* [LARTC] HTB Script
@ 2004-11-24 22:08 Lenthir
2004-11-25 20:08 ` Lenthir
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: Lenthir @ 2004-11-24 22:08 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 1521 bytes --]
Hi everybody!
I wrote nice script, but I need some help....
Script is working almost well.
My question is:
Can I minimalize PING time more than this script can? (nowadays is
70-150ms with large load of link)
My first problem is - unreal big PING on router, and almost excellent
(nowadays is 70-150ms) PING on computers in network.
My users don't complain, but I noticed that the pages is becoming load
quickly and when it's almost done.. the transfer is going down!!
And second symptom is: when I open pages PING grows to 800ms, and
quickly go down. It's almost imperceptible, but it happens.
What's wrong? All packets is going to correct pipes. What should I do more?
I suspect, that time of change of speed (HTB's reaction time) many
queues is long. How can I improve this?
Script is very nice, but I need some professional help and advices.
Everything You can check when script is working:
./htb0.5.3en stat <IP> (example: ./htb0.5.3en stat 192.168.0.2)
./htb0.5.3en stat lan
./htb0.5.3en stats
My network's statistics:
http://stats.opat.hopto.org/
http://stats.zabierzow.net/
I attached my script. IMQ with imq_nat.diff patch is required (or AB
option in kernels 2.6), patched iptables(IMQ patch) is required, iproute
is required and bc is required. I tested this script on 2.6.9 kernel and
iproute from .deb package.
And second less important problem... How Can I mark squid's MISS
packets? Is Debian's Squid Package patched to change TOS?
http://stats.zabierzow.net/squid.php :d
Someone will help?
[-- Attachment #2: htb0.5.3en --]
[-- Type: text/plain, Size: 13666 bytes --]
#!/bin/bash
#
# rc.htb 0.5.3, (C)Lenthir 2oo4, GNU GPL
# 2004-11-01 9:30
VER="0.5.3"
DAT="2004-11-01 9:30"
MAX=3330
#######################
#Configuration:
ext_dwl=2000 #speed of link(s)(kbit/s) - download
ext_upl=220 #speed of link(s)(kbit/s) - upload
int="192.168.0.2 192.168.0.3 192.168.0.4 192.168.1.2" #internal addresses IP
ext="80.53.64.3" #external addresses IP with or without external router IP
srv_ext="80.53.64.3" #external router IP(machine where you exec this script)
lan_int="192.168.0.0/24 192.168.1.0/24 192.168.2.0/24" #subnetworks(pool of addresses)
int_dwl[0]=85; int_upl[0]=85 #subnetworks speed(download; upload) in order such how it is above
int_dwl[1]=2; int_upl[1]=2
int_dwl[2]=80; int_upl[2]=80
TC=`which iptables` #path to tc
MODPROBE=`which modprobe` #path to modprobe
IP=`which ip` #path to ip
IPTABLES=`which iptables` #path to iptables
firewall="/etc/init.d/rc.iptables restart" #how is firewall(iptables) restart?
#u_r2q=10 #r2q (optional)
u_quantum=1500 #quantum (optional todo, at present required)
porty_tcp="20 21 22 23 25 53 80 110 143 220 443 993 995 27015" #tcp preference ports
porty_udp="53" #udp preference ports
pping=1 # 0 - ping throw in preference queue 1 - ping throw in not preference queue
#End
#######################
stop()
{
$TC qdisc del root dev imq0 2> /dev/null
$TC qdisc del root dev imq1 2> /dev/null
$IP link set imq0 down
$IP link set imq1 down
}
start()
{ stop
#It checks is router adress in ext.
ipki="$ext $int"
for srvip in $srv_ext
do
if [[ `echo $ipki | grep $srvip` != $ipki ]]; then
ext="$ext $srvip"
fi
done
ile_int=`echo ${int}|awk '{print NF}'`
ile_ext=`echo ${ext}|awk '{print NF}'`
ile=$(echo "$ile_int + $ile_ext" | bc)
if [[ $ile -ge $MAX ]]
then
echo "Too many computers!"
exit 1
fi
# download
tmp=$(echo "$ext_dwl%$ile" | bc)
min=$(echo "$ext_dwl/$ile" | bc)
pri_min=$(echo "$min/2+$min%2" | bc)
sec_min=$(echo "$min/2" | bc)
max=$ext_dwl
echo " Quantity of computers: $ile"
echo "%===================================================================%"
echo " Setting download queue."
echo " Minimum download: $min kbit/s"
echo " Maximum download: $max kbit/s"
echo " Queue: -preference: $pri_min kbit/s -not preference: $sec_min kbit/s"
echo " Free: $tmp kbit/s"
echo " "
if [[ u_r2q=="" ]]; then
$TC qdisc add dev imq0 root handle 1:0 htb
else
$TC qdisc add dev imq0 root handle 1:0 htb r2q $u_r2q
fi
$TC class add dev imq0 parent 1:0 classid 1:1 htb rate ${ext_dwl}kbit ceil ${ext_dwl}kbit
j=2
for usr in $ext
do
$TC class add dev imq0 parent 1:1 classid 1:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$(($j+1)) sfq
$TC qdisc add dev imq0 parent 1:$(($j+2)) sfq
$TC filter add dev imq0 protocol ip parent 1:0 pref 2 u32 match ip dst $usr flowid 1:$j
for prt in $porty_tcp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 1:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 1:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 1 0xff flowid 1:$(($j+1))
fi
$TC filter add dev imq0 protocol ip parent 1:$j pref 4 u32 match ip dst $usr flowid 1:$((j+2))
let "j=j+3"
done
for usr in $int
do
$TC class add dev imq0 parent 1:1 classid 1:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$(($j+1)) sfq
$TC qdisc add dev imq0 parent 1:$(($j+2)) sfq
$TC filter add dev imq0 protocol ip parent 1:0 pref 2 u32 match ip dst $usr flowid 1:$j
for prt in $porty_tcp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 1 0xff flowid 1:$(($j+1))
fi
$TC filter add dev imq0 protocol ip parent 1:$j pref 4 u32 match ip dst $usr flowid 1:$((j+2))
let "j=j+3"
done
i=0
for ntr in $lan_int
do
$TC class add dev imq0 parent 1:0 classid 1:$j htb rate ${int_dwl[$i]}Mbit ceil ${int_dwl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$j sfq
for ipek in $ext ${lan_int}
do
$TC filter add dev imq0 protocol ip parent 1:0 pref 1 u32 match ip src $ntr match ip dst $ipek flowid 1:$j
done
let "j=j+1"
let "i=i+1"
done
$IPTABLES -t mangle -A PREROUTING -j IMQ --todev 0
$IP link set imq0 up
# upload
tmp=$(echo "$ext_upl%$ile" | bc)
min=$(echo "$ext_upl/$ile" | bc)
pri_min=$(echo "$min/2+$min%2" | bc)
sec_min=$(echo "$min/2" | bc)
max=$ext_upl
echo " Setting upload queue."
echo " Minimum upload: $min kbit/s"
echo " Maximum upload: $max kbit/s"
echo " Queue: -preference: $pri_min kbit/s -not preference: $sec_min kbit/s"
echo " Free: $tmp kbit/s"
echo "%===================================================================%"
if [[ u_r2q=="" ]]; then
$TC qdisc add dev imq1 root handle 2:0 htb
else
$TC qdisc add dev imq1 root handle 2:0 htb r2q $u_r2q
fi
$TC class add dev imq1 parent 2:0 classid 2:1 htb rate ${ext_upl}kbit ceil ${ext_upl}kbit
j=2
for usr in $ext
do
$TC class add dev imq1 parent 2:1 classid 2:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$(($j+1)) sfq
$TC qdisc add dev imq1 parent 2:$(($j+2)) sfq
$TC filter add dev imq1 protocol ip parent 2:0 pref 2 u32 match ip src $usr flowid 2:$j
for prt in $porty_tcp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 2:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 2:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 1 0xff flowid 2:$(($j+1))
fi
$TC filter add dev imq1 protocol ip parent 2:$j pref 4 u32 match ip src $usr flowid 2:$((j+2))
let "j=j+3"
done
for usr in $int
do
$TC class add dev imq1 parent 2:1 classid 2:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$(($j+1)) sfq
$TC qdisc add dev imq1 parent 2:$(($j+2)) sfq
$TC filter add dev imq1 protocol ip parent 2:0 pref 2 u32 match ip src $usr flowid 2:$j
for prt in $porty_tcp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 1 0xff flowid 2:$(($j+1))
fi
$TC filter add dev imq1 protocol ip parent 2:$j pref 4 u32 match ip src $usr flowid 2:$((j+2))
let "j=j+3"
done
i=0
for ntr in $lan_int
do
$TC class add dev imq1 parent 2:0 classid 2:$j htb rate ${int_upl[$i]}Mbit ceil ${int_upl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$j sfq
for ipek in $ext ${lan_int}
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 1 u32 match ip dst $ntr match ip src $ipek flowid 2:$j
done
let "j=j+1"
let "i=i+1"
done
$IPTABLES -t mangle -A POSTROUTING -j IMQ --todev 1
$IP link set imq1 up
}
echo "rc.htb $VER, (C)Lenthir 2oo4, GNU GPL"
echo "$DAT"
case "$1" in
'start')
echo "Uruchamianie kolejkowania..."
start
echo "Gotowe."
exit 0
;;
'stop')
echo -n "Zatrzymywanie kolejkowania..."
stop
echo " wykonano."
;;
'restart')
echo "Restartowanie kolejkowania..."
$firewall
start
echo "Gotowe."
;;
'status')
echo "Klasy na interfejsie imq0!"
echo "%====================================%"
$TC class show dev imq0 | grep root
$TC class show dev imq0 | grep -v root | sort | nl
echo "Klasy na interfejsie imq1!"
echo "%====================================%"
$TC class show dev imq1 | grep root
$TC class show dev imq1 | grep -v root | sort | nl
;;
'stat')
if [[ "$2" == "" ]]; then
echo "Script need second argument - adress IP"
exit 1
elif [[ "$2" == "lan" ]]; then
j=2
for usr in $ext
do
let "j=j+3"
done
for usr in $int
do
let "j=j+3"
done
i=0;trs="echo \"Transfer w LAN\""
for uvs in $lan_int
do
trs="$trs && echo \"Lan[$i]:\" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \""
let "j=j+1"
let "i=i+1"
done
watch -d -n 1 "$trs"
else
j=2
for usr in $ext
do
if [[ "$2" == "$usr" ]]; then
watch -d -n 1 "echo \"Download: \" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+1)) \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+2)) \" && echo && echo \"Upload: \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+1)) \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+2)) \""
echo "Zako���czono."
exit 0
fi
let "j=j+3"
done
for usr in $int
do
if [[ "$2" == "$usr" ]]; then
watch -d -n 1 "echo \"Download: \" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+1)) \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+2)) \" && echo && echo \"Upload: \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+1)) \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+2)) \""
echo "Zako���czono."
exit 0
fi
let "j=j+3"
done
fi
;;
*)
echo
echo "U���ycie: rc.htb start|stop|restart|status"
echo "rc.htb stat <lan|adress IP>"
exit 1
;;
esac
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] HTB Script
2004-11-24 22:08 [LARTC] HTB Script Lenthir
@ 2004-11-25 20:08 ` Lenthir
2004-11-26 22:28 ` Andy Furniss
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Lenthir @ 2004-11-25 20:08 UTC (permalink / raw)
To: lartc
Can anyone help??
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] HTB Script
2004-11-24 22:08 [LARTC] HTB Script Lenthir
2004-11-25 20:08 ` Lenthir
@ 2004-11-26 22:28 ` Andy Furniss
2004-11-27 12:17 ` Lenthir
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Andy Furniss @ 2004-11-26 22:28 UTC (permalink / raw)
To: lartc
Lenthir wrote:
> Hi everybody!
>
> I wrote nice script, but I need some help....
> Script is working almost well.
