1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
|
###########################################################################################################
#
# Traffic Control configuration
#
# Copyright (c) 2009 iilluzion
#
# Distributed under GPL-2
#
###########################################################################################################
##### MAIN CONFIGURATION PARAMETERS
####
### uplink and downlink rates should be set very precisely
## RATE_SUB_PERCENT should be set to allow the Router to control a queue
#
###########################################################################################################
# Specify the upload speed of your internet connection (kbit, mbit).
# Since ISPs tend to overestimate the speeds they offer, it would
# probably be best if you measure this on a free line.
#
### UPLINK_RATE=128kbit
### UPLINK_RATE=256kbit
UPLINK_RATE=512kbit
###########################################################################################################
# Specify the download speed of your internet connection (kbit, mbit).
#
### DOWNLINK_RATE=256kbit
### DOWNLINK_RATE=512kbit
DOWNLINK_RATE=1024kbit
###########################################################################################################
# In order to prevent traffic queuing at the ISP side or in your modem,
# we shape to a slightly lower rate. This way the bottleneck is the router,
# not the ISP or modem, which allows us more direct control of shaping.
#
### RATE_SUB_PERCENT=20
### RATE_SUB_PERCENT=15
RATE_SUB_PERCENT=10
###########################################################################################################
# Specify the local network speed (kbit, mbit)
#
LAN_RATE=9mbit
###########################################################################################################
##### ADVANCED CONFIGURATION PARAMETERS
####
###
##
#
###########################################################################################################
# Helper Functions
#
# Convert rate to bites per second format (bits)
bits()
{
RATE=0
R_RATE=$1
R_NUMBER=`echo "$R_RATE" | sed -e "s/[^0-9]//g"`
R_UNIT=`echo "$R_RATE" | sed -e "s/[0-9]//g"`
if [ "$R_UNIT" == "" ]; then
R_UNIT="kbit"
fi
if [ "$R_UNIT" == "kbps" ]; then R_RATE=$(($R_NUMBER * 1024 * 8))
elif [ "$R_UNIT" == "mbps" ]; then R_RATE=$(($R_NUMBER * 1024 * 1024 * 8))
elif [ "$R_UNIT" == "mbit" ]; then R_RATE=$(($R_NUMBER * 1024 * 1024))
elif [ "$R_UNIT" == "kbit" ]; then R_RATE=$(($R_NUMBER * 1024))
elif [ "$R_UNIT" == "bps" ]; then R_RATE=$(($R_NUMBER * 8))
else
echo "Unknown unit '$R_UNIT' (mbps, mbit, kbit, bps)"
fi
echo "$R_RATE"
}
###########################################################################################################
# Define supported Queuing Disciplines
#
QDISCS="prio|tbf|htb|hfsc|sfq|red|pfifo"
###########################################################################################################
# Traffic Control parameters will be calculated depending on link directions
#
DIRECTION=$1
###########################################################################################################
# Specify the network devices that are connected to the internet.
# If you are a dialup or PPPoE user, you have to re-run the QoS script
# every time you connect.
#
### WAN_DEVICES="ppp0"
WAN_DEVICES="$(ip route show 0.0.0.0/0 | grep dev | sed 's/.*dev //' | awk '{print $1}')"
WAN_DEVICES="$WAN_DEVICES $(ip addr | grep gre | egrep -v "gre0" | awk '/^[0-9]/ { gsub(":", ""i, $2); print $2}' | cut -f 1 -d'@')"
###########################################################################################################
