left4me: contribute uid-based DSCP/priority marks to nftables/output

Replaces the per-app inet left4me_mark table from deploy/files/usr/local/lib/left4me/nft/left4me-mark.nft with two rules in the central bundles/nftables/ inet filter table's output chain. Same selectors (skuid left4me + l4proto udp), same actions (DSCP EF + priority 6) for both v4 and v6.
2026-05-10 17:53:17 +02:00 · 2026-05-10 17:53:17 +02:00 · c82737b162
commit c82737b162
parent b1edcac3c7
1 changed files with 17 additions and 0 deletions
--- a/bundles/left4me/metadata.py
+++ b/bundles/left4me/metadata.py
@ -182,3 +182,20 @@ def systemd_services(metadata):
            },
        },
    }
+
+
+@metadata_reactor.provides(
+    'nftables/output',
+)
+def nftables_output(metadata):
+    # Match deploy/files/usr/local/lib/left4me/nft/left4me-mark.nft.
+    # Mark srcds UDP egress (uid left4me) with DSCP EF + skb priority 6
+    # so CAKE classifies it into the priority tin.
+    return {
+        'nftables': {
+            'output': {
+                'meta skuid "left4me" meta l4proto udp ip dscp set ef meta priority set 0006:0000',
+                'meta skuid "left4me" meta l4proto udp ip6 dscp set ef meta priority set 0006:0000',
+            },
+        },
+    }