>
> My question is:
> Can I minimalize PING time more than this script can? (nowadays is
> 70-150ms with large load of link)
> My first problem is - unreal big PING on router, and almost excellent
> (nowadays is 70-150ms) PING on computers in network.
>
> My users don't complain, but I noticed that the pages is becoming load
> quickly and when it's almost done.. the transfer is going down!!
> And second symptom is: when I open pages PING grows to 800ms, and
> quickly go down. It's almost imperceptible, but it happens.
> What's wrong? All packets is going to correct pipes. What should I do more?
> I suspect, that time of change of speed (HTB's reaction time) many
> queues is long. How can I improve this?
It's a big script - I only looked briefly and may have missed things.
Shaping inbound traffic from the wrong end of the bottleneck is hard,
HTB would need to be predictive to do it better.
For SFQ you can change queue length (SFQ_DEPTH) in net/sched/sch_sfq.c
or you could use esfq and choose length with options.
How many users do you have?
If you have 2mbit link then I think you need to reduce the ceils or you
won't have a queue to shape with.
> Script is very nice, but I need some professional help and advices.
>
> Everything You can check when script is working:
> ./htb0.5.3en stat <IP> (example: ./htb0.5.3en stat 192.168.0.2)
> ./htb0.5.3en stat lan
> ./htb0.5.3en stats
>
> My network's statistics:
> http://stats.opat.hopto.org/
> http://stats.zabierzow.net/
>
> I attached my script. IMQ with imq_nat.diff patch is required (or AB
> option in kernels 2.6), patched iptables(IMQ patch) is required, iproute
> is required and bc is required. I tested this script on 2.6.9 kernel and
> iproute from .deb package.
>
> And second less important problem... How Can I mark squid's MISS
> packets? Is Debian's Squid Package patched to change TOS?
> http://stats.zabierzow.net/squid.php :d
I assume a miss is traffic squid gets from the net, if unshaped this
will make you go overlimits - so is not neccessarily just a secondary
problem.
If you are NATing and have IMQ hooking after NAT in PREROUTING then
traffic headed for squid will still have your real IP and forwarded
local IP. You need to use u32 to seperate it.
Andy.
> Someone will help?
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] HTB Script
2004-11-24 22:08 [LARTC] HTB Script Lenthir
2004-11-25 20:08 ` Lenthir
2004-11-26 22:28 ` Andy Furniss
@ 2004-11-27 12:17 ` Lenthir
2004-11-29 22:30 ` Andy Furniss
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Lenthir @ 2004-11-27 12:17 UTC (permalink / raw)
To: lartc
Andy Furniss wrote:
> It's a big script - I only looked briefly and may have missed things.
> Shaping inbound traffic from the wrong end of the bottleneck is hard,
> HTB would need to be predictive to do it better.
So what should I change?
> For SFQ you can change queue length (SFQ_DEPTH) in net/sched/sch_sfq.c
> or you could use esfq and choose length with options.
I made this. SFQ_DEPTH was changed from 128 to 16.
> How many users do you have?
I have 58 users and it will be more...
> If you have 2mbit link then I think you need to reduce the ceils or you
> won't have a queue to shape with.
I tested real speed - without packet queue (minimum ping, maximum transfer).
I have 2mbit link but 2Mbit for download and 256kbit for upload.
2000kbits without queue (even more:P)... and 220 upload without queue.
> I assume a miss is traffic squid gets from the net, if unshaped this
> will make you go overlimits - so is not neccessarily just a secondary
> problem.
Squid is switched off. I will not use, as long as I will not make filters.
> If you are NATing and have IMQ hooking after NAT in PREROUTING then
> traffic headed for squid will still have your real IP and forwarded
> local IP. You need to use u32 to seperate it.
Can You tell me how?
Thanks for answer. I thought, that nobody will write.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] HTB Script
2004-11-24 22:08 [LARTC] HTB Script Lenthir
` (2 preceding siblings ...)
2004-11-27 12:17 ` Lenthir
@ 2004-11-29 22:30 ` Andy Furniss
2004-12-08 10:27 ` Lenthir
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: Andy Furniss @ 2004-11-29 22:30 UTC (permalink / raw)
To: lartc
Lenthir wrote:
>
>
> Andy Furniss wrote:
>
>> It's a big script - I only looked briefly and may have missed things.
>
>
>> Shaping inbound traffic from the wrong end of the bottleneck is hard,
>> HTB would need to be predictive to do it better.
>
> So what should I change?
>
>> For SFQ you can change queue length (SFQ_DEPTH) in net/sched/sch_sfq.c
>> or you could use esfq and choose length with options.
>
> I made this. SFQ_DEPTH was changed from 128 to 16.
>
>> How many users do you have?
>
> I have 58 users and it will be more...
Hmm - if I had to do this many users on 2meg I would consider a
different approach.
Assuming I read the script correcty, you are putting interactive traffic
whithin each users share so there will be times when you delay while
others get their rate.
The way I do it is to have a class with a high rate and high prio for
interactive - but I do not do per user fairness on it - only on bulk
traffic.
Doing this with lots of users will mean you really have to be careful
about not letting bulk into interactive class. It also means that a user
could get more than there share of the link by having bulk and
interactive traffic. As a policy the Idea that on a highly contended
link interactive should get > than fair share at any time is attractive
to me as a gamer. It means that users that 24/7 download / browsers
can't leave me with so little bandwidth that gaming is impossible.
If you want to do things so that interactive takes from bulk per user
and keeps low latency you will need to look at HFSC.
>
>> If you have 2mbit link then I think you need to reduce the ceils or
>> you won't have a queue to shape with.
>
> I tested real speed - without packet queue (minimum ping, maximum
> transfer).
>
> I have 2mbit link but 2Mbit for download and 256kbit for upload.
> 2000kbits without queue (even more:P)... and 220 upload without queue.
You need to back off a bit from the inbound link speed so that a queue
builds up. There are other tweaks I would do but will post later when I
know what you do/use.
What sort of DSL do you use (pppoa or e etc) and can you get a cell
count out of the modem?
>
>> I assume a miss is traffic squid gets from the net, if unshaped this
>> will make you go overlimits - so is not neccessarily just a secondary
>> problem.
