Good day All
I'm starting to learn the whole of bandwidth management thing
I download Allan Beaufour Larsen script(attatched)
There are a few thing I dont understand
Please help
*Class 1:10,line 65
at the Iptables he marks packages for " -m tos --tos Minimize-Delay"
What is this
and
same,line 95 class 1:12 " -m tos --tos Maximize-Throughput" and line
106 " -m tos --tos Minimize-Cost"
and
down to the htb config line 212 for class 1:13 he talks about NATed
traffic but he doen not use this class anywhere
Please shed some light on these
And is this script any good??
#!/bin/bash
#
# NetCtrl version 0.3 by Allan Beaufour Larsen
#
# netctrl This script starts and stops shaping of network traffic.
#
# chkconfig: - 95 05
# description: netctrl shapes the network traffic.
# It adds marking to the 'mangle' iptable,
# and creates priority trees with htb for both $DEV and imq0.
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /sbin/tc ] || exit 0
RETVAL=0
prog=netctrl
######################################################################
# Setup local environment
######################################################################
# Device to be shaped
DEV=eth0
# Ceiling of outgoing connection (in kbit)
CEIL_UP=64
# Ceiling of incomming connection (in kbit)
CEIL_DOWN=1425
# Burst rate set for ex. browsing
BURST=30k
# What should the new table be named
# (to avoid conflict with pre-existing tables)
CHAINNAME=NETCTRL
######################################################################
# This function sets up the iptables to mark each packet type.
# This will enable the shapers to handle them accordingly.
######################################################################
setup_iptables() {
echo -n " Create ${CHAINNAME} chain "
( iptables -t mangle -N ${CHAINNAME} && echo_success) || echo_failure
echo
# Setup marking of packets in ${CHAINNAME}
echo -n " Setting up marking of packets in ${CHAINNAME} "
############
# CLASS 1:10
############
# ICMP-packets (Ping, etc.)
#echo -n " Iptables for icmp class 1:10"
iptables -t mangle -A ${CHAINNAME} -p icmp -j MARK --set-mark 0x1
# Minimize-delay TOS
iptables -t mangle -A ${CHAINNAME} -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
# SSH
#echo -n " Iptables for ssh class 1:10"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1
iptables -t mangle -A INPUT -p tcp -m tcp --dport 22 -j MARK --set-mark 0x1
# SYN-packets
iptables -t mangle -I ${CHAINNAME} -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
# DNS
#echo -n " Iptables for dns class 1:10"
iptables -t mangle -I ${CHAINNAME} -p udp -m udp --sport 53 -j MARK --set-mark 0x1
iptables -t mangle -I ${CHAINNAME} -p udp -m udp --dport 53 -j MARK --set-mark 0x1
############
# CLASS 1:11
############
# HTTP
#echo -n " Iptables for http class 1:11"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2
# HTTPS
#echo -n " Iptables for https class 1:11"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --sport 443 -j MARK --set-mark 0x2
