-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathwshaper
executable file
·662 lines (550 loc) · 20 KB
/
wshaper
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
# Wonder Shaper
# please read the README before filling out these values
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be shaped.
DOWNLINK=120 # known good
# DOWNLINK=150
# DOWNLINK=200
# DOWNLINK=250 # ok when throttled
# DOWNLINK=300 # not ok when throttled
# DOWNLINK=350
# DOWNLINK=400 # known good
# DOWNLINK=600 # known OK most of the time, not when throttled
# DOWNLINK=800
# DOWNLINK=1200 # known OK most of the time
# DOWNLINK=1400 # known OK most of the time
# DOWNLINK=1500 # known OK most of the time
# DOWNLINK=900 # sopmetimes slow
# DOWNLINK=1000 # known slow (sometimes)
# DOWNLINK=1500
# DOWNLINK=1800
#DOWNLINK=2000 # known slow when throttled, otherwise ok
DOWNLINK=9000 # known slow when throttled, otherwise ok
DOWNLINK=18000 # maybe OK after upgrade
DOWNLINK=20000 # maybe OK after upgrade
DOWNLINK=5000 # Zen
DOWNLINK=11000 # Plusnet ADSL
DOWNLINK=33000 # Plusnet Fibre
# UPLINK=80 # known good
# UPLINK=100
UPLINK=100 # seems to be OK even when throttled
UPLINK=110
# UPLINK=130 # seems to be OK, not when throttled
# UPLINK=140
UPLINK=200
#UPLINK=250 # seems to be OK most of the time, not when throttled
#UPLINK=300 # known slow with lots of high priority traffic (was OK for ages)
UPLINK=600 # maybe OK after upgrade
UPLINK=900 # maybe OK after upgrade
UPLINK=1100 # maybe OK after upgrade
UPLINK=500 # Zen
UPLINK=380 # Plusnet - too slow
UPLINK=800 # Plusnet - a little slow at 920kbit
UPLINK=750 # Plusnet - a little slow at 920kbit - ADSL best
UPLINK=2000 # Plusnet Fibre
# UPLINK=1400 # testing cw 130313; 600 was OK; 2000 is too much. even this seems to be too much - over quota? cw 130829
#UPLINK=350
#UPLINK=400
#UPLINK=500 # seems ok recently, when not throttled
# UPLINK=1000
#eval `/home/chris/projects/munin-st516/adsl.expect | grep 'Payload rate' | sed -e 's/.*://' | awk '{ print "DOWNLINK=" $1 "\nUPLINK=" $2 }'`
#DOWNLINK=$[$DOWNLINK*9/10]
#UPLINK=$[$UPLINK*9/10]
UDEV=eth0
# Parameters for second network interface
DDEV=eth1
EC2="107.20.0.0/14 50.16.0.0/14 54.230.0.0/15 174.129.0.0/16"
DOWNLINK2=$[$DOWNLINK*8/10]
UPLINK2=$[$UPLINK*9/10]
burst=1k
perturb=60
# bulkrate is applied to the uplink device, so it's a fraction of maximum
# uplink speed.
bulkrate=$[$UPLINK*19/20]
# in case bulk downloads interfere with skype:
# bulkrate=500
hour=`date '+%H'`
if false; then
if [ $hour -ge 10 -a $hour -lt 15 ]; then
# 2400 MB / 5 hours = 480 MB/hour = 8 MB/min = 64 Mb/min ~ 1000 kbps
# 6000 MB / 5 hours = 1200 MB/hour = 20 MB/min = 2666 kbps
# 6000 MB / 5 hours = 1200 MB/hour = 20 MB/min = 2666 kbps
# bulkrate=800
# maxrate=1000
bulkrate=2000
elif [ $hour -ge 15 -a $hour -lt 20 ]; then
# 1200 MB / 5 hours = 240 MB/hour = 4 MB/min = 32 Mb/min ~ 500 kbps
# 3000 MB / 5 hours = 600 MB/hour = 10 MB/min = 1333 kbps
# 1750 MB / 5 hours = 350 MB/hour = 5.8 MB/min = 733 kbps
# bulkrate=350
# maxrate=450
bulkrate=600
fi
if [ $hour -ge 17 -a $hour -lt 22 ]; then
# 3500 MB / 5 hours = 700 MB/hour = 11.7 MB/min = 93 Mb/min ~ 1500 kbps
DOWNLINK=1500
fi
# already exceeded bandwidth limit
if [ `date --rfc-3339=date` = "2014-04-28" ]; then
