Am hoping someone could have the time to look at my simple script, it basically tries to restrict users based on their ip, but I also incorporated the hints given by Stef on being able to allow local traffic unrestricted. no iptable marking (fw filter) is used, just tc.
I see traffic passing thru all the classes when ever those systems are in use.
Ave done some stress test on the local traffic by plugging p2p/web crawlers on the LAN of one of the systems, each time i notice that the parent ceil limit is being broken.
I have met the one major requirement, sum of child classes rate <= parent rate. I dont know what else i might be doing wrong, once placed perturb to 1, and internally(kernel) am using PSCHED_CPU and a sfq buffer length of 15 as against 128. (notes on docum.org) to try and increase speed. (Processor has TSC flag)
Would be much obliged on any comments/improvements i can make on the script.
Using kernel 2.4.22
TIA
K
_________________________________________________________________
MSN Shopping upgraded for the holidays! Snappier product search... http://shopping.msn.com #!/bin/bash
#
# rc.qos - GPL ver 0.04 (rate limiting specific ip's on a LAN)
# <kchijioke@xxxxxxx>
#
# TODO:
# 1) make auto-startable
# 2) place command line arguments
# 3) make generic, this gonna be a hardone ;)
# 4) improve QoS, attempt DiffServ again
# 5) incorporate SQUID, include upload traffic control
# 6) auto determine bandwidth per ip
#
# Acknowledgements:
# Much thanks to Stef, Alex, Clouter and Ahu
# Special thanks to reeler@#lartc for pointing out the not so obvious (in my case) ;)
#
# Schematic
# ---------
#
# _________root 1:0_______
# / \
# local (10mbit) Internet (90kbit)
# 1:2 1:3
# (h=handle 5) |
# |
# --------------+-----------------------------------
# / | | | | \
# 1:10 1:11 1:12 1:13 1:... 1:50
# (high priority) (sys 1) (sys 2) (sys 3) (sys ...) (default)
# (h10) (h11) (h12) (h13) (h...) (h50)
#
#set -x
# LAN Interface ( Download )
# delete/create root class tc qdisc del dev eth1 root 2> /dev/null tc qdisc add dev eth1 root handle 1: htb default 50 r2q 1
# create local class tc class add dev eth1 parent 1: classid 1:2 htb rate 10mbit ceil 10mbit
# create internet class #ceil 86 tc class add dev eth1 parent 1: classid 1:3 htb rate 86Kbit ceil 90Kbit
# create high priority class in internet class for ack, icmp packets #ceil 82
tc class add dev eth1 parent 1:3 classid 1:10 htb rate 5Kbit ceil 82Kbit prio 0
# create 20 system classes in internet class, sys01 - sys20 ( 1:11 - 1:30 ) #ceil 82
for LOOP in `seq 11 30`
do
tc class add dev eth1 parent 1:3 classid 1:$[$LOOP] htb \
rate 4Kbit ceil 82Kbit prio 2
done
# default class #ceil 80
tc class add dev eth1 parent 1:3 classid 1:50 htb rate 2Kbit ceil 80Kbit prio 3
# do qdisc attachment # perturb 10 tc qdisc add dev eth1 parent 1:2 handle 5: sfq perturb 10
for LOOP in `seq 10 30` do tc qdisc add dev eth1 parent 1:$[$LOOP] handle $[$LOOP]: sfq \ perturb 10 done tc qdisc add dev eth1 parent 1:50 handle 50: sfq perturb 10
# filter rules
# 10mbit local traffic matched
tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip src 192.168.0.0/24 classid 1:2
# any other thing not matched to classid 1:3 ( must be from internet bound )
# 90Kbit Internet traffic match
tc filter add dev eth1 parent 1: protocol ip prio 100 u32 match ip tos 0 0 classid 1:3
# High priority class 1:10 filter
tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 10 fw classid 1:10
# (1:10 is high priority class in internet class) # TOS minimum delay in 1:10 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip tos 0x10 0xff flowid 1:10
# UDP Traffic in 1:10 tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip protocol 17 0xff \ match ip dport 53 0xffff flowid 1:10
# ICMP (ip protocol 1) Set class to 1:10 to impress friends tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip protocol 1 0xff flowid 1:10
# To speed up downloads while an upload is going on, put ACK packets in # the 1:10 class # ACKs on packets < 64 bytes tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ flowid 1:10
# remaining filters for sys01 - sys20
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.106/32 flowid 1:11
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.107/32 flowid 1:12
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.108/32 flowid 1:13
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.109/32 flowid 1:14
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.110/32 flowid 1:15
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.111/32 flowid 1:16
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.112/32 flowid 1:17
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.113/32 flowid 1:18
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.114/32 flowid 1:19
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.121/32 flowid 1:20
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.122/32 flowid 1:21
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.123/32 flowid 1:22
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.124/32 flowid 1:23
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.125/32 flowid 1:24
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.126/32 flowid 1:25
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.127/32 flowid 1:26
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.128/32 flowid 1:27
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.130/32 flowid 1:28
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.129/32 flowid 1:29
tc filter add dev eth1 parent 1:3 protocol ip prio 100 u32 match ip dst 192.168.0.104/32 flowid 1:30
tc filter add dev eth1 parent 1:3 protocol ip prio 200 handle 50 fw classid 1:50
# end of LAN interface ( download ) script