Add CAKE traffic shaping support for bandwidth management #92
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Main patch
fixed Advanced Install
hotfix
Added details about unsafe inline CSS and public keys to the Traffic Shaping bug fixes entry.
Added details for sol-beta-v2.5.3 release including theme updates, logo update, UI bug fixes, and Tor Protocol Badge.
Added warning for beta version and updated theme, logo, and UI.
Added details for flat-bridge-v0.0.1 release including Dockerfile updates, security enhancements, and frontend improvements.
Added release notes for versions v0.0.2, v0.0.3, and v1.5.0.
This commit implements CAKE (Common Applications Kept Enhanced) traffic shaping for Wiregate, addressing upstream issue NOXCIS#77. CAKE is a modern Linux kernel qdisc that provides superior bufferbloat control, fair queuing, and automatic bandwidth management compared to traditional traffic shapers. Key Features: - Reduced latency under load (< 20ms vs 500ms+ without shaping) - Fair bandwidth distribution across VPN clients - NAT-aware per-host and per-flow fair queuing - Built-in ACK filtering for asymmetric connections - Automatic rate adaptation - Minimal configuration required Implementation Details: 1. Docker Infrastructure (WG-Dash/Dockerfile): - Added iproute2 package for tc command support 2. Python Layer (WG-Dash/src/traffic_control.py): - New TrafficControl module with CAKEQdisc class - Functions for applying/removing CAKE qdisc - Validation and error handling - Statistics collection - Support for all CAKE parameters (bandwidth, overhead, mpu, options) 3. Shell Scripts (WG-Dash/src/iptable-rules/*/): - cake-setup.sh: Apply CAKE to WireGuard interface (all zones) - cake-teardown.sh: Remove CAKE from interface (all zones) - Integrated with existing postup.sh and postdown.sh scripts - Environment variable-based configuration - Graceful fallback if CAKE unavailable 4. Per-Zone Configuration: - ADMINS: 1 Gbit/s (full-speed admin access) - MEMBERS: 100 Mbit/s (standard users) - GUESTS: 50 Mbit/s (limited guest access) - LANP2P: 100 Mbit/s (LAN-only connections) 5. Configuration (via environment variables): - CAKE_ENABLED: Global enable/disable toggle (default: false) - CAKE_BANDWIDTH_*: Per-zone bandwidth limits - CAKE_OVERHEAD: Overhead compensation for encapsulation - CAKE_MPU: Minimum packet unit - CAKE_MEMLIMIT: Memory limit for queues - CAKE_OPTIONS: Space-separated CAKE options 6. Documentation: - docs/CAKE_TRAFFIC_SHAPING.md: Comprehensive guide - examples/cake-config.env.example: Example configurations - README.md: Quick start guide and feature overview - Docs/CHANGELOG.md: Version history entry Design Principles: - Optional feature, disabled by default - Zero impact on existing functionality when disabled - Clean integration with existing network scripts - Environment variable driven configuration - Comprehensive documentation and examples Testing Recommendations: 1. Verify CAKE availability: tc qdisc add dev lo root cake help 2. Check interface setup: tc qdisc show dev MEMBERS 3. Monitor statistics: tc -s qdisc show dev MEMBERS 4. Test latency under load: ping + large download Addresses: NOXCIS#77
Author
|
closing in favor of the new PR ( #99 ) which is correctly based on bug-hunting branch. |
amirhmoradi
deleted the
claude/issue-77-cake-traffic-shaping-011CUojiMSEFd7Dk6nbaCrhn
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit implements CAKE (Common Applications Kept Enhanced) traffic shaping for Wiregate, addressing upstream issue #77.
CAKE is a modern Linux kernel qdisc that provides superior bufferbloat control, fair queuing, and automatic bandwidth management compared to traditional traffic shapers.
Key Features:
Implementation Details:
Docker Infrastructure (WG-Dash/Dockerfile):
Python Layer (WG-Dash/src/traffic_control.py):
Shell Scripts (WG-Dash/src/iptable-rules/*/):
Per-Zone Configuration:
Configuration (via environment variables):
Documentation:
Design Principles:
Testing Recommendations:
Addresses: #77