bulkrate=75
DOWNLINK=200
fi
fi
DOWNLINK2=$[$DOWNLINK]
TC=/sbin/tc
if [ "$1" = "status" ]
then
echo "Uplink ($UDEV):"
$TC -s qdisc ls dev $UDEV
$TC -s class ls dev $UDEV
echo
echo "Downlink ($DDEV):"
$TC -s qdisc ls dev $DDEV
$TC -s class ls dev $DDEV
exit
fi
LOCKFILE=/var/run/wshaper.pid
if [ -r "$LOCKFILE" ]; then
OTHERPID=`cat $LOCKFILE`
if [ -n "$OTHERPID" -a -d "/proc/$OTHERPID" ]; then
echo "Another wshaper is already running with pid $OTHERPID"
exit 2
fi
echo "Removing stale lockfile $LOCKFILE for $OTHERPID"
rm $LOCKFILE
fi
echo $$ > $LOCKFILE
# clean existing down- and uplink qdiscs, hide errors
$TC qdisc del dev $UDEV root 2> /dev/null > /dev/null
$TC qdisc del dev $UDEV ingress 2> /dev/null > /dev/null
$TC qdisc del dev $DDEV root 2> /dev/null > /dev/null
$TC qdisc del dev $DDEV ingress 2> /dev/null > /dev/null
iptables='/sbin/iptables'
old_blocked=`mktemp /tmp/blocked.XXXXXX`
$iptables -t filter -L blocked > $old_blocked
$iptables -t nat -F blocked
$iptables -t filter -F blocked
# $iptables -t filter -F throttle
if [ "$1" = "stop" ]
then
rm $LOCKFILE
exit
fi
# blocking
if false; then echo '
SELECT ip_src, sum(bytes) as b, "uploaded"
FROM acct_v7
WHERE stamp_inserted > CONCAT(LEFT(NOW(), 10), " 15:00")
AND stamp_inserted < CONCAT(LEFT(NOW(), 10), " 20:00")
AND hour(now()) < 20
AND ip_src <> "0.0.0.0"
AND ip_src <> "192.168.0.1"
AND ip_dst <> "192.168.0.1"
AND bytes < 100000000
GROUP BY ip_src
HAVING b > 1000000000;
SELECT ip_dst, sum(bytes) as b, "downloaded 1000-1500"
FROM acct_v7
WHERE stamp_inserted > CONCAT(LEFT(NOW(), 10), " 10:00")
AND stamp_inserted < CONCAT(LEFT(NOW(), 10), " 15:00")
AND hour(now()) < 15
AND ip_dst <> "0.0.0.0"
AND ip_dst <> "192.168.0.1"
AND ip_src <> "192.168.0.1"
AND bytes < 100000000
GROUP BY ip_dst
HAVING b > 4000000000;
SELECT ip_dst, sum(bytes) as b, "downloaded 1600-2100"
FROM acct_v7
WHERE stamp_inserted > CONCAT(LEFT(NOW(), 10), " 16:00")
AND stamp_inserted < CONCAT(LEFT(NOW(), 10), " 21:00")
AND hour(now()) < 21
AND ip_dst <> "0.0.0.0"
AND ip_dst <> "192.168.0.1"
AND ip_dst <> "192.168.0.113"
AND ip_src <> "192.168.0.1"
AND bytes < 100000000
GROUP BY ip_dst
HAVING b > 1000000000;
' | mysql pmacct -u pmacct -pg,kmesnyrxtkxbse -N | while read ip bytes direction; do
blocking="$blocking : blocking $ip for $bytes bytes $direction"
$iptables -A blocked -s $ip -d 192.168.0.1 -p tcp \
-m multiport --dports 53,81 -j ACCEPT
$iptables -A blocked -s $ip -d 192.168.0.1 -p udp \
--dport 53 -j ACCEPT
$iptables -A blocked -s $ip -j REJECT
$iptables -A blocked -d $ip -s 192.168.0.1 -p tcp \
-m multiport --sports 53,81 -j ACCEPT
$iptables -A blocked -d $ip -s 192.168.0.1 -p udp \
--sport 53 -j ACCEPT
$iptables -A blocked -d $ip -j REJECT
$iptables -t nat -A blocked -s $ip -p tcp --dport 80 \
-j DNAT --to-dest 192.168.0.1:81
done
fi
new_blocked=`mktemp /tmp/blocked.XXXXXX`
$iptables -t filter -L blocked > $new_blocked
if ! diff -u $old_blocked $new_blocked; then
echo "Blocking changed: $blocking"
fi
rm $old_blocked $new_blocked
q_local=2
q_hiprio=10
q_general=20
q_backups=30
q_unknown=40
###### uplink
# install root HTB, point default traffic to 1:20:
$TC qdisc add dev $UDEV root handle 1: htb default $q_general
# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:
$TC class add dev $UDEV parent 1: classid 1:1 htb \
rate ${UPLINK}kbit burst $burst \
quantum 1500
$TC class add dev $UDEV parent 1: classid 1:$q_local htb \
rate 100mbit burst $burst \
quantum 1500
# high prio class 1:10:
$TC class add dev $UDEV parent 1:1 classid 1:$q_hiprio htb rate \
$[$UPLINK/3]kbit ceil ${UPLINK}kbit burst $burst \
prio 1 quantum 1500
# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:
$TC class add dev $UDEV parent 1:1 classid 1:$q_general htb \
rate $[$UPLINK/3]kbit ceil ${UPLINK}kbit \
burst $burst prio 2 quantum 1500
# backups
# limit backups to amazon to avoid being throttled by Virgin
firsthour=15
lasthour=20
seconds=$[($lasthour - $firsthour) * 3600]
allowance=$[1750*1000]
maxrate=$[$allowance * 8 / $seconds]
if [ $maxrate -gt $UPLINK2 ]; then
maxrate=$UPLINK2
fi
bulkceil=$bulkrate
if [ "$bulkrate" -gt $[$UPLINK/3] ]; then
bulkrate=$[$UPLINK/3]
fi
hour=`date +%H`
#if [ $hour -ge $firsthour -a $hour -lt $lasthour ]; then
$TC class add dev $UDEV parent 1:1 classid 1:$q_backups htb \
rate ${bulkrate}kbit ceil ${bulkceil}kbit burst $burst prio 3 quantum 1500
#else
# $TC class add dev $UDEV parent 1:1 classid 1:30 htb \
# rate $[$UPLINK/3]kbit ceil ${UPLINK2}kbit burst 6k prio 3 quantum 1500
#fi
# everything else
$TC class add dev $UDEV parent 1:1 classid 1:$q_unknown htb \
rate 8bps ceil $[${UPLINK2}]kbit burst 6k prio 3 quantum 1500
# all get Stochastic Fairness:
#$TC qdisc add dev $UDEV parent 1:10 handle 10: sfq perturb $perturb
#$TC qdisc add dev $UDEV parent 1:20 handle 20: sfq perturb $perturb
#$TC qdisc add dev $UDEV parent 1:30 handle 30: sfq perturb $perturb
#$TC qdisc add dev $UDEV parent 1:40 handle 40: sfq perturb $perturb
# iptables='/usr/local/sbin/iptables'
$iptables -t mangle -F
create_classify_chain() {
name="classify_$1"
class=$2
$iptables -t mangle -X $name >/dev/null 1>&1
$iptables -t mangle -N $name
$iptables -t mangle -A $name -j CLASSIFY --set-class 1:$class
$iptables -t mangle -A $name -j ULOG --ulog-prefix "$name ($class)"
$iptables -t mangle -A $name -j ACCEPT
}
create_classify_chain local $q_local
create_classify_chain hiprio $q_hiprio
create_classify_chain general $q_general
create_classify_chain backups $q_backups
create_classify_chain unknown $q_unknown
classify() {
class=$1
shift
case "$*" in
"-o "*)
$iptables -t mangle -A POSTROUTING $@ -j classify_$class
$iptables -t mangle -A OUTPUT $@ -j classify_$class
;;
"-i "*)
$iptables -t mangle -A INPUT $@ -j classify_$class
;;
esac
}
#$TC filter add dev $UDEV parent 1:0 protocol ip prio 10 u32 \
# match ip tos 0x10 0xff flowid 1:10
# default 1:40
# mangle "-o $UDEV" 40
# TOS Minimum Delay (ssh, NOT scp) in 1:10:
# mangle "-o $UDEV -m tos --tos 0x08" 30
classify local "-i $DDEV -d 192.168.0.1" # local
classify local "-i $DDEV -d gcc.flexdns.net" # local
# icmp goes to different classes depending on TOS, 1:123 by default
# ping -Q16 tests low latency, ping -Q0 tests normal traffic, ping -Q8 tests low priority
classify hiprio "-o $UDEV -p icmp -m tos --tos Minimize-Delay" # 0x10
classify hiprio "-o $UDEV -p icmp -m tos --tos Maximize-Reliability" # 0x4
classify general "-o $UDEV -p icmp -m tos --tos Normal-Service" # 0x0
classify backups "-o $UDEV -p icmp -m tos --tos Maximize-Throughput" # 0x8