>
> Squid is switched off. I will not use, as long as I will not make filters.
>
>> If you are NATing and have IMQ hooking after NAT in PREROUTING then
>> traffic headed for squid will still have your real IP and forwarded
>> local IP. You need to use u32 to seperate it.
>
> Can You tell me how?
I think it should work OK as you do in the script with u32 for local IPs.
>
> Thanks for answer. I thought, that nobody will write.
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] HTB Script
2004-11-24 22:08 [LARTC] HTB Script Lenthir
` (3 preceding siblings ...)
2004-11-29 22:30 ` Andy Furniss
@ 2004-12-08 10:27 ` Lenthir
2005-01-08 9:25 ` [LARTC] htb script jayesh
2005-01-17 0:17 ` Andy Furniss
6 siblings, 0 replies; 8+ messages in thread
From: Lenthir @ 2004-12-08 10:27 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 275 bytes --]
I improved my script.
PING don't grow up when I'm browsing Internet.
I'm testing it now... but I notice improvement.
I recommend this script... is working very nice :)
I invite to help improving this script.
Site in Internet soon.
I haven't written filters for Squid yet.
[-- Attachment #2: htb0.5.3o --]
[-- Type: text/plain, Size: 14238 bytes --]
#!/bin/bash
#
# rc.htb 0.5.3, (C)Lenthir 2oo4, GNU GPL
# 2004-11-01 9:30
VER="0.5.3"
DAT="2004-11-01 9:30"
MAX=3330
#######################
#Konfiguracja interfejs���w:
ext_dwl=2000 #pr���dko������ ���acza(y) na ���wiat w kbit/s
ext_upl=220
int="`/etc/router/0.cfg` `/etc/router/1.cfg` `/etc/router/2.cfg`" #adresy IP dla interfejs���w lan
srv_ext="80.53.64.3" #zewn���trzne IP interfejs���w wyj���ciowych
lan_int="192.168.0.0/24 192.168.1.0/24 192.168.2.0/24"
int_dwl[0]=85; int_upl[0]=85
int_dwl[1]=2; int_upl[1]=2
int_dwl[2]=80; int_upl[2]=80
ext[0]="80.53.64.2" #zewn���trzne IP w podsieciach
ext[1]=""
ext[2]=""
TC=`which tc` #���cie���ka do tc
MODPROBE=`which modprobe` #���cie���ka do modprobe
IP=`which ip` #���cie���ka do ip
IPTABLES=`which iptables` #���cie���ka do iptables
firewall="/etc/init.d/rc.iptables restart" #jak zrestartowa��� firewall
#u_r2q=10 #r2q
u_quantum=1500 #quantum
porty_tcp="20 21 22 23 25 53 80 110 143 220 443 993 995 27015"
porty_udp="53"
pping=1 # 0 - ping w kolejce normalnej 1 - ping w kolejce priorytetowej
#######################
#Sprawdza czy wszystkie srv_ext s��� te��� w ext, jesli nie dopisuje
i=0;
for l in $lan_int
do
let "i=$i+1"
zew="$zew ${ext[$i]}"
done
ipki="$zew $int"
for srvip in $srv_ext
do
if [[ `echo $ipki | grep $srvip` != $ipki ]]; then
zew="$zew $srvip"
fi
done
ile_int=`echo ${int}|awk '{print NF}'`
ile_ext=`echo ${zew}|awk '{print NF}'`
ile=$(echo "$ile_int + $ile_ext" | bc)
if [[ $ile -ge $MAX ]]
then
echo "Niedopuszczalnie du���o komputer���w!"
exit 1
fi
stop()
{
$TC qdisc del root dev imq0 2> /dev/null
$TC qdisc del root dev imq1 2> /dev/null
$IP link set imq0 down
$IP link set imq1 down
}
start()
{ stop
# download
tmp=$(echo "$ext_dwl%$ile" | bc)
min=$(echo "$ext_dwl/$ile" | bc)
pri_min=$(echo "$min/2+$min%2" | bc)
sec_min=$(echo "$min/2" | bc)
max=$ext_dwl
echo " Ilo������ komputer���w: $ile"
echo "%===================================================================%"
echo " Ustawianie kolejki downloadu."
echo " Minimalny download: $min kbit/s"
echo " Maksymalny download: $max kbit/s"
echo " Kolejka: -priorytetowa: $pri_min kbit/s -normalna: $sec_min kbit/s"
echo " Niewykorzystane: $tmp kbit/s"
echo " "
if [[ u_r2q=="" ]]; then
$TC qdisc add dev imq0 root handle 1:0 htb
else
$TC qdisc add dev imq0 root handle 1:0 htb r2q $u_r2q
fi
$TC class add dev imq0 parent 1:0 classid 1:1 htb rate ${ext_dwl}kbit ceil ${ext_dwl}kbit
j=2
for usr in $zew
do
$TC class add dev imq0 parent 1:1 classid 1:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$(($j+1)) sfq
$TC qdisc add dev imq0 parent 1:$(($j+2)) sfq
$TC filter add dev imq0 protocol ip parent 1:0 pref 2 u32 match ip dst $usr flowid 1:$j
for prt in $porty_tcp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 1:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 1:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 1 0xff flowid 1:$(($j+1))
fi
$TC filter add dev imq0 protocol ip parent 1:$j pref 4 u32 match ip dst $usr flowid 1:$((j+2))
let "j=j+3"
done
for usr in $int
do
$TC class add dev imq0 parent 1:1 classid 1:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$(($j+1)) sfq
$TC qdisc add dev imq0 parent 1:$(($j+2)) sfq
$TC filter add dev imq0 protocol ip parent 1:0 pref 2 u32 match ip dst $usr flowid 1:$j
for prt in $porty_tcp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 1 0xff flowid 1:$(($j+1))
fi
$TC filter add dev imq0 protocol ip parent 1:$j pref 4 u32 match ip dst $usr flowid 1:$((j+2))
let "j=j+3"
done
i=0
for ntr in $lan_int
do
$TC class add dev imq0 parent 1:0 classid 1:$j htb rate ${int_dwl[$i]}Mbit ceil ${int_dwl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$j sfq
for ipek in $lan_int ${zew}
do
$TC filter add dev imq0 protocol ip parent 1:0 pref 1 u32 match ip src $ntr match ip dst $ipek flowid 1:$j
done
if [[ ${ext[$i]}!="" ]]; then
for pri in ${ext[$i]}
do
for sec in ${zew/${ext[$i]}/}
do
$TC filter add dev imq0 protocol ip parent 1:0 pref 1 u32 match ip src $pri match ip dst $sec flowid 1:$j
done
done
fi
let "j=j+1"
let "i=i+1"
done
$IPTABLES -t mangle -A PREROUTING -j IMQ --todev 0
$IP link set imq0 up
# upload
tmp=$(echo "$ext_upl%$ile" | bc)
min=$(echo "$ext_upl/$ile" | bc)
pri_min=$(echo "$min/2+$min%2" | bc)
sec_min=$(echo "$min/2" | bc)
max=$ext_upl
echo " Ustawianie kolejki uploadu."
