From c82737b162202be3efdb38fe2ed09206f4542349 Mon Sep 17 00:00:00 2001
From: CroneKorkN <i@ckn.li>
Date: Sun, 10 May 2026 17:53:17 +0200
Subject: [PATCH] left4me: contribute uid-based DSCP/priority marks to
 nftables/output

Replaces the per-app inet left4me_mark table from
deploy/files/usr/local/lib/left4me/nft/left4me-mark.nft with two rules
in the central bundles/nftables/ inet filter table's output chain.
Same selectors (skuid left4me + l4proto udp), same actions (DSCP EF +
priority 6) for both v4 and v6.
---
 bundles/left4me/metadata.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/bundles/left4me/metadata.py b/bundles/left4me/metadata.py
index ca2dea5..f3bdef7 100644
--- a/bundles/left4me/metadata.py
+++ b/bundles/left4me/metadata.py
@@ -182,3 +182,20 @@ def systemd_services(metadata):
             },
         },
     }
+
+
+@metadata_reactor.provides(
+    'nftables/output',
+)
+def nftables_output(metadata):
+    # Match deploy/files/usr/local/lib/left4me/nft/left4me-mark.nft.
+    # Mark srcds UDP egress (uid left4me) with DSCP EF + skb priority 6
+    # so CAKE classifies it into the priority tin.
+    return {
+        'nftables': {
+            'output': {
+                'meta skuid "left4me" meta l4proto udp ip dscp set ef meta priority set 0006:0000',
+                'meta skuid "left4me" meta l4proto udp ip6 dscp set ef meta priority set 0006:0000',
+            },
+        },
+    }