classify unknown "-o $UDEV -p icmp -m tos --tos Minimize-Cost" # 0x2
# Amazon EC2 and S3 backups
for network in \
23.20.0.0/14 \
37.72.170.168/29 \
46.51.178.186/18 \
50.16.0.0/14 \
54.192.0.0/12 \
54.208.0.0/12 \
54.224.0.0/12 \
72.21.192.0/19 \
107.20.0.0/14 \
108.160.160.0/20 \
176.32.96.0/21 \
176.34.240.0/21 \
205.251.192.0/18 \
207.171.160.0/19
do
classify backups "-o $UDEV -d $network"
classify backups "-o $DDEV -s $network"
done
# Dropbox
for network in \
45.58.64.0/20 \
108.160.160.0/20 \
54.80.0.0/12 \
54.72.0.0/13 \
38.121.104.0/24
do
classify backups "-o $UDEV -d $network"
classify backups "-o $DDEV -s $network"
done
# voip
classify hiprio "-o $UDEV -p udp -m length --length 0:250" # voip
classify hiprio "-o $UDEV -p tcp -m length --length 0:100" # acks
classify general "-o $UDEV -p tcp --dport 80"
classify general "-o $UDEV -p tcp --sport 80"
classify general "-o $UDEV -p tcp --dport 443"
classify general "-o $UDEV -p tcp --sport 3000"
classify general "-o $UDEV -p tcp --sport 4949" # munin-node
classify general "-o $UDEV -p tcp --dport 5666" # nrpe
classify backups "-o $UDEV -p tcp --dport imaps"
classify general "-o $UDEV -p tcp --dport imap"
classify general "-o $UDEV -p tcp --dport smtp"
classify hiprio "-o $UDEV -m tos --tos 0x10" # interactive
classify hiprio "-o $UDEV -m tos --tos 0x0 -p tcp --dport 48001" # unknown
classify backups "-o $UDEV -m tos --tos 0x8 -p tcp --dport 48001" # bulk
classify hiprio "-o $UDEV -m tos --tos 0x0 -p tcp --sport 48001"
classify hiprio "-o $UDEV -m tos --tos 0x0 -p tcp --sport 8080"
classify hiprio "-o $UDEV -m tos --tos 0x0 -p tcp --dport 22"
classify hiprio "-o $UDEV -p tcp --dport 5902" # vnc
classify hiprio "-o $UDEV -p tcp --dport 5903" # vnc
classify hiprio "-o $UDEV -p tcp --dport 3389" # rdp
classify backups "-o $UDEV -p tcp --sport 51413" # bittorrent
classify backups "-o $UDEV -p udp --sport 51413" # bittorrent
filter() {
$iptables -A throttle -i $UDEV "$@"
# $iptables -t mangle -A POSTROUTING $1 -j MARK --set-mark 0x$2
}
filter -p tcp --sport 80 -j throttle_hi
filter -p tcp --sport 443 -j throttle_hi
filter -p tcp --sport 993 -j throttle_hi
filter -p tcp --sport 48001 -m tos --tos 0x10 -j throttle_hi
filter -p tcp --dport 48001 -m tos --tos 0x10 -j throttle_hi
filter -p tcp -j throttle_lo
#$TC filter add dev $UDEV parent 1:0 protocol ip prio 11 u32 \
# match ip tos 0x08 0xff flowid 1:30
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
#$TC filter add dev $UDEV parent 1:0 protocol ip prio 10 u32 \
# match ip protocol 1 0xff flowid 1:10
#mangle "-o $UDEV -p icmp" 10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
#$TC filter add dev $UDEV parent 1: protocol ip prio 10 u32 \
# match ip protocol 6 0xff \
# match u8 0x05 0x0f at 0 \
# match u16 0x0000 0xffc0 at 2 \
# match u8 0x10 0xff at 33 \
# flowid 1:10
# mangle "-o $UDEV -p tcp --tcp-flags SYN,PSH,ACK ACK" 10
#mangle "-o $UDEV -m length --length 0:200" 10
#mangle "-o $UDEV -m length --length 200:1600" 30
#mangle "-o $UDEV -p tcp --dport 48001" 20
# mangle "-o $UDEV -p icmp" 10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20 by default
# some traffic however suffers a worse fate
#for port in $NOPRIOPORTDST
#do