# Specify the network devices which are connected with your local network segments.
#
### LAN_DEVICES="eth1"
LAN_DEVICES=`awk -F: 'NR > 2 { print $1 }' /proc/net/dev | egrep -v "lo|gre0|$(echo $WAN_DEVICES | sed s/" "/"|"/g)"`
###########################################################################################################
# Calculaton of WAN up/down link rates
#
DIRECTION=${DIRECTION:-ALL}
if [ $DIRECTION = "ALL" ]; then
DEVICES="$WAN_DEVICES $LAN_DEVICES"
fi
if [ $DIRECTION = "UP" ]; then
WAN_RATE=`bits $UPLINK_RATE`
DEVICES=$WAN_DEVICES
fi
if [ $DIRECTION = "DOWN" ]; then
WAN_RATE=`bits $DOWNLINK_RATE`
DEVICES=$LAN_DEVICES
fi
WAN_SUB_RATE=$((WAN_RATE - (RATE_SUB_PERCENT * WAN_RATE / 100)))
INTERACTIVE_RATE=$((WAN_SUB_RATE / 5))
PRIVILEGED_RATE=$((WAN_SUB_RATE / 2))
BESTEFFORT_RATE=$((WAN_SUB_RATE / 3))
OUT_OF_WAN_RATE=`bits $LAN_RATE`
OUT_OF_WAN_RATE=$((OUT_OF_WAN_RATE - WAN_RATE))
###########################################################################################################
# Specify root Queuing Disciplines
#
# Recommendations:
# htb: if link is not congested or you want to control busrts of traffic; recommended for downstream.
# hfsc: if link is congested and you need to control guarantees of delay; recommended for upstream.
# dmax = 50-100 [ms] = 50000-100000 [microsec]
# umax = MIN (rate * (dmax / 1000), 1500) [b]
# prio: if rate is variable and you want to be sure that interactive traffic has ultimate priority
# none: if no egress shaping is desired
# (in this case you may want to setup only ingress policing)
#
DOWNLINK_QDISC=htb
### DOWNLINK_QDISC=hfsc
### DOWNLINK_QDISC=prio
### DOWNLINK_QDISC=none
#
UPLINK_QDISC=hfsc
### UPLINK_QDISC=htb
### UPLINK_QDISC=prio
### UPLINK_QDISC=none
###########################################################################################################
# Calculation of Queuing Discipline parameters
#
INTERACTIVE_PRIO_LATENCY=50000
INTERACTIVE_PRIO_BURST=$((INTERACTIVE_RATE / 100 / 8))
#
INTERACTIVE_HFSC_DMAX=50000
INTERACTIVE_HFSC_UMAX=$((INTERACTIVE_RATE * INTERACTIVE_HFSC_DMAX / 1000 / 1000))
[ $INTERACTIVE_HFSC_UMAX -gt 1500 ] && INTERACTIVE_HFSC_UMAX=1500
#
PRIVILEGED_HFSC_DMAX=100000
PRIVILEGED_HFSC_UMAX=$((PRIVILEGED_RATE * PRIVILEGED_HFSC_DMAX / 1000 / 1000))
[ $PRIVILEGED_HFSC_UMAX -gt 1500 ] && PRIVILEGED_HFSC_UMAX=1500
###########################################################################################################
# Specify INGRESS policing
#
# Recommendations:
# none: if link is not congested
# police: if link is constantly congested
#
### DOWNLINK_INGRESS=police
DOWNLINK_INGRESS=none
### UPLINK_INGRESS=police
UPLINK_INGRESS=none
###########################################################################################################
# Calculation of policing bursts
# burst = rate / 17 (taken basing on experemental results)
#
POLICE_BURST_SCALE=17
INTERACTIVE_POLICE_BURST=$((INTERACTIVE_RATE / POLICE_BURST_SCALE))
PRIVILEGED_POLICE_BURST=$((PRIVILEGED_RATE / POLICE_BURST_SCALE))
BESTEFFORT_POLICE_BURST=$((BESTEFFORT_RATE / POLICE_BURST_SCALE))
###########################################################################################################
# Specify leaf Queuing Disciplines
# Recommendations:
# "pfifo limit 5": Interactive, Priviledged (real-time streams, IPSEC)
# "sfq perturb 10": Best-Effort (TCP sessions or best-effort class traffic)
# "red <parameters>": Best-Effort (hightly congested links or high-speed Internet [> 10Mbit/sec])
# Random Early Detect (RED) parameters calculation:
# min = maximum delay * rate (dalay ~ 200ms = 0.2sec) [b]
# max = 3 * min [b]
# avpkt = 1000 (MTU 1500)
# limit = 8 * max [b]
# burst = (min + min + max)/(3 * avpkt) [b]
# probability = 0.02
INTERACTIVE_LEAF_QDISC="pfifo limit 5"
PRIVILEGED_LEAF_QDISC="pfifo limit 5"
### BESTEFFORT_LEAF_QDISC="sfq perturb 10"
#
RED_DELAY=200
RED_MIN=$((RED_DELAY * BESTEFFORT_RATE / 1000 / 8)) # devided on 8 since rate given in bit/s so we get bytes
RED_MAX=$((3 * RED_MIN))
RED_AVPKT=1000
RED_PROB=0.02
RED_BURST=$(((RED_MIN + RED_MIN + RED_MAX) / (3 * RED_AVPKT)))
RED_LIMIT=$((8 * RED_MAX))
#
BESTEFFORT_LEAF_QDISC="red min $RED_MIN max $RED_MAX burst $RED_BURST limit $RED_LIMIT probability $RED_PROB avpkt $RED_AVPKT"
#
LAN_LEAF_QDISC="sfq perturb 10"
###########################################################################################################