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 443 -j MARK --set-mark 0x2
############
# CLASS 1:12
############
# Maximize-Throughput TOS (should we trust people?)
iptables -t mangle -A ${CHAINNAME} -m tos --tos Maximize-Throughput -j MARK --set-mark 0x3
############
# CLASS 1:13
############
# Empty for now (used for local server packets)
############
# CLASS 1:14
############
# Minimize-cost TOS
iptables -t mangle -A ${CHAINNAME} -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
# SMTP
#echo -n " Iptables for smtp class 1:14"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 25 -j MARK --set-mark 0x5
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x5
iptables -t mangle -A INPUT -p tcp -m tcp --dport 25 -j MARK --set-mark 0x5
# POP3
#echo -n " Iptables for pop3 class 1:14"
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 110 -j MARK --set-mark 0x5
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 110 -j MARK --set-mark 0x5
iptables -t mangle -A INPUT -p tcp -m tcp --dport 110 -j MARK --set-mark 0x5
# IMAP
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 143 -j MARK --set-mark 0x5
# IMAPS
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 993 -j MARK --set-mark 0x5
# POP3S
iptables -t mangle -A ${CHAINNAME} -p tcp -m tcp --dport 995 -j MARK --set-mark 0x5
echo_success
echo
############
# CATCH REST
############
echo -n " Setting default mark for PREROUTING "
#echo -n " Iptables for catch rest"
( iptables -t mangle -A PREROUTING -j MARK --set-mark 0x6 && echo_success) || echo_failure
echo
echo -n " Setting default mark for OUTPUT "
( iptables -t mangle -A OUTPUT -j MARK --set-mark 0x3 && echo_success) || echo_failure
echo
#########################
# JOIN IMQ WITH NEW CHAIN
#########################
# echo -n " Join chain to IMQ"
# ( iptables -t mangle -i ${DEV} -A ${CHAINNAME} -j IMQ && echo_success) || echo_failure
# Should '-i ${DEV}' be put in this rule to exclude traffic to server?
# This may have created trouble...
# echo
############################
# JOIN TABLES WITH NEW CHAIN
############################
for tab in PREROUTING # OUTPUT gives kernel panic (IMQ-jump should probably me moved from CHAINNAME to PREROUTING???
do
echo -n " Join $tab with ${CHAINNAME} "
( iptables -t mangle -A $tab -j ${CHAINNAME} && echo_success) || echo_failure
echo
done
}
######################################################################
# This function creates the "tree" with the classes (buckets)
# buckets where the traffic is sent to.
# Each class has a priority and bandwidth limitations.
######################################################################
setup_htb() {
if [ -z "$1" -o -z "$2" ]; then
echo "Ooops! Wrong parameters for setup_htb()!"
exit 2
fi
LDEV=$1;
CEIL=$2;
echo -n " Setting up htb for $LDEV (ceil = $CEIL) "
# Number of classes (used to set rate for each class)
NUM_CLASSES=5
# Create root of tree, set default class to 1:15
tc qdisc add dev ${LDEV} root handle 1: htb default 15
tc class add dev ${LDEV} parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
##############################################
# Class 1:10
# Description: Interactive traffic
# Types: ssh, dns, irc, SYN-packets
##############################################
tc class add dev ${LDEV} parent 1:1 classid 1:10 htb rate $[$CEIL/$NUM_CLASSES]kbit burst ${BURST} ceil ${CEIL}kbit prio 0
tc filter add dev ${LDEV} parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
#################################################################
# Class 1:11
# Description: Web
# Types: http,https
#################################################################
tc class add dev ${LDEV} parent 1:1 classid 1:11 htb rate $[$CEIL/$NUM_CLASSES]kbit burst ${BURST} ceil ${CEIL}kbit prio 1
tc filter add dev ${LDEV} parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
#################################################################
# Class 1:12
# Description: Local processes on machine and 'Maximize-Throughput TOS'
# Types: *
#################################################################
tc class add dev ${LDEV} parent 1:1 classid 1:12 htb rate $[$CEIL/$NUM_CLASSES]kbit ceil ${CEIL}kbit prio 2
tc qdisc add dev ${LDEV} parent 1:12 handle 120: sfq perturb 10
tc filter add dev ${LDEV} parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
#################################################################
# Class 1:13
# Description: High priority NATed traffic
# Traffic: *
#################################################################
tc class add dev ${LDEV} parent 1:1 classid 1:13 htb rate 20kbit ceil ${CEIL}kbit prio 2
tc qdisc add dev ${LDEV} parent 1:13 handle 130: sfq perturb 10
