid 1:30
> > >>
> > >> tc -s qdisc ls dev wg0
> > >>
> > >>
> > >
>
> > _______________________________________________
> > WireGuard mailing list
> > WireGuard@lists.zx2c4.com
> > https://lists.zx2c4.com/mailman/listinfo/wireguard
>
>

[-- Attachment #2: Type: text/html, Size: 5866 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2017-03-08 16:36 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-06 17:40 [wireguard-devel ] traffic shapping Nicolas Prochazka
2017-03-08 11:26 ` Nicolas Prochazka
2017-03-08 13:39   ` Nicolas Prochazka
2017-03-08 16:00     ` Baptiste Jonglez
2017-03-08 16:39       ` Nicolas Prochazka

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.