I watched many videos of qos with mangrove, but none made it clear to me about the chains, where to mark, where not.
The question I have is if my current packet and connection marking is working correctly.
I will give you the example:
As you can see, I have marked the connection in prerouting, and then marked packets in prerouting and postrouting, using the same connection markup, and marking the same package name in pre and postrouting.
In the queetree I have marked: bridge in downloads, and ether1 in uploads.
Therefore it identifies the packages perfectly.
My question is if I can mark the prerouting and postrouting packages with the same name. and If in practice it is working perfectly.
Have you already seen the packet flow diagram? In short, unless you use the packet-mark for something else than queue choice, there is no point in assigning it in two chains - either of the two is sufficient.
Also, there is no point in assigning the connection-mark to every single packet - the very purpose of connection-mark is to be assigned to the connection as a whole just once, when it starts (or maybe change it once or twice during the lifetime of the connection if you apply more complex QoS strategies), so that you don’t need to waste the CPU on matching the complex conditions (in your case, L4 protocol and port range) when assigning the packet-mark. Instead, the connection tracking module labels each packet with the connection-mark of the connection to which the packet belongs, and you then assign the packet-mark value based on the connection-mark value alone.
So for your case, I’d place action=accept connection-mark=!new as the very first rule in chain=prerouting of mangle, and remove the action=mark-packet rule from that chain. This would make each packet except the first one of each connection pass only a single rule in that chain rather than all three.
Hello! Thank you very much, I thought nobody answered me. It is difficult for me to understand what you want to tell me, could you give me an example with the chain as it would be formed?
On the other hand, I tried using the connection marking in postrouting and the package marking there as well and the DOTA 2 seemed to run super smooth. is this possible?