# #$TC filter add dev $UDEV parent 1: protocol ip prio 14 u32 \
# # match ip dport $port 0xffff flowid 1:30
# mangle "-o $UDEV -p tcp --dport $port" 30
# mangle "-o $UDEV -p udp --dport $port" 30
#done
#
#for port in $NOPRIOPORTSRC
#do
# #$TC filter add dev $UDEV parent 1: protocol ip prio 15 u32 \
# # match ip sport $a 0xffff flowid 1:30
# mangle "-o $UDEV -p tcp --sport $port" 30
# mangle "-o $UDEV -p udp --sport $port" 30
#done
#
#for host in $NOPRIOHOSTSRC
#do
# #$TC filter add dev $UDEV parent 1: protocol ip prio 16 u32 \
# # match ip src $a flowid 30
# mangle "-o $UDEV -s $host" 30
#done
#
#for host in $NOPRIOHOSTDST
#do
# #$TC filter add dev $UDEV parent 1: protocol ip prio 17 u32 \
# # match ip dst $a flowid 30
# mangle "-o $UDEV -d $host" 30
#done
#
## rest is 'non-interactive' ie 'bulk' and ends up in 1:20
#
##$TC filter add dev $UDEV parent 1: protocol ip prio 18 u32 \
# match ip dst 0.0.0.0/0 flowid 1:20
#$iptables -t mangle -A POSTROUTING -p tcp -m mark --mark 0x10 \
# -m limit --limit 1/s -j LOG
#$iptables -t mangle -A POSTROUTING -m mark --mark 0x10 \
# -j TOS --set-tos 0x10
#$iptables -t mangle -A POSTROUTING -m mark --mark 0x20 \
# -j TOS --set-tos 0x08
#$iptables -t mangle -A POSTROUTING -m mark --mark 0x30 \
# -j TOS --set-tos 0x08
########## downlink to us #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:
$TC qdisc add dev $UDEV ingress handle ffff:
$TC filter add dev $UDEV parent ffff: protocol ip prio 30 \
u32 match ip dport 48003 0xffff police rate $[DOWNLINK/8]kbit \
burst 10k mtu 10k drop
# backups
# $TC class add dev $UDEV parent ffff: classid ffff:30 htb rate 8bps \
# ceil $[$DOWNLINK/2]kbit burst $burst quantum 1500
# mangle "-p tcp --dport 48003" ffff:30
# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:
# limit backups to amazon to avoid being throttled by Virgin
if false; then
firsthour=17
lasthour=22
seconds=$[($lasthour - $firsthour) * 3600]
allowance=$[3500*1000]
maxrate=$[$allowance * 8 / $seconds]
if [ $maxrate -gt $DOWNLINK ]; then
maxrate=$DOWNLINK
fi
if [ $hour -ge $firsthour -a $hour -lt $lasthour ]; then
$TC filter add dev $UDEV parent ffff: protocol ip prio 50 \
u32 match ip src 0.0.0.0/0 police rate ${maxrate}kbit \
burst 10k drop flowid :1
fi
fi
###### downlink to computers behind us
if true; then
# install root HTB, point default traffic to 1:130 (bulk)
$TC qdisc add dev $DDEV root handle 1: htb default $q_general
# shape everything at $DOWNLINK2 speed - this prevents huge queues in your
# DSL modem which destroy latency:
$TC class add dev $DDEV parent 1: classid 1:1 htb rate ${DOWNLINK}kbit \
ceil ${DOWNLINK}kbit burst $burst quantum 1500
$TC class add dev $DDEV parent 1: classid 1:$q_local htb rate 100mbit \
ceil 100mbit burst $burst quantum 1500
# high prio class 1:10:
$TC class add dev $DDEV parent 1:1 classid 1:$q_hiprio htb rate $[${DOWNLINK2}/4]kbit \
ceil ${DOWNLINK}kbit burst $burst prio 1 quantum 1500
# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:
$TC class add dev $DDEV parent 1:1 classid 1:$q_general htb \
rate 8bps ceil ${DOWNLINK}kbit burst $burst prio 2 quantum 1500
$TC class add dev $DDEV parent 1:1 classid 1:$q_backups htb \
rate 8bps ceil ${DOWNLINK}kbit burst $burst prio 3 quantum 1500
$TC class add dev $DDEV parent 1:1 classid 1:$q_unknown htb \
rate 8bps ceil $[${DOWNLINK}/2]kbit burst $burst prio 3 quantum 1500
