I have 7 LANs without any bridges, if i removed src address or dst how could i mark packet upload and download in mangle?
That's why I said "if the
action=mark-connection rule is the only one ever to assign the
connection-mark value
QUIC". Because if it is, this
connection-mark value is only assigned to connections from hosts on that
address-list. Since the
action=mark-packet rules match on that
connection-mark value, the
packet-mark will never be assigned to packets not coming to/from these hosts, as such packets will never have that
connection-mark value.
or should i add Parent for every LAN and WAN in queue tree
If you use interfaces as queue parents, you can use the same
packet-mark value for both upload and download, but you cannot set a common bandwidth limit for the LAN host no matter which WAN that host uses for a given connection (the limit would apply to each WAN individually). So with a
global parent, you need to assign a distinct
packet-mark depending on direction, but
in-interface(-list) and
out-interface(-list) are sufficient for that, no need to match on
dst|src-address(-list) as well.
I saw many times people says connection stat new is good in udp because the first packet in udp is like every other packets but in TCP more difference about first packet and other packets
Here, it doesn't matter whether it is TCP or UDP. It is just that it is sufficient to assign the
connection-mark when handling the initial (very first) packet of the connection; assigning a
connection-mark is more CPU consuming than matching on
connection-state=new. So your
action=mark-connection rule will inspect every packet, but it will only actually assign the
connection-mark if it matches on all conditions, including
connection-state=new.
I tested this on my way to mark routing when i set connection-stat new or connection mark-no-mark it makes some delay in the first time to open app for example, after i removed connection-stat or mark connecion-no mark i saw more response but this in mark-routing i think mark packet is deffirent
It's the same.
yes i use mark connection and mark routing in prerouting but i don't mark packet them because they already have more than enough band
my problem is i have many LANs i want to mark upload and download from the mangle not in queue beucase i use global as a parent, what should i mark packet first download or upload ?
from the end - there are normally about as many upload packets as download ones, so it doesn't really matter which of these have to be matched against two rules and which against three. The average will be 2.5 rules per packet anyway.
But there is just a single
connection-mark per connection, so you cannot assign one
connection-mark in
prerouting and another one in
forward to the same connection. The one assigned last will overwrite any previous ones. So you can either assign combined
connection-mark values encoding both the desired
routing-mark to be used and the desired
packet-mark to be used (so e.g. for 3 routing-marks and 4 packet-mark UL/DL pairs, you'll need 12 connection-mark values), or you have to assign the
packet-marks using matching on interfaces, addresses, protocols, and port alone, not matching on
connection-mark.