On Thu, Mar 24, 2022 at 02:09:25PM +0200, Martin Zaharinov wrote:
> One more update
>
> I try to make rule for limiter in offload mode :
>
> table inet nft-qos-static {
> set limit_ul {
> typeof ip saddr
> flags dynamic
> }
> set limit_dl {
> typeof ip daddr
> flags dynamic
> }
>
> chain upload {
> type filter hook prerouting priority filter ; policy accept;
> ip saddr @limit_ul drop;
> }
>
> chain download {
> type filter hook postrouting priority filter; policy accept;
> ip daddr @limit_dl drop;
>
> }
> flowtable fastnat {
> hook ingress priority filter; devices = { eth0, eth1 };
> }
> chain forward {
> type filter hook forward priority filter; policy accept;
> ip protocol { tcp , udp } flow offload @fastnat;
> }
> }
>
> its not work perfect only upload limit work , download get full channel
>
> in test i set 100mbit up/down upload is stay on ~100mbit , but download up to 250-300mbit (i have this limit be my isp).
>
> the problem is limiter work only for Upload , is it posible to make work on download rule ?
If you want to combine ratelimit/policing with flowtable, then you
have to use the ingress and egress hooks, not prerouting and
postrouting.
Make sure you place the flowtable in a priority that comes after the
priority of your ingress hook.