# Specify filter rules (see tc, tc-filters man page).
# You may have multiple <CLASS-NAME>_FILTER_<n> items.
# Maximum 100 filter items are allowed for each class
#
# Interactive Class Traffic Filters
#
# UDP
#
INTERACTIVE_FILTER_1="protocol ip prio 100 u32 match ip protocol 0x11 0xff"
#
# ICMP
#
INTERACTIVE_FILTER_2="protocol ip prio 100 u32 match ip protocol 0x1 0xff"
#
# ACK with payload < 64 bytes (32-bit version)
#
INTERACTIVE_FILTER_3="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33"
#
# ACK with payload < 64 bytes
#
INTERACTIVE_FILTER_4="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x10 0xff at nexthdr+13 match u16 0x0000 0xffc0 at 2"
#
# TOS: 0x10, 0x18, 0xb8(ef)
#
INTERACTIVE_FILTER_5="protocol ip prio 100 u32 match ip tos 0x10 0xff"
INTERACTIVE_FILTER_6="protocol ip prio 100 u32 match ip tos 0x18 0xff"
INTERACTIVE_FILTER_7="protocol ip prio 100 u32 match ip tos 0xb8 0xff"
###########################################################################################################
# Priviledged Class Traffic Filters
#
# SSH
#
PRIVILEGED_FILTER_1="protocol ip prio 100 u32 match ip dport 22 0xffff"
PRIVILEGED_FILTER_2="protocol ip prio 100 u32 match ip sport 22 0xffff"
#
# Remote Desktop
#
PRIVILEGED_FILTER_3="protocol ip prio 100 u32 match ip dport 3389 0xffff"
PRIVILEGED_FILTER_4="protocol ip prio 100 u32 match ip sport 3389 0xffff"
#
# ESP
#
PRIVILEGED_FILTER_5="protocol ip prio 100 u32 match ip protocol 0x32 0xff"
#
# AH
#
PRIVILEGED_FILTER_6="protocol ip prio 100 u32 match ip protocol 0x33 0xff"
#
# TOS: 0x88(af41)
#
PRIVILEGED_FILTER_7="protocol ip prio 100 u32 match ip tos 0x88 0xff"
#
# IPSEC-NAT
#
PRIVILEGED_FILTER_8="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip dport 4500 0xffff"
PRIVILEGED_FILTER_9="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip sport 4500 0xffff"
###########################################################################################################
# Best-Effort Class Traffic Filters
# By default ALL unclassified traffic is being assined to Best-Effort class
# You may specify additional filters here
#
# Examples: Any traffic from/to 192.168.1.0/24 network will be unconditionally classified as best-effort
#
### BESTEFFORT_FILTER_1="protocol ip prio 3 u32 match ip src 192.168.1.0/24"
### BESTEFFORT_FILTER_2="protocol ip prio 4 u32 match ip dst 192.168.1.0/24"
#
###########################################################################################################
# LAN Class Traffic Filters
#
# Traffic Originated from router
#
# Example:
###LAN_FILTER_1="protocol ip prio 10 u32 match ip src 192.168.1.10"
#
##
###
####
##### END OF GENERIC ALPINE SETUP
###########################################################################################################
|