echo " Maksymalny upload: $max kbit/s"
echo " Minimalny upload user���w: $min kbit/s"
echo " Kolejka: -priorytetowa: $pri_min kbit/s -normalna: $sec_min kbit/s"
echo " Niewykorzystane: $tmp kbit/s"
echo "%===================================================================%"
if [[ u_r2q=="" ]]; then
$TC qdisc add dev imq1 root handle 2:0 htb
else
$TC qdisc add dev imq1 root handle 2:0 htb r2q $u_r2q
fi
$TC class add dev imq1 parent 2:0 classid 2:1 htb rate ${ext_upl}kbit ceil ${ext_upl}kbit
j=2
for usr in $zew
do
$TC class add dev imq1 parent 2:1 classid 2:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$(($j+1)) sfq
$TC qdisc add dev imq1 parent 2:$(($j+2)) sfq
$TC filter add dev imq1 protocol ip parent 2:0 pref 2 u32 match ip src $usr flowid 2:$j
for prt in $porty_tcp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 2:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 2:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 1 0xff flowid 2:$(($j+1))
fi
$TC filter add dev imq1 protocol ip parent 2:$j pref 4 u32 match ip src $usr flowid 2:$((j+2))
let "j=j+3"
done
for usr in $int
do
$TC class add dev imq1 parent 2:1 classid 2:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$(($j+1)) sfq
$TC qdisc add dev imq1 parent 2:$(($j+2)) sfq
$TC filter add dev imq1 protocol ip parent 2:0 pref 2 u32 match ip src $usr flowid 2:$j
for prt in $porty_tcp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 1 0xff flowid 2:$(($j+1))
fi
$TC filter add dev imq1 protocol ip parent 2:$j pref 4 u32 match ip src $usr flowid 2:$((j+2))
let "j=j+3"
done
i=0
for ntr in $lan_int
do
$TC class add dev imq1 parent 2:0 classid 2:$j htb rate ${int_upl[$i]}Mbit ceil ${int_upl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$j sfq
for ipek in $lan_int ${zew}
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 1 u32 match ip src $ipek match ip dst $ntr flowid 2:$j
done
if [[ "${ext[$i]}"!="k" ]]; then
for pri in ${ext[$i]}
do
for sec in ${zew/${ext[$i]}/}
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 1 u32 match ip src $sec match ip dst $pri flowid 2:$j
done
done
fi
let "j=j+1"
let "i=i+1"
done
$IPTABLES -t mangle -A POSTROUTING -j IMQ --todev 1
$IP link set imq1 up
}
echo "rc.htb $VER, (C)Lenthir 2oo4, GNU GPL"
echo "$DAT"
case "$1" in
'start')
echo "Uruchamianie kolejkowania..."
start
echo "Gotowe."
exit 0
;;
'stop')
echo -n "Zatrzymywanie kolejkowania..."
stop
echo " wykonano."
;;
'restart')
echo "Restartowanie kolejkowania..."
$firewall
start
echo "Gotowe."
;;
'status')
echo "Klasy na interfejsie imq0!"
echo "%====================================%"
$TC class show dev imq0 | grep root
$TC class show dev imq0 | grep -v root | sort | nl
echo "Klasy na interfejsie imq1!"
echo "%====================================%"
$TC class show dev imq1 | grep root
$TC class show dev imq1 | grep -v root | sort | nl
;;
'stat')
if [[ "$2" == "" ]]; then
echo "Script need second argument - adress IP"
exit 1
elif [[ "$2" == "lan" ]]; then
j=2
for usr in $zew
do
let "j=j+3"
done
for usr in $int
do
let "j=j+3"
done
i=0;trs="echo \"Transfer w LAN\""
for uvs in $lan_int
do
trs="$trs && echo \"Lan[$i]:\" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \""
let "j=j+1"
let "i=i+1"
done
watch -d -n 1 "$trs"
else
j=2
for usr in $zew
do
if [[ "$2" == "$usr" ]]; then
watch -d -n 1 "echo \"Download: \" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+1)) \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+2)) \" && echo && echo \"Upload: \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+1)) \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+2)) \""
echo "Zako���czono."
exit 0
fi
let "j=j+3"
done
for usr in $int
do
if [[ "$2" == "$usr" ]]; then
watch -d -n 1 "echo \"Download: \" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+1)) \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+2)) \" && echo && echo \"Upload: \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+1)) \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+2)) \""
echo "Zako���czono."
exit 0
fi
let "j=j+3"
done
fi
;;
*)
echo
echo "U���ycie: rc.htb start|stop|restart|status"
echo "rc.htb stat <lan|adress IP>"
exit 1
;;
esac
[-- Attachment #3: htb0.5.3z --]
[-- Type: text/plain, Size: 14207 bytes --]
#!/bin/bash
#
# rc.htb 0.5.3, (C)Lenthir 2oo4, GNU GPL
# 2004-11-01 9:30
VER="0.5.3"
DAT="2004-11-01 9:30"
MAX=3330
#######################
#Konfiguracja interfejs���w:
ext_dwl=2000 #pr���dko������ ���acza(y) na ���wiat w kbit/s
ext_upl=220
int="`/home/scorpio/router/adresyIP`" #adresy IP dla interfejs���w lan
srv_ext="83.17.20.134" #zewn���trzne IP interfejs���w wyj���ciowych
lan_int="192.168.200.0/24 192.168.201.0/24 192.168.202.0/24"
int_dwl[0]=3; int_upl[0]=3
int_dwl[1]=3; int_upl[1]=3
int_dwl[2]=85; int_upl[2]=85
ext[0]="" #zewn���trzne IP w podsieciach
ext[1]="83.17.20.131"
ext[2]="83.17.20.130"
TC=`which tc` #���cie���ka do tc
MODPROBE=`which modprobe` #���cie���ka do modprobe
IP=`which ip` #���cie���ka do ip
IPTABLES=`which iptables` #���cie���ka do iptables
firewall="/etc/init.d/rc.iptables restart" #jak zrestartowa��� firewall
#u_r2q=10 #r2q
u_quantum=1500 #quantum
porty_tcp="20 21 22 23 25 53 80 110 143 220 443 993 995 27015"
porty_udp="53"
pping=1 # 0 - ping w kolejce normalnej 1 - ping w kolejce priorytetowej
#######################
#Sprawdza czy wszystkie srv_ext s��� te��� w ext, jesli nie dopisuje
i=0;
for l in $lan_int
do
let "i=$i+1"
zew="$zew ${ext[$i]}"
done
ipki="$zew $int"
for srvip in $srv_ext
do
if [[ `echo $ipki | grep $srvip` != $ipki ]]; then
zew="$zew $srvip"
fi
done
ile_int=`echo ${int}|awk '{print NF}'`
ile_ext=`echo ${zew}|awk '{print NF}'`
ile=$(echo "$ile_int + $ile_ext" | bc)
if [[ $ile -ge $MAX ]]
then
echo "Niedopuszczalnie du���o komputer���w!"
exit 1
fi
stop()
{
$TC qdisc del root dev imq0 2> /dev/null
$TC qdisc del root dev imq1 2> /dev/null
$IP link set imq0 down
$IP link set imq1 down
}
start()
{ stop
# download
tmp=$(echo "$ext_dwl%$ile" | bc)
min=$(echo "$ext_dwl/$ile" | bc)
pri_min=$(echo "$min/2+$min%2" | bc)
sec_min=$(echo "$min/2" | bc)
max=$ext_dwl
echo " Ilo������ komputer���w: $ile"
echo "%===================================================================%"
echo " Ustawianie kolejki downloadu."
echo " Minimalny download: $min kbit/s"
echo " Maksymalny download: $max kbit/s"
echo " Kolejka: -priorytetowa: $pri_min kbit/s -normalna: $sec_min kbit/s"
echo " Niewykorzystane: $tmp kbit/s"
echo " "
if [[ u_r2q=="" ]]; then
$TC qdisc add dev imq0 root handle 1:0 htb
else
$TC qdisc add dev imq0 root handle 1:0 htb r2q $u_r2q
fi
$TC class add dev imq0 parent 1:0 classid 1:1 htb rate ${ext_dwl}kbit ceil ${ext_dwl}kbit
j=2
for usr in $zew
do
$TC class add dev imq0 parent 1:1 classid 1:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$(($j+1)) sfq
$TC qdisc add dev imq0 parent 1:$(($j+2)) sfq
$TC filter add dev imq0 protocol ip parent 1:0 pref 2 u32 match ip dst $usr flowid 1:$j
for prt in $porty_tcp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 1:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 1:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 1 0xff flowid 1:$(($j+1))
fi
$TC filter add dev imq0 protocol ip parent 1:$j pref 4 u32 match ip dst $usr flowid 1:$((j+2))
let "j=j+3"
done
for usr in $int
do
$TC class add dev imq0 parent 1:1 classid 1:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq0 parent 1:$j classid 1:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$(($j+1)) sfq
$TC qdisc add dev imq0 parent 1:$(($j+2)) sfq
$TC filter add dev imq0 protocol ip parent 1:0 pref 2 u32 match ip dst $usr flowid 1:$j
for prt in $porty_tcp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 1:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq0 protocol ip parent 1:$j pref 3 u32 match ip protocol 1 0xff flowid 1:$(($j+1))
fi
$TC filter add dev imq0 protocol ip parent 1:$j pref 4 u32 match ip dst $usr flowid 1:$((j+2))
let "j=j+3"
done
i=0
for ntr in $lan_int
do
$TC class add dev imq0 parent 1:0 classid 1:$j htb rate ${int_dwl[$i]}Mbit ceil ${int_dwl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq0 parent 1:$j sfq
for ipek in $lan_int ${zew}
do
$TC filter add dev imq0 protocol ip parent 1:0 pref 1 u32 match ip src $ntr match ip dst $ipek flowid 1:$j
done
if [[ ${ext[$i]}!="" ]]; then
for pri in ${ext[$i]}
do
for sec in ${zew/${ext[$i]}/}
do
$TC filter add dev imq0 protocol ip parent 1:0 pref 1 u32 match ip src $pri match ip dst $sec flowid 1:$j
done
done
fi
let "j=j+1"
let "i=i+1"
done
$IPTABLES -t mangle -A PREROUTING -j IMQ --todev 0
$IP link set imq0 up
# upload
tmp=$(echo "$ext_upl%$ile" | bc)
min=$(echo "$ext_upl/$ile" | bc)
pri_min=$(echo "$min/2+$min%2" | bc)
sec_min=$(echo "$min/2" | bc)
max=$ext_upl
echo " Ustawianie kolejki uploadu."
