firewall4 icon indicating copy to clipboard operation
firewall4 copied to clipboard
verified publisher icon openwrt

ruleset: skip _iifname match for !tcp in mss fix

Open brada4 opened this issue 9 months ago • 5 comments

Add explicit l4proto match before _ifname to avoid burning cycles for other protocols, eliminating measurable (iperf3) udp re-ordering Displayed back rules show pessimal combo even new one is loaded.

Fixes: couple of issues pertaining UDP ordering in games and cheap loudspeakers TBA Signed-off-by: Andris PE [email protected]

brada4 avatar May 25 '25 18:05 brada4

in

table inet t {
chain c {
oifname "eth1" tcp flags & (fin | syn | rst) == syn tcp option maxseg size set rt mtu
meta l4proto tcp oifname "eth1" tcp flags & (fin | syn | rst) == syn tcp option maxseg size set rt mtu
}
}

out

inet t c
  [ meta load oifname => reg 1 ]
  [ cmp eq reg 1 0x31687465 0x00000000 0x00000000 0x00000000 ]
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
...
inet t c
  [ meta load l4proto => reg 1 ]
  [ cmp eq reg 1 0x00000006 ]
  [ meta load oifname => reg 1 ]
  [ cmp eq reg 1 0x31687465 0x00000000 0x00000000 0x00000000 ]
...

brada4 avatar May 25 '25 18:05 brada4

Kind of still sucks for tcp established connections.

brada4 avatar May 31 '25 06:05 brada4

do you mean by that that this is just a workaround?

Djfe avatar Jun 12 '25 07:06 Djfe

tcp mss fix will still do the name comparison for each tcp packet. This just removes useless check for measurably bad offloaded udp streams. just a side observation in the context.

brada4 avatar Jun 12 '25 08:06 brada4

Swapped to draft, i got better idea, but this is still minimally intrusive for stable trains

brada4 avatar Jun 19 '25 11:06 brada4