The following TC commands were used to get things working with this project.
You may delete existing qdiscs via:
tc qdisc del dev $DEV root
Create a qdisc with the following:
tc qdisc add dev $DEV clsact
You may delete existing filters via:
tc filter del dev $DEV ingress
We want to exclude game server traffic. Therefore, we'll need to add a rule for each game server such as the following:
tc filter add dev $DEV ingress prio 1 u32 match ip dst $ANYCAST_ADDR/32 match ip dport 27015 0xffff action pass
The NFTables forwarding rules will pick this up afterwards and forward the traffic.
The following tc command is used to load the FOU Unwrapper:
tc filter add dev $DEV ingress prio 2 u32 match ip dport 1337 0xffff match ip src $GAMESERVERIP/32 action pipe bpf obj FOU_Unwrap.o section unwrap
The following tc command is used to load the FOU Wrapper:
tc filter add dev $DEV ingress prio 3 u32 match ip dst $ANYCAST_ADDR/32 action pipe bpf obj FOU_Wrap.o section wrap