thr3ads.net - LARTC - Please: Judge this script [Jul 2005]

If this information is useful, please help other people find it:
Share via:
Ricardo Chamorro
2005-Jul-05 05:27 UTC
Please: Judge this script

I copied and tried to adapt to my necessities the excellent script of Pedro
Larroy, but I am inexperienced in QoS and I have doubts.  I have cablemodem to
Internet 1024kbit down and 256kbit up, through eth0. The LAN has eth1 and NAT.
I formed the band so that shaping goes by the eth1 (of the LAN) with bandwidth
maximum CEIL=768.
But I observe that the traffic sometimes accelerates and other moments stops.  
Please, you they could say to me what is bad of script that I paste below???  
Thanks for its patience.
----------paste script-------------------------------------------------
CEIL=768

#Primero borrar todas las bandas que pudiera haber

tc qdisc del dev eth1 root

#Se crea la banda principal root 1, cuyos paquetes por defecto van a la banda 1

tc qdisc add dev eth1 root handle 1: htb default 15

tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil
${CEIL}kbit

tc class add dev eth1 parent 1:1 classid 1:10 htb rate 270kbit ceil 270kbit prio
0

tc class add dev eth1 parent 1:1 classid 1:11 htb rate 270kbit ceil ${CEIL}kbit
prio 1

tc class add dev eth1 parent 1:1 classid 1:12 htb rate 68kbit ceil ${CEIL}kbit
prio 2

tc class add dev eth1 parent 1:1 classid 1:13 htb rate 68kbit ceil ${CEIL}kbit
prio 2

tc class add dev eth1 parent 1:1 classid 1:14 htb rate 34kbit ceil ${CEIL}kbit
prio 3

tc class add dev eth1 parent 1:1 classid 1:15 htb rate 100kbit ceil ${CEIL}kbit
prio 1

#Se asocia la cola sfq con la banda hija

tc qdisc add dev eth1 parent 1:11 handle 110: sfq perturb 10

tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10

tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10

tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10

tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10

#Se asocian las marcas que hubiera en iptables mangle con las bandas respectivas

tc filter add dev eth1 protocol ip parent 1:0 prio 1 handle 1 fw classid 1:10

tc filter add dev eth1 protocol ip parent 1:0 prio 2 handle 2 fw classid 1:11

tc filter add dev eth1 protocol ip parent 1:0 prio 3 handle 3 fw classid 1:12

tc filter add dev eth1 protocol ip parent 1:0 prio 4 handle 4 fw classid 1:13

tc filter add dev eth1 protocol ip parent 1:0 prio 5 handle 5 fw classid 1:14

tc filter add dev eth1 protocol ip parent 1:0 prio 6 handle 6 fw classid 1:15

#Se dan las reglas iptables para marcar lo que nos interesa

$IPTABLES -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1

$IPTABLES -t mangle -A PREROUTING -p icmp -j RETURN

$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark
0x1

$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN

$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark
0x5

$IPTABLES -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN

$IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK
--set-mark 0x6

$IPTABLES -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN

#Esto prioriza paquetes del puerto seteado

$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j MARK --set-mark
0x2
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j MARK --set-mark
0x2
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 80 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54661 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54662 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 56881 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --sport 54711 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54665 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 54672 -j RETURN
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j MARK --set-mark
0x6
$IPTABLES -t mangle -A PREROUTING -p udp -m udp --sport 56881 -j RETURN

#Esto prioriza paquetes al comienzo de conexiones tcp con SYN flag

$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
MARK --set-mark 0x1
$IPTABLES -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
RETURN

#Cierra reglas de la tabla prerouting mangle

$IPTABLES -t mangle -A PREROUTING -j MARK --set-mark 0x6

#Todo lo mismo que lo anterior, pero en OUTPUT, para trafico generado localmente

$IPTABLES -t mangle -A OUTPUT -p icmp -j MARK --set-mark 0x1

$IPTABLES -t mangle -A OUTPUT -p icmp -j RETURN

$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j MARK --set-mark 0x1

$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Delay -j RETURN

$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j MARK --set-mark 0x5

$IPTABLES -t mangle -A OUTPUT -m tos --tos Minimize-Cost -j RETURN

$IPTABLES -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j MARK
--set-mark 0x6

$IPTABLES -t mangle -A OUTPUT -m tos --tos Maximize-Throughput -j RETURN

#Esto prioriza paquetes del puerto seteado

$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 80 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 80 -j MARK --set-mark 0x2
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 80 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54661 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54661 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54662 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54662 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 56881 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54711 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --sport 54711 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54665 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54665 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54672 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 54672 -j RETURN
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 56881 -j MARK --set-mark 0x6
$IPTABLES -t mangle -A OUTPUT -p udp -m udp --sport 56881 -j RETURN

#Esto prioriza paquetes al comienzo de conexiones tcp con SYN flag

$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK
--set-mark 0x1
$IPTABLES -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
RETURN

#Cierra reglas de la tabla OUTPUT mangle

$IPTABLES -t mangle -A OUTPUT -j MARK --set-mark 0x3
--------------------------end
paste----------------------------------------------

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Apparently Analagous Threads

Search for more seemingly similar threads
LARTC - Jul 2005 - Please: Judge this script

Please: Judge this script

Apparently Analagous Threads

Wisdom of the Ancients