tc filter add dev ${LDEV} parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13
#################################################################
# Class 1:14
# Description: Mail traffic and 'Minimize-Cost TOS'
# Traffic: smtp, pop3, pop3s, imap, imaps
#################################################################
tc class add dev ${LDEV} parent 1:1 classid 1:14 htb rate $[$CEIL/$NUM_CLASSES]kbit ceil ${CEIL}kbit prio 3
tc qdisc add dev ${LDEV} parent 1:14 handle 140: sfq perturb 10
tc filter add dev ${LDEV} parent 1:0 protocol ip prio 5 handle 5 fw classid 1:14
#################################################################
# Class 1:15
# Description: Catch-all, rest of traffic
# Traffic: *
#################################################################
tc class add dev ${LDEV} parent 1:1 classid 1:15 htb rate $[$CEIL/$NUM_CLASSES]kbit ceil ${CEIL}kbit prio 3
tc qdisc add dev ${LDEV} parent 1:15 handle 150: sfq perturb 10
tc filter add dev ${LDEV} parent 1:0 protocol ip prio 6 handle 6 fw classid 1:15
echo_success
echo
}
######################################################################
######################################################################
setup_outbound() {
setup_htb $DEV $CEIL_UP
}
######################################################################
######################################################################
#setup_inbound() {
# echo -n " Adding imq module to kernel "
# ( modprobe imq numdevs=1 && echo_success ) || echo_failure
# echo
#
# echo -n " UP'ing imq0 device "
# ( ip link set imq0 up && echo_success ) || echo_failure
# echo
#
# # Setup htb for IMQ device
# setup_htb imq0 $CEIL_DOWN
#}
######################################################################
######################################################################
shutdown_htb() {
if [ -z "$1" ]; then
echo "Ooops! Wrong parameters to shutdown_htb()"
exit 2
fi
LDEV=$1
echo -n " Removing htb from $DEV "
(tc qdisc del dev $LDEV root 2> /dev/null > /dev/null && echo_success) || echo_failure
echo
}
######################################################################
######################################################################
shutdown_outbound() {
shutdown_htb $DEV
}
######################################################################
######################################################################
#shutdown_inbound() {
# shutdown_htb imq0
#
# echo -n " DOWN'ning imq0 device "
# (ip link set imq0 down 2> /dev/null > /dev/null && echo_success) || echo_failure
# echo
# echo -n " Remove imq module from kernel "
# (rmmod imq 2> /dev/null > /dev/null && echo_success) || echo_failure
# echo
#}
######################################################################
######################################################################
shutdown_iptables() {
for tab in PREROUTING # OUTPUT
do
echo -n " Removing ${CHAINNAME} from $tab "
( iptables -t mangle -D $tab -j ${CHAINNAME} && echo_success) || echo_failure
echo
done
echo -n " Clearing ${CHAINNAME} chain "
( iptables -t mangle -F ${CHAINNAME} && echo_success) || echo_failure
echo
echo -n " Delete ${CHAINNAME} chain "
( iptables -t mangle -X ${CHAINNAME} && echo_success) || echo_failure
echo
echo -n " Removing default mark from PREROUTING "
( iptables -t mangle -D PREROUTING -j MARK --set-mark 0x6 && echo_success) || echo_failure
echo
echo -n " Removing default mark from OUTPUT "
( iptables -t mangle -D OUTPUT -j MARK --set-mark 0x3 && echo_success) || echo_failure
echo
}
######################################################################
######################################################################
start() {
echo $"Starting $prog: "
setup_outbound
# setup_inbound
setup_iptables
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
return $RETVAL
}
######################################################################
######################################################################
stop() {
echo $"Shutting down $prog: "
shutdown_iptables
# shutdown_inbound
shutdown_outbound
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
return $RETVAL
}
######################################################################
# See how we were called.
######################################################################
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
RETVAL=$?
;;
condrestart)
if [ -f /var/lock/subsys/$prog ]; then
stop
start
RETVAL=$?
fi
;;
status)
# Show the status
echo "********** $DEV: qdisc"
tc -s qdisc ls dev $DEV
echo "********** $DEV: class"
tc -s class ls dev $DEV
# echo "********** imq0: qdisc"
# tc -s qdisc ls dev imq0
# echo "********** imq0: class"
# tc -s class ls dev imq0
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
exit 1
esac
exit $RETVAL