echo " Maksymalny upload: $max kbit/s"
echo " Minimalny upload user���w: $min kbit/s"
echo " Kolejka: -priorytetowa: $pri_min kbit/s -normalna: $sec_min kbit/s"
echo " Niewykorzystane: $tmp kbit/s"
echo "%===================================================================%"
if [[ u_r2q=="" ]]; then
$TC qdisc add dev imq1 root handle 2:0 htb
else
$TC qdisc add dev imq1 root handle 2:0 htb r2q $u_r2q
fi
$TC class add dev imq1 parent 2:0 classid 2:1 htb rate ${ext_upl}kbit ceil ${ext_upl}kbit
j=2
for usr in $zew
do
$TC class add dev imq1 parent 2:1 classid 2:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$(($j+1)) sfq
$TC qdisc add dev imq1 parent 2:$(($j+2)) sfq
$TC filter add dev imq1 protocol ip parent 2:0 pref 2 u32 match ip src $usr flowid 2:$j
for prt in $porty_tcp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip sport $prt 0xffff flowid 2:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip sport $prt 0xffff flowid 2:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 1 0xff flowid 2:$(($j+1))
fi
$TC filter add dev imq1 protocol ip parent 2:$j pref 4 u32 match ip src $usr flowid 2:$((j+2))
let "j=j+3"
done
for usr in $int
do
$TC class add dev imq1 parent 2:1 classid 2:$j htb rate ${min}kbit ceil ${max}kbit quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+1)) htb rate ${pri_min}kbit ceil ${max}kbit prio 1 quantum $u_quantum
$TC class add dev imq1 parent 2:$j classid 2:$(($j+2)) htb rate ${sec_min}kbit ceil ${max}kbit prio 2 quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$(($j+1)) sfq
$TC qdisc add dev imq1 parent 2:$(($j+2)) sfq
$TC filter add dev imq1 protocol ip parent 2:0 pref 2 u32 match ip src $usr flowid 2:$j
for prt in $porty_tcp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 6 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
done
for prt in $porty_udp
do
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 17 0xff match ip dport $prt 0xffff flowid 2:$(($j+1))
done
if [[ $pping -eq 1 ]]; then
$TC filter add dev imq1 protocol ip parent 2:$j pref 3 u32 match ip protocol 1 0xff flowid 2:$(($j+1))
fi
$TC filter add dev imq1 protocol ip parent 2:$j pref 4 u32 match ip src $usr flowid 2:$((j+2))
let "j=j+3"
done
i=0
for ntr in $lan_int
do
$TC class add dev imq1 parent 2:0 classid 2:$j htb rate ${int_upl[$i]}Mbit ceil ${int_upl[$i]}Mbit quantum $u_quantum
$TC qdisc add dev imq1 parent 2:$j sfq
for ipek in $lan_int ${zew}
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 1 u32 match ip src $ipek match ip dst $ntr flowid 2:$j
done
if [[ "${ext[$i]}"!="k" ]]; then
for pri in ${ext[$i]}
do
for sec in ${zew/${ext[$i]}/}
do
$TC filter add dev imq1 protocol ip parent 2:0 pref 1 u32 match ip src $sec match ip dst $pri flowid 2:$j
done
done
fi
let "j=j+1"
let "i=i+1"
done
$IPTABLES -t mangle -A POSTROUTING -j IMQ --todev 1
$IP link set imq1 up
}
echo "rc.htb $VER, (C)Lenthir 2oo4, GNU GPL"
echo "$DAT"
case "$1" in
'start')
echo "Uruchamianie kolejkowania..."
start
echo "Gotowe."
exit 0
;;
'stop')
echo -n "Zatrzymywanie kolejkowania..."
stop
echo " wykonano."
;;
'restart')
echo "Restartowanie kolejkowania..."
$firewall
start
echo "Gotowe."
;;
'status')
echo "Klasy na interfejsie imq0!"
echo "%====================================%"
$TC class show dev imq0 | grep root
$TC class show dev imq0 | grep -v root | sort | nl
echo "Klasy na interfejsie imq1!"
echo "%====================================%"
$TC class show dev imq1 | grep root
$TC class show dev imq1 | grep -v root | sort | nl
;;
'stat')
if [[ "$2" == "" ]]; then
echo "Script need second argument - adress IP"
exit 1
elif [[ "$2" == "lan" ]]; then
j=2
for usr in $zew
do
let "j=j+3"
done
for usr in $int
do
let "j=j+3"
done
i=0;trs="echo \"Transfer w LAN\""
for uvs in $lan_int
do
trs="$trs && echo \"Lan[$i]:\" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \""
let "j=j+1"
let "i=i+1"
done
watch -d -n 1 "$trs"
else
j=2
for usr in $zew
do
if [[ "$2" == "$usr" ]]; then
watch -d -n 1 "echo \"Download: \" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+1)) \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+2)) \" && echo && echo \"Upload: \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+1)) \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+2)) \""
echo "Zako���czono."
exit 0
fi
let "j=j+3"
done
for usr in $int
do
if [[ "$2" == "$usr" ]]; then
watch -d -n 1 "echo \"Download: \" && tc -s class show dev imq0 | grep -A 3 \"htb 1:$j \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+1)) \" && tc -s class show dev imq0 | grep -A 3 \"1:$(($j+2)) \" && echo && echo \"Upload: \" && tc -s class show dev imq1 | grep -A 3 \"htb 2:$j \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+1)) \" && tc -s class show dev imq1 | grep -A 3 \"2:$(($j+2)) \""
echo "Zako���czono."
exit 0
fi
let "j=j+3"
done
fi
;;
*)
echo
echo "U���ycie: rc.htb start|stop|restart|status"
echo "rc.htb stat <lan|adress IP>"
exit 1
;;
esac
^ permalink raw reply [flat|nested] 8+ messages in thread
* [LARTC] htb script
2004-11-24 22:08 [LARTC] HTB Script Lenthir
` (4 preceding siblings ...)
2004-12-08 10:27 ` Lenthir
@ 2005-01-08 9:25 ` jayesh
2005-01-17 0:17 ` Andy Furniss
6 siblings, 0 replies; 8+ messages in thread
From: jayesh @ 2005-01-08 9:25 UTC (permalink / raw)
To: lartc
[-- Attachment #1.1: Type: text/plain, Size: 1308 bytes --]
dear all
iam newbie , i have 256 kbits of down link and 64 kbits of up link iam using squid and htb i have got this while browsing the net , there are some few issues i need help
while running the script i want browsing to be as fast as possible , uplink especially kaaza should not eat my band width.
eth1 got public ip address and eth0 is internal with network 10.0.0.0/24 iam also using nat , how can i make squid incoporates with htb (squid uses 3128)
here is my script
please help with clarification
regards
Dealing in Computers, Software and Peripherals
Jayesh Chandran Compucat Technologies
(An associate of Milan Cable Television)
1.Goliondoi Road, Arusha.
2.Ground Floor, Serengeti Wing,
PB No. 10367, AICC, Arusha, Tanzania
jayesh@bol.co.tz tel:
fax:
mobile: +255 27 2502660
+255 27 2504527
+255 748 586169
Add me to your address book... Want a signature like this?
[-- Attachment #1.2: Type: text/html, Size: 5210 bytes --]
[-- Attachment #2: rc.txt --]
[-- Type: text/plain, Size: 5958 bytes --]
#!/bin/bash
TC=/sbin/tc
IPTABLES=/sbin/iptables
$TC qdisc del dev eth0 root 2> /dev/null > /dev/null
$TC qdisc del dev eth1 root 2> /dev/null > /dev/null
$TC qdisc del dev eth1 ingress 2> /dev/null > /dev/null
$IPTABLES -F POSTROUTING -t mangle
$TC qdisc add dev eth0 root handle 1: htb default 50 r2q 2
$TC class add dev eth0 parent 1: classid 1:2 htb rate 248Kbit burst 35k
$TC class add dev eth0 parent 1:2 classid 1:10 htb rate 220Kbit ceil 240Kbit burst 25k prio 0
$TC class add dev eth0 parent 1:2 classid 1:30 htb rate 28Kbit ceil 28Kbit burst 10k prio 1
$TC class add dev eth0 parent 1: classid 1:60 htb rate 1Kbit ceil 100Mbit prio 1
$TC qdisc add dev eth0 parent 1:10 handle 11: sfq perturb 10
$TC qdisc add dev eth0 parent 1:30 handle 33: sfq perturb 10
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 80 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 443 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 22 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 21 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 53 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p udp --sport 53 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 110 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 5190 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 6661:6669 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p tcp --sport 3128 -j MARK --set-mark 1
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p udp --sport 3128 -j MARK --set-mark 1#$IPTABLES -t mangle -A POSTROUTING -o eth0 -s ! 10.0.0.0/24 -p icmp -j MARK --set-mark 1
$TC filter add dev eth0 parent 1:0 protocol ip handle 1 fw flowid 1:10
$TC filter add dev eth0 parent 1:0 protocol ip handle 3 fw flowid 1:30
$TC filter add dev eth0 parent 1:0 protocol ip prio 1 u32 \
match ip protocol 0x6 0xff \
match ip tos 0x10 0xff \
flowid 1:60
##############################
$TC qdisc add dev eth1 root handle 1: htb default 20
$TC class add dev eth1 parent 1: classid 1:1 htb rate 62Kbit burst 35k
$TC class add dev eth1 parent 1:1 classid 1:10 htb rate 40Kbit ceil 60Kbit burst 25k prio 1
$TC class add dev eth1 parent 1:1 classid 1:20 htb rate 15Kbit ceil 55Kbit burst 10k prio 2
$TC class add dev eth1 parent 1:1 classid 1:30 htb rate 7Kbit ceil 28Kbit burst 5k prio 3
$TC qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev eth1 parent 1:20 handle 20: sfq perturb 10
$TC qdisc add dev eth1 parent 1:30 handle 30: sfq perturb 10
$TC filter add dev eth1 parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
$TC filter add dev eth1 parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -j MARK --set-mark 12
# $IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p icmp -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --sport 22 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --sport 80 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --dport 80 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --dport 21 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --dport 20 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --sport 3128 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s ! 10.0.0.0/24 -p tcp --dport 3128 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -j MARK --set-mark 13
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 80 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 443 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 53 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p udp --dport 53 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 22 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 23 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 21 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 25 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 110 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 5190 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth1 -s 10.0.0.0/24 -p tcp --dport 6661:6669 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s 10.0.0.0/24 -p udp --dport 3128 -j MARK --set-mark 11
$IPTABLES -t mangle -A POSTROUTING -o eth0 -s 10.0.0.0/24 -p tcp --dport 3128 -j MARK --set-mark 11
#$IPTABLES -t mangle -A POSTROUTING -p icmp -j RETURN
$TC filter add dev eth1 parent 1:0 protocol ip handle 11 fw flowid 1:10
$TC filter add dev eth1 parent 1:0 protocol ip handle 12 fw flowid 1:20
$TC filter add dev eth1 parent 1:0 protocol ip handle 13 fw flowid 1:30
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [LARTC] htb script
2004-11-24 22:08 [LARTC] HTB Script Lenthir
` (5 preceding siblings ...)
2005-01-08 9:25 ` [LARTC] htb script jayesh
@ 2005-01-17 0:17 ` Andy Furniss
6 siblings, 0 replies; 8+ messages in thread
From: Andy Furniss @ 2005-01-17 0:17 UTC (permalink / raw)
To: lartc
jayesh wrote:
> dear all
> iam newbie , i have 256 kbits of down link and 64 kbits of up link iam using squid and htb i have got this while browsing the net , there are some few issues i need help
> while running the script i want browsing to be as fast as possible , uplink especially kaaza should not eat my band width.
> eth1 got public ip address and eth0 is internal with network 10.0.0.0/24 iam also using nat , how can i make squid incoporates with htb (squid uses 3128)
> here is my script
You need to patch squid to mark on hit/miss.
http://www.docum.org/docum.org/faq/cache/65.html
Andy.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2005-01-17 0:17 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-24 22:08 [LARTC] HTB Script Lenthir
2004-11-25 20:08 ` Lenthir
2004-11-26 22:28 ` Andy Furniss
2004-11-27 12:17 ` Lenthir
2004-11-29 22:30 ` Andy Furniss
2004-12-08 10:27 ` Lenthir
2005-01-08 9:25 ` [LARTC] htb script jayesh
2005-01-17 0:17 ` Andy Furniss
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.