[LARTC] not sure if my script works

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I wrote the following shell-script for my traffic shaping but I am not sure
if it works. I think I noticed a serious speed decrease (not on LAN but on
ISDN-connection) and therefore it would be nice if you would look through
the script (especially then incoming-part) and tell me if I made any errors.
I looked for it lots of times but did not find anything that is wrong.

--------------------------------------
#!/bin/sh
#
# Shell-Skript fuer Quality of Service mit HTB
#

EXTIF=ppp0
INTIF=eth0
# in /root because the normal tc does not work but I did not want to
overwrite it.
TC=/root/tc
NET=192.168.10.0
MASK=255.255.255.0

modprobe sch_htb sch_prio sch_tbf sch_cbq

############
# Outgoing
############
## Root
$TC qdisc add dev $EXTIF root handle 1:0 htb default 12
## Hauptklasse
$TC class add dev $EXTIF parent 1:0 classid 1:1 htb rate 62kbit ceil 62kbit
## Klasse fuer ACK
$TC class add dev $EXTIF parent 1:1 classid 1:10 htb rate 8kbit ceil 62kbit
prio 0
## Klasse fuer VPN/SSH
$TC class add dev $EXTIF parent 1:1 classid 1:11 htb rate 40kbit ceil 62kbit
prio 1
## Klasse fuer normalen Traffic
$TC class add dev $EXTIF parent 1:1 classid 1:12 htb rate 12kbit ceil 62kbit
prio 2
## Klasse fuer Bulk
$TC class add dev $EXTIF parent 1:1 classid 1:13 htb rate 2kbit ceil 48kbit
prio 3

# ACKs
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp -m length --length
0:64 -j MARK --set-mark 10
# VPN/IPsec
iptables -A POSTROUTING -t mangle -o $EXTIF -p 50 -j MARK --set-mark 11
# SSH
# iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 22 -j LOG
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 22 -j
MARK --set-mark 11
# Counter-Strike
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 27015 -j
MARK --set-mark 11
# ICMP / Ping
iptables -A POSTROUTING -t mangle -o $EXTIF -p icmp -j MARK --set-mark 11
# lokaler SSH Server auf Port 4444
# iptables -A OUTPUT -t mangle -o $EXTIF -p tcp --sport 4444 -j
MARK --set-mark 11
# SMTP
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 25 -j
MARK --set-mark 12
# eDonkey
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 4662 -j
MARK --set-mark 13
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 4662 -j
MARK --set-mark 13
# Kazaa
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 1214 -j
MARK --set-mark 13
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 1214 -j
MARK --set-mark 13
# Battle.net
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 6112 -j
MARK --set-mark 11
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 6112 -j
MARK --set-mark 11
# Diablo II
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 4000 -j
MARK --set-mark 11
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 4000 -j
MARK --set-mark 11

# diverses:
# iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j LOG
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j MARK --set-mark 11

$TC filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 10 fw flowid
1:10
$TC filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 11 fw flowid
1:11
# default: 1:12
$TC filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 13 fw flowid
1:13

###########
# Incoming
###########
$TC qdisc add dev $INTIF root handle 2:0 htb default 20
$TC class add dev $INTIF parent 2:0 classid 2:2 htb rate 100mbit ceil
100mbit
$TC class add dev $INTIF parent 2:2 classid 2:30 htb rate 99mbit ceil
100mbit prio 1
$TC class add dev $INTIF parent 2:2 classid 2:20 htb rate 60kbit ceil 60kbit
prio 0
$TC qdisc add dev $INTIF parent 2:20 handle 20:0 htb default 20
$TC class add dev $INTIF parent 20:0 classid 20:20 htb rate 48kbit ceil
60kbit prio 1
$TC class add dev $INTIF parent 20:0 classid 20:21 htb rate 10kbit ceil
60kbit prio 0
$TC class add dev $INTIF parent 20:0 classid 20:22 htb rate 2kbit ceil
56kbit prio 3

# interner traffic
# iptables -A POSTROUTING -t mangle -o $INTIF -s $NET/$MASK -j LOG
iptables -A POSTROUTING -t mangle -o $INTIF -s $NET/$MASK -j MARK --set-mark
30
# ACKs
iptables -A POSTROUTING -t mangle -o $INTIF -s ! $NET/$MASK -m
length --length 0:200 -j MARK --set-mark 21
# SSH
# iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
22 -j LOG
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
22 -j MARK --set-mark 21
# ICMP / Ping
# iptables -A POSTROUTING -t mangle -o $INTIF -p icmp -s ! $NET/$MASK -j LOG
iptables -A POSTROUTING -t mangle -o $INTIF -p icmp -s ! $NET/$MASK -j
MARK --set-mark 21
# eDonkey
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --dport
4662 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
4662 -j MARK --set-mark 22
# Kazaa
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --dport
1214 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
1214 -j MARK --set-mark 22
# Battle.net
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --dport
6112 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
6112 -j MARK --set-mark 21
# Diablo II
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --dport
4000 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
4000 -j MARK --set-mark 21

# zu drosselnder Rechner
iptables -A POSTROUTING -t mangle -o $INTIF -d 192.168.10.14 -s !
$NET/$MASK -j MARK --set-mark 22

# diverses:
# iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK -m
tcp --tcp-flags SYN,RST,ACK SYN -j LOG
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK -m
tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 21

$TC filter add dev $INTIF parent 2:0 prio 0 protocol ip handle 30 fw flowid
2:30
$TC filter add dev $INTIF parent 2:20 prio 0 protocol ip handle 21 fw flowid
20:21
$TC filter add dev $INTIF parent 2:20 prio 0 protocol ip handle 22 fw flowid
20:22


#########
# SFQ
#########
$TC qdisc add dev $EXTIF parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $EXTIF parent 1:11 handle 11: sfq perturb 10
$TC qdisc add dev $EXTIF parent 1:12 handle 12: sfq perturb 10
$TC qdisc add dev $EXTIF parent 1:13 handle 13: sfq perturb 10

$TC qdisc add dev $INTIF parent 2:30 handle 30: sfq perturb 10
# commented out because it gives an error. do you know why/what it should be
to be correct?
#$TC qdisc add dev $INTIF parent 20:20 handle 20: sfq perturb 10
$TC qdisc add dev $INTIF parent 20:21 handle 21: sfq perturb 10
$TC qdisc add dev $INTIF parent 20:22 handle 22: sfq perturb 10
--------------------------------------

What do you think about this script? Is it good? Are there errors?

Regards,
David Hellekalek
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux