Hi Florian
yes now work perfect
i will test with 1-4k ips to see performance vs qdisc or iptables.
for second offload question:
is it possible to make limiter work in offload mode and ia it posible to add dynamic interface like ppp* or vlan* or other type.
P.S.
thanks for fast reply for first part!
P.S.2
resend mail to netfilter group
Martin
> On 22 Mar 2022, at 12:32, Florian Westphal <fw@xxxxxxxxx> wrote:
>
> Martin Zaharinov <micron10@xxxxxxxxx> wrote:
>> Hi Florian
>>
>> Look good this config but not work after set user not limit by speed.
>
> Works for me. Before:
> [ ID] Interval Transfer Bitrate Retr
> [ 5] 0.00-10.00 sec 5.09 GBytes 4.37 Gbits/sec 0 sender
> [ 5] 0.00-10.00 sec 5.08 GBytes 4.36 Gbits/sec receiver
>
> After:
> [ 5] 0.00-10.00 sec 62.9 MBytes 52.7 Mbits/sec 0 sender
> [ 5] 0.00-10.00 sec 59.8 MBytes 50.1 Mbits/sec receiver
>
>> table inet nft-qos-static {
>> set limit_ul {
>> typeof ip saddr
>> flags dynamic
>> elements = { 10.0.0.1 limit rate over 5 mbytes/second burst 6000 kbytes, 10.0.0.254 limit rate over 12 mbytes/second burst 6000 kbytes }
>> }
>> set limit_dl {
>> typeof ip saddr
>> flags dynamic
>> elements = { 10.0.0.1 limit rate over 5 mbytes/second burst 6000 kbytes, 10.0.0.254 limit rate over 12 mbytes/second burst 6000 kbytes }
>> }
>>
>> chain upload {
>> type filter hook postrouting priority filter; policy accept;
>> ip saddr @limit_ul drop
>> }
>> chain download {
>> type filter hook prerouting priority filter; policy accept;
>> ip saddr @limit_dl drop
>> }
>
> daddr?
>
>> With this config user with ip 10.0.0.1 not limited to 5 mbytes ,
>
>> When back to this config :
>>
>> table inet nft-qos-static {
>> chain upload {
>> type filter hook postrouting priority filter; policy accept;
>> ip saddr 10.0.0.1 limit rate over 5 mbytes/second burst 6000 kbytes drop
>> }
>>
>> chain download {
>> type filter hook prerouting priority filter; policy accept;
>> ip daddr 10.0.0.1 limit rate over 5 mbytes/second burst 6000 kbytes drop
> ~~~~~
