From: "David Hellekalek" <lartc@hellekalek.com>
To: lartc@vger.kernel.org
Subject: [LARTC] not sure if my script works
Date: Thu, 13 Mar 2003 21:15:31 +0000 [thread overview]
Message-ID: <marc-lartc-104759020522097@msgid-missing> (raw)
Hi,
I wrote the following shell-script for my traffic shaping but I am not sure
if it works. I think I noticed a serious speed decrease (not on LAN but on
ISDN-connection) and therefore it would be nice if you would look through
the script (especially then incoming-part) and tell me if I made any errors.
I looked for it lots of times but did not find anything that is wrong.
--------------------------------------
#!/bin/sh
#
# Shell-Skript fuer Quality of Service mit HTB
#
EXTIF=ppp0
INTIF=eth0
# in /root because the normal tc does not work but I did not want to
overwrite it.
TC=/root/tc
NET\x192.168.10.0
MASK%5.255.255.0
modprobe sch_htb sch_prio sch_tbf sch_cbq
############
# Outgoing
############
## Root
$TC qdisc add dev $EXTIF root handle 1:0 htb default 12
## Hauptklasse
$TC class add dev $EXTIF parent 1:0 classid 1:1 htb rate 62kbit ceil 62kbit
## Klasse fuer ACK
$TC class add dev $EXTIF parent 1:1 classid 1:10 htb rate 8kbit ceil 62kbit
prio 0
## Klasse fuer VPN/SSH
$TC class add dev $EXTIF parent 1:1 classid 1:11 htb rate 40kbit ceil 62kbit
prio 1
## Klasse fuer normalen Traffic
$TC class add dev $EXTIF parent 1:1 classid 1:12 htb rate 12kbit ceil 62kbit
prio 2
## Klasse fuer Bulk
$TC class add dev $EXTIF parent 1:1 classid 1:13 htb rate 2kbit ceil 48kbit
prio 3
# ACKs
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp -m length --length
0:64 -j MARK --set-mark 10
# VPN/IPsec
iptables -A POSTROUTING -t mangle -o $EXTIF -p 50 -j MARK --set-mark 11
# SSH
# iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 22 -j LOG
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 22 -j
MARK --set-mark 11
# Counter-Strike
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 27015 -j
MARK --set-mark 11
# ICMP / Ping
iptables -A POSTROUTING -t mangle -o $EXTIF -p icmp -j MARK --set-mark 11
# lokaler SSH Server auf Port 4444
# iptables -A OUTPUT -t mangle -o $EXTIF -p tcp --sport 4444 -j
MARK --set-mark 11
# SMTP
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 25 -j
MARK --set-mark 12
# eDonkey
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 4662 -j
MARK --set-mark 13
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 4662 -j
MARK --set-mark 13
# Kazaa
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 1214 -j
MARK --set-mark 13
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 1214 -j
MARK --set-mark 13
# Battle.net
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 6112 -j
MARK --set-mark 11
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 6112 -j
MARK --set-mark 11
# Diablo II
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 4000 -j
MARK --set-mark 11
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --sport 4000 -j
MARK --set-mark 11
# diverses:
# iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j LOG
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp -m tcp --tcp-flags
SYN,RST,ACK SYN -j MARK --set-mark 11
$TC filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 10 fw flowid
1:10
$TC filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 11 fw flowid
1:11
# default: 1:12
$TC filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 13 fw flowid
1:13
###########
# Incoming
###########
$TC qdisc add dev $INTIF root handle 2:0 htb default 20
$TC class add dev $INTIF parent 2:0 classid 2:2 htb rate 100mbit ceil
100mbit
$TC class add dev $INTIF parent 2:2 classid 2:30 htb rate 99mbit ceil
100mbit prio 1
$TC class add dev $INTIF parent 2:2 classid 2:20 htb rate 60kbit ceil 60kbit
prio 0
$TC qdisc add dev $INTIF parent 2:20 handle 20:0 htb default 20
$TC class add dev $INTIF parent 20:0 classid 20:20 htb rate 48kbit ceil
60kbit prio 1
$TC class add dev $INTIF parent 20:0 classid 20:21 htb rate 10kbit ceil
60kbit prio 0
$TC class add dev $INTIF parent 20:0 classid 20:22 htb rate 2kbit ceil
56kbit prio 3
# interner traffic
# iptables -A POSTROUTING -t mangle -o $INTIF -s $NET/$MASK -j LOG
iptables -A POSTROUTING -t mangle -o $INTIF -s $NET/$MASK -j MARK --set-mark
30
# ACKs
iptables -A POSTROUTING -t mangle -o $INTIF -s ! $NET/$MASK -m
length --length 0:200 -j MARK --set-mark 21
# SSH
# iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
22 -j LOG
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
22 -j MARK --set-mark 21
# ICMP / Ping
# iptables -A POSTROUTING -t mangle -o $INTIF -p icmp -s ! $NET/$MASK -j LOG
iptables -A POSTROUTING -t mangle -o $INTIF -p icmp -s ! $NET/$MASK -j
MARK --set-mark 21
# eDonkey
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --dport
4662 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
4662 -j MARK --set-mark 22
# Kazaa
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --dport
1214 -j MARK --set-mark 22
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
1214 -j MARK --set-mark 22
# Battle.net
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --dport
6112 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
6112 -j MARK --set-mark 21
# Diablo II
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --dport
4000 -j MARK --set-mark 21
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK --sport
4000 -j MARK --set-mark 21
# zu drosselnder Rechner
iptables -A POSTROUTING -t mangle -o $INTIF -d 192.168.10.14 -s !
$NET/$MASK -j MARK --set-mark 22
# diverses:
# iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK -m
tcp --tcp-flags SYN,RST,ACK SYN -j LOG
iptables -A POSTROUTING -t mangle -o $INTIF -p tcp -s ! $NET/$MASK -m
tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 21
$TC filter add dev $INTIF parent 2:0 prio 0 protocol ip handle 30 fw flowid
2:30
$TC filter add dev $INTIF parent 2:20 prio 0 protocol ip handle 21 fw flowid
20:21
$TC filter add dev $INTIF parent 2:20 prio 0 protocol ip handle 22 fw flowid
20:22
#########
# SFQ
#########
$TC qdisc add dev $EXTIF parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $EXTIF parent 1:11 handle 11: sfq perturb 10
$TC qdisc add dev $EXTIF parent 1:12 handle 12: sfq perturb 10
$TC qdisc add dev $EXTIF parent 1:13 handle 13: sfq perturb 10
$TC qdisc add dev $INTIF parent 2:30 handle 30: sfq perturb 10
# commented out because it gives an error. do you know why/what it should be
to be correct?
#$TC qdisc add dev $INTIF parent 20:20 handle 20: sfq perturb 10
$TC qdisc add dev $INTIF parent 20:21 handle 21: sfq perturb 10
$TC qdisc add dev $INTIF parent 20:22 handle 22: sfq perturb 10
--------------------------------------
What do you think about this script? Is it good? Are there errors?
Regards,
David Hellekalek
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
reply other threads:[~2003-03-13 21:15 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104759020522097@msgid-missing \
--to=lartc@hellekalek.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.