left4me: contribute uid-based DSCP/priority marks to nftables/output
Replaces the per-app inet left4me_mark table from deploy/files/usr/local/lib/left4me/nft/left4me-mark.nft with two rules in the central bundles/nftables/ inet filter table's output chain. Same selectors (skuid left4me + l4proto udp), same actions (DSCP EF + priority 6) for both v4 and v6.
This commit is contained in:
parent
b1edcac3c7
commit
c82737b162
SSH key fingerprint:
SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
1 changed files with 17 additions and 0 deletions
|
|
@ -182,3 +182,20 @@ def systemd_services(metadata):
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@metadata_reactor.provides(
|
||||||
|
'nftables/output',
|
||||||
|
)
|
||||||
|
def nftables_output(metadata):
|
||||||
|
# Match deploy/files/usr/local/lib/left4me/nft/left4me-mark.nft.
|
||||||
|
# Mark srcds UDP egress (uid left4me) with DSCP EF + skb priority 6
|
||||||
|
# so CAKE classifies it into the priority tin.
|
||||||
|
return {
|
||||||
|
'nftables': {
|
||||||
|
'output': {
|
||||||
|
'meta skuid "left4me" meta l4proto udp ip dscp set ef meta priority set 0006:0000',
|
||||||
|
'meta skuid "left4me" meta l4proto udp ip6 dscp set ef meta priority set 0006:0000',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue