> On 29 Sep 2023, at 00:09, Sonic <sonicsm...@gmail.com> wrote:
>
>
> Hopefully not as dumb of a question as I suspect it might be.
> Does the generic...
> =====
> match out on $ext_if inet proto tcp from ($ext_if) set prio (3, 7)
> match in on $ext_if inet proto tcp to ($ext_if) set prio (3, 7)
> =====
> ...take advantage of this patch when using wireguard or does the match need
> to be applied to the wgx interface?
Hi.
I have a generic ‘match’ which does not specify interfaces or direction, and
which sets prio, tos, and queue on all the important things.
So yes, like your example but without direction or interface.
And of course use specific interface dependant rules to pass or drop things as
needed.
Then as packets enter the inside Interface, the prio will be set. And when the
packet gets to the wg interface, the prio is copied (with this patch), and
finally the encrypted packet gets pulled out of the outside interface’s queue
in prio order (there is more going on here, but you can assume prio order).
You will not currently be able to get the encrypted packet into any queue other
than the ‘default’ queue as the packet tos flags and queue state labels are
lost during encryption. But now that the prio is copied with this patch, at
least your ACKs etc will be pulled from the one default queue first.
As this will be facing your internet connection (smaller than your LAN), you
should still see a benefit even though TOS is not yet copied. The longer the
pipe / greater the BDP, the more noticeable it will be.
Hope this helps, Andy.
