User talk:Fukawi2

From ArchWiki

Traffic Shaping using tc

http://bbs.archlinux.org/viewtopic.php?id=55546

#!/bin/bash

# Chains
FORWARD=FORWARD
OUTPUT=OUTPUT
PREROUTING=PREROUTING
POSTROUTING=POSTROUTING
ETHOUT=ppp0

# Define speeds in kbps (kilobyte/s)
set -x
tc qdisc del dev $ETHOUT root

tc qdisc add dev $ETHOUT root handle 1: htb default 102 r2q 1

#
# here you set for parent 1:  approx 90% maximum upload capacity
# the first rate is the speed the class always should want, Next is maximum it can get.
#

tc class add dev $ETHOUT parent 1: classid 1:1 htb rate 60kbps ceil 60kbps
tc class add dev $ETHOUT parent 1:1 classid 1:101 htb rate 40kbps ceil 40kbps prio 0
tc class add dev $ETHOUT parent 1:1 classid 1:102 htb rate 30kbps ceil 40kbps prio 1
tc class add dev $ETHOUT parent 1:1 classid 1:103 htb rate 30kbps ceil 40kbps prio 2
tc class add dev $ETHOUT parent 1:1 classid 1:104 htb rate 5kbps ceil 40kbps prio 3

tc filter add dev $ETHOUT parent 1:0 protocol ip prio 0 handle 1 fw classid 1:101
tc filter add dev $ETHOUT parent 1:0 protocol ip prio 1 handle 2 fw classid 1:102
tc filter add dev $ETHOUT parent 1:0 protocol ip prio 2 handle 3 fw classid 1:103
tc filter add dev $ETHOUT parent 1:0 protocol ip prio 3 handle 4 fw classid 1:104

tc qdisc add dev $ETHOUT parent 1:101 sfq perturb 16
tc qdisc add dev $ETHOUT parent 1:102 sfq perturb 16
tc qdisc add dev $ETHOUT parent 1:103 sfq perturb 16
tc qdisc add dev $ETHOUT parent 1:104 sfq perturb 16


MARKPRIO1="1"
MARKPRIO2="2"
MARKPRIO3="3"
MARKPRIO4="4"

# Setting priority marks

# Bittorrent BEGIN
# tcpre (PREROUTING)
iptables -t mangle -A $PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A $PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A $PREROUTING -p tcp -m ipp2p --ipp2p -j MARK --set-mark 4
iptables -t mangle -A $PREROUTING -p tcp -m mark --mark 4 -j CONNMARK --save-mark

# tcpost (POSTROUTING)
iptables -t mangle -A $POSTROUTING -o $ETHOUT -m mark --mark 4 -j CLASSIFY --set-class 1:104

# Bittorrent END

# Prio 1
# icmp
iptables -t mangle -A $FORWARD -p icmp -j MARK --set-mark $MARKPRIO1
iptables -t mangle -A $OUTPUT -p icmp -j MARK --set-mark $MARKPRIO1
# ssh
iptables -t mangle -A $FORWARD -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1
iptables -t mangle -A $OUTPUT -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1
# non tcp
iptables -t mangle -A $FORWARD -p ! tcp -j MARK --set-mark $MARKPRIO1
iptables -t mangle -A $OUTPUT -p ! tcp -j MARK --set-mark $MARKPRIO1

# Prio 2

# Prio 3

# http
iptables -t mangle -A $FORWARD -p tcp --dport 80 -j MARK --set-mark $MARKPRIO3
iptables -t mangle -A $OUTPUT -p tcp --dport 80 -j MARK --set-mark $MARKPRIO3
# https
iptables -t mangle -A $FORWARD -p tcp --dport 443 -j MARK --set-mark $MARKPRIO3
iptables -t mangle -A $OUTPUT -p tcp --dport 443 -j MARK --set-mark $MARKPRIO3
# ftp high prio 2
iptables -t mangle -A $FORWARD -p tcp --sport 21 -j MARK --set-mark $MARKPRIO2
iptables -t mangle -A $OUTPUT -p tcp --sport 21 -j MARK --set-mark $MARKPRIO2
iptables -t mangle -A $FORWARD -p tcp --dport 21 -j MARK --set-mark $MARKPRIO2
iptables -t mangle -A $OUTPUT -p tcp --dport 21 -j MARK --set-mark $MARKPRIO2

# Prio 4
# packets > 1024 bytes
iptables -t mangle -A $FORWARD -p tcp -m length --length 1024: -j MARK --set-mark $MARKPRIO4
# smtp
iptables -t mangle -A $FORWARD -p tcp --dport 25 -j MARK --set-mark $MARKPRIO3
iptables -t mangle -A $OUTPUT -p tcp --dport 25 -j MARK --set-mark $MARKPRIO3

# Remaining packets are marked according to TOS
iptables -t mangle -A $FORWARD -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark $MARKPRIO1
iptables -t mangle -A $FORWARD -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark $MARKPRIO2
iptables -t mangle -A $FORWARD -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark $MARKPRIO4