Kevin Darbyshire-Bryant <[email protected]> writes: > On its own I don’t think that would work for ingress traffic - > iptables happens too late. So on planet Kevin I still need some sort > of flag held in the fwmark that says ‘I hold a DSCP value’ so cake can > use it and act_connmarkdscp can (optionally) restore it to the > diffserv field. > > I suspect we’re going around in circles around what I would like which > is “a bit DSCP fuzzy but lighter on CPU ‘cos I don’t have to hit > iptables mangle rules as much” v what I think you would like is > ’update the fwmark DSCP every time but that also requires iptables to > mangle the DSCP for every packet’
Well I think my problem is that I don't really have a use case for this myself. So I need to understand your use case better in order to have an opinion on how best to implement it so that: 1. We can accommodate what you are trying to do and 2. We can also accommodate other related use cases, and we don't set policy in the kernel. In particular, requirement 2 is why I'm pushing back against hard-coding a mask anywhere... So could you maybe post your current ruleset and explain what it is you are trying to achieve at a high level, and why? :) Also, you keep mentioning "must be lighter on CPU". Do you have any performance numbers to show the impact of your current ruleset? Would be easier to assess any performance impact if we have some baseline numbers to compare against... -Toke _______________________________________________ Cake mailing list [email protected] https://lists.bufferbloat.net/listinfo/cake