# all get Stochastic Fairness:
#$TC qdisc add dev $DDEV parent 1:110 handle 10: sfq perturb $perturb
#$TC qdisc add dev $DDEV parent 1:$q_general handle $q_general: bfifo limit 200000
$TC qdisc add dev $DDEV parent 1:$q_general handle $q_general: red limit 100000 min 10000 max 25000 avpkt 1000 burst 10 bandwidth ${DOWNLINK}kbit
#$TC qdisc add dev $DDEV parent 1:130 handle 30: sfq perturb $perturb
#$TC qdisc add dev $DDEV parent 1:140 handle 40: sfq perturb $perturb
classify local "-o $DDEV -s 192.168.0.1" # local
classify local "-o $DDEV -s gcc.flexdns.net" # local
# TOS Minimum Delay (ssh, NOT scp) in 1:110:
classify general "-o $DDEV -p tcp --sport 80"
classify general "-o $DDEV -p tcp --sport 443"
classify hiprio "-o $DDEV -p tcp --sport 5903" # vnc
classify general "-o $DDEV -p tcp --sport imaps"
classify general "-o $DDEV -p tcp --sport imap"
classify general "-o $DDEV -p tcp --sport smtp"
classify hiprio "-o $DDEV -p udp -m length --length 0:100" # voip
classify hiprio "-o $DDEV -p tcp -m length --length 0:100" # TCP acks
# icmp goes to different classes depending on TOS, 1:123 by default
# ping -Q16 tests low latency, ping -Q0 tests normal traffic, ping -Q8 tests low priority
classify hiprio "-o $DDEV -p icmp -m tos --tos Minimize-Delay" # 0x10
classify hiprio "-o $DDEV -p icmp -m tos --tos Maximize-Reliability" # 0x4
classify general "-o $DDEV -p icmp -m tos --tos Normal-Service" # 0x0
classify backups "-o $DDEV -p icmp -m tos --tos Maximize-Throughput" # 0x8
classify unknown "-o $DDEV -p icmp -m tos --tos Minimize-Cost" # 0x2
classify hiprio "-o $DDEV -m tos --tos 0x10" # interactive
classify backups "-o $DDEV -m tos --tos 0x08" # bulk
classify backups "-o $DDEV -p tcp --dport 51413" # bittorrent
classify backups "-o $DDEV -p udp --dport 51413" # bittorrent
classify general "-o $DDEV"
# eric bulk
# mangle "-o $DDEV -d 192.168.0.175" 140 # eri
# mangle "-o $DDEV -d 192.168.0.115" 140 # rob
# $TC filter add dev $DDEV parent 1:0 protocol ip prio 10 u32 \
# match ip tos 0x10 0xff flowid 1:10
# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
# $TC filter add dev $DDEV parent 1:0 protocol ip prio 10 u32 \
# match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:
#$TC filter add dev $DDEV parent 1: protocol ip prio 10 u32 \
# match ip protocol 6 0xff \
# match u8 0x05 0x0f at 0 \
# match u16 0x0000 0xffc0 at 2 \
# match u8 0x10 0xff at 33 \
# flowid 1:10
# rest is 'non-interactive' ie 'bulk' and ends up in 1:20
# some traffic however suffers a worse fate
#for a in $NOPRIOPORTDST
#do
# $TC filter add dev $DDEV parent 1: protocol ip prio 14 u32 \
# match ip dport $a 0xffff flowid 1:30
#done
#
#for a in $NOPRIOPORTSRC
#do
# $TC filter add dev $DDEV parent 1: protocol ip prio 15 u32 \
# match ip sport $a 0xffff flowid 1:30
#done
#
#for a in $NOPRIOHOSTSRC
#do
# $TC filter add dev $DDEV parent 1: protocol ip prio 16 u32 \
# match ip src $a flowid 1:30
#done
#
#for a in $NOPRIOHOSTDST
#do
# $TC filter add dev $DDEV parent 1: protocol ip prio 17 u32 \
# match ip dst $a flowid 1:30
#done
#
## rest is 'non-interactive' ie 'bulk' and ends up in 1:20
#
#$TC filter add dev $DDEV parent 1: protocol ip prio 18 u32 \
# match ip dst 0.0.0.0/0 flowid 1:20
#
fi
rm $LOCKFILE