#!/bin/bash # GNU/Linux QOS configuration script #################################################################################### # # Requirements: # Kernel support for SFQ, HTB # tc - included in the sys-apps/iproute2 http://linux-net.osdl.org/index.php/Iproute2 # iptables mark+match support # #################################################################################### # # How to tune this script in order to get anything out of it: # # 1. Set your UPRATE to 70-80% of what your ISP claims is your # max upload rate. # # UPRATE is where applications are told to send you your # data slower. # # 2. Start some P2P application without any upload limit or by # other means max your outgoing bandwidth. # # Make sure that you are trying to use more than you chould # possible use on your link. Hit the roof. # # 3. Ping your ISP, your gateway or some website close to you # ping -s 1024 -c 20 nsa.gov # # 4. Look at the output, i.e # rtt min/avg/max/mdev = 18.725/40.984/110.352/16.849 ms # # 5. Change UPRATE depending on your min/avg/max time. # # High ping means that you have set UPRATE too high. # Low ping times means that you can try to slightly # increase your UPRATE. # # It is slightly lower than what ISPs story is. # - 2.5mbit upload at Telia: try 2176kbit # - 0.8mbit upload at Telia: try 640kbit # # Try a 128kbit higher than you think your upload # speed is until you get average ping times above # 80 ms. The UPRATE value is too hih when you have # 80 ms ping times to your ISP. Decrease by 64kbit # until you have ping average ping times under # 30 ms to your ISP. # # Try pinging your ISP without any traffic on the # network to find out how low your ping time # should be. # # Go back to step 3 until you find a proper UPRATE setting. # # Read and configure the rest of this script. # #################################################################################### # # Common QoS names: # http://security.maruhn.com/iptables-tutorial/x10464.html # These values are # Minimize-Delay (decimal value 16, hex value 0x10), ## Delay - an active delay bit tells the router to choose a high speed to minimize delay # Maximize-Throughput (decimal value 8, hex value 0x08), ## Throughput - an active throughput bit specifies that high capacity links should be used. # Maximize-Reliability (decimal value 4, hex value 0x04), ## Routing - an active routing bit directs routing protocols and network management applications to select fault-tolerant paths. # Minimize-Cost (decimal value 2, hex 0x02) or ## Cost - an active cost bit is for low-priority applications and tells the network to choose the lowest cost path. # Normal-Service (decimal value 0, hex value 0x00). The default value on most packets is Normal-Service, or 0. # #################################################################################### # # Example ping times at various UPRATE= settings on a "2.5mbit up / 23mbit down" # ADSL link from telia.se: # #################################################################################### # # Some random information: # # Known default TOS for applications: # rtorrent - Maximize-Throughput. Reset to Minimize-Cost (default ports only) # #################################################################################### # # The Rate limiting system # # .--- UPRATE --------------. - maximum ACTUAL uprate we specify (384k) # / / \ | | # PRIO1 PRIO2 PRIO3 PRIO4 PRIO5 - rates we specified for priorate{1-4} # 160k 128k 64k 32k 364k - these are the guaranteed rates # | | | | | # CEIL CEIL CEIL CEIL CEIL - if we aren't maxing out each priority # 384k 384k 384k 220k 1024k we can borrow up to the ceil, but as # soon as a higher priority needs bandwidth # it will be able to take it back # # PRIO1 traffic gets 384k when there is bandwidht available and 160k regardless # of how much traffic there is on the link. # # PRIO1+2+3+4+5+6 must be =UPRATE # #################################################################################### # Outgoing device (The interface your ADSL / cable modem is connected to) DEV=eth0 ## Allow us to view the status of our QoS setup quickly # /etc/init.d/QoS status if [ "$1" = "status" ] then echo "[qdisc]" tc -s qdisc show dev $DEV echo "[class]" tc -s class show dev $DEV echo "[filter]" tc -s filter show dev $DEV echo "[iptables]" iptables -t mangle -L -v -x 2> /dev/null exit fi #################################################################################### # # Ping times to UMU.se # # ping -c 100 www.umu.se # # No Traffic: rtt min/avg/max/mdev = 19.615/21.257/31.383/3.396 ms # (reference ping time when there is no traffic on the link) # 2048: rtt min/avg/max/mdev = 19.992/34.548/52.181/7.271 ms # 2176: rtt min/avg/max/mdev = 13.436/19.417/30.353/5.193 ms # 2240: rtt min/avg/max/mdev = 20.792/35.989/47.739/6.841 ms # rtt min/avg/max/mdev = 21.832/36.508/55.292/8.154 ms # rtt min/avg/max/mdev = 19.980/37.064/59.357/9.242 ms # 2272: rtt min/avg/max/mdev = 22.718/39.960/61.736/8.494 ms # rtt min/avg/max/mdev = 19.845/37.874/55.710/7.398 ms # rtt min/avg/max/mdev = 19.996/37.590/87.684/9.573 ms # rtt min/avg/max/mdev = 20.208/36.934/62.737/9.163 ms # rtt min/avg/max/mdev = 19.957/35.023/76.189/9.238 ms # 2304: rtt min/avg/max/mdev = 25.697/39.543/57.941/7.102 ms # 2368: rtt min/avg/max/mdev = 128.676/199.483/278.592/47.886 ms # 2432: rtt min/avg/max/mdev = 92.033/201.848/277.706/52.386 ms # # ping times rate # 87.246 ms @2304 is too slow. # VOIP traffic is only possible on ranges under 150ms # 34.5 ms @2176 and @2048 is the lowest possible ping time and is the best # alternative. That 4ms extra isn't worth it. # #################################################################################### # # CONFIGURATION # # Device configuration # # Interface total upload rate # UPRATE="2208kbit" # A little too high, but only slightly. UPRATE="2176kbit" # A limit for P2P traffic (5 and 6) PERSERVICELIMIT="1792kbit" ### Ceil settings and guaranteed amounts of bandwidth for each priority # DESCRPRI1="Minimize-Delay (decimal value 16, hex value 0x10), IPv6, !tcp" MAXRATEPRI1=$UPRATE PRIORATE1="864kbit" # 116 KB/s # Interactive traffic # icmp, !tcp, ssh, IM (msn, icq) # VOIP # IPv6 # ACK <- important. # DESCRPRI2="Maximize-Reliability - High priority bulk (eg. dest. port 80)" MAXRATEPRI2=$UPRATE PRIORATE2="224kbit" # 48 KB/s # High priority bulk (eg. dest. port 80) # http / https # LARGE ack packets DESCRPRI3="Normal-Service" # MAXRATEPRI3="1664kbit" MAXRATEPRI3=$PERSERVICELIMIT PRIORATE3="224kbit" # 32 KB/s DESCRPRI4="Tor" # The Onion Router PRIORATE4="416kbit" # torrc: 48KB/s. PRI=52 KB/s (416) MAXRATEPRI4="1664kbit" # 150 KB/s DESCRPRI5="Maximize-Throughput" #MAXRATEPRI5="1472kbit" # 224 KB/s MAXRATEPRI5=$PERSERVICELIMIT PRIORATE5="128kbit" # 32 KB/s # rtorrent and other P2P sets this TOS. # P2P, Gnutella (=Limewire, gtk-gnutella, FrostWire, etc), BitTorrent # Minimize-Cost TOS # Maximize-Throughput TOS # Mail traffic # Other ok-with-latency traffic DESCRPRI6="Minimize-Cost" # Very-low priority traffic #MAXRATEPRI6=$PERSERVICELIMIT MAXRATEPRI6="1472kbit" # 224 KB/s #MAXRATEPRI6="1280kbit" #PRIORATE6="64kbit" # 12 KB/s PRIORATE6="128kbit" #################################################################################### # # Allow us to view the status of our QoS setup quickly # /etc/init.d/QoS status # if [ "$1" = "status" ] then echo "[qdisc]" tc -s qdisc show dev $DEV echo "[class]" tc -s class show dev $DEV echo "[filter]" tc -s filter show dev $DEV echo "[iptables]" iptables -t mangle -L -v -x 2> /dev/null exit fi # #################################################################################### # # Reset everything to a known state (cleared) and remove previous tc rules tc qdisc del dev $DEV root 2> /dev/null > /dev/null tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null # Delete the mangle iptables rules iptables -t mangle -F 2> /dev/null > /dev/null # Delete the mangle iptables rulesets iptables -t mangle -X 2> /dev/null > /dev/null ## Exit if asked to stop, otherwise continue if [ "$1" = "stop" ] then echo "Shaping removed on $DEV." exit fi # #################################################################################### # #### Priority marks - just for cleanliness MARKPRIO1="1" MARKPRIO2="2" MARKPRIO3="3" MARKPRIO4="4" MARKPRIO5="5" MARKPRIO6="6" #################################################################################### # Setup Rulesets!!! #################################################################################### # # Another problem I encounter, is that the TOS isn't always correct. For # instance, when doing rsync over ssh, the packets are marked with TOS # minimize-delay. # I've tried setting the TOS of packets larger than a magic value to # maximize-throughput, but occasionally legitimate large packets with TOS # minimize-delay leave the network. Think: top over ssh. # # So, I'm using the limit module in order to let through two large packets per # second. # iptables -t mangle -N chktos iptables -t mangle -A chktos -p tcp -m length --length 0:512 -j RETURN iptables -t mangle -A chktos -p udp -j RETURN iptables -t mangle -A chktos -m limit --limit 2/s --limit-burst 10 -j RETURN iptables -t mangle -A chktos -j TOS --set-tos Normal-Service iptables -t mangle -A chktos -j RETURN # #################################################################################### ######################################################################### ####################### FORWARD and OUTPUT Rules ######################## ######################################################################### # Set priority marks with iptables ######################################################################### for chain in FORWARD OUTPUT; do ######################################################################### # Pri 1: ACK, SYN, IMCP # rtorrent marks packages as Maximize-Throughput, which is nice, # but it ALSO marks ACK as such. ######################################################################### iptables -t mangle -A ${chain} -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK \ -m length --length 0:256 \ -j TOS --set-tos Minimize-Delay iptables -t mangle -A ${chain} -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK \ -m length --length 0:256 \ -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK \ -m length --length 0:256 \ -j RETURN done for chain in FORWARD OUTPUT; do ######################################################################### # ######################################################################### # if [ "${chain}" == "OUTPUT" ];then # iptables -t mangle -A ${chain} -p tcp -m tos --tos Maximize-Throughput -j MARK --set-mark $MARKPRIO6 # iptables -t mangle -A ${chain} -p tcp -m tos --tos Maximize-Throughput -j TOS --set-tos Minimize-Cost # iptables -t mangle -A ${chain} -p tcp -m mark --mark $MARKPRIO6 -j RETURN # fi ######################################################################### # Mark TOS-tagged Maximize-Throughput and Minimize-Cost and RETURN ######################################################################### iptables -t mangle -A ${chain} -p tcp -m tos --tos Maximize-Throughput -j MARK --set-mark $MARKPRIO5 iptables -t mangle -A ${chain} -p tcp -m tos --tos Maximize-Throughput -j RETURN iptables -t mangle -A ${chain} -p tcp -m tos --tos Minimize-Cost -j MARK --set-mark $MARKPRIO6 iptables -t mangle -A ${chain} -p tcp -m tos --tos Minimize-Cost -j RETURN ######################################################################### ######################################################################### # Prio 1: Minimize-Delay - Packets that benefit from low delay, # such as interactive traffic: ssh, telnet, dns, quake3, irc, # and packets with the SYN flag ######################################################################### # # Prohibit large Minimize-Delay packets: # iptables -t mangle -A ${chain} -m tos --tos Minimize-Delay -j chktos # SYN packets iptables -t mangle -A ${chain} -p tcp -m tcp --syn -j TOS --set-tos Minimize-Delay # ICMP iptables -t mangle -A ${chain} -p icmp -j TOS --set-tos Minimize-Delay # IRC (Running local ircd and using remote ircds) iptables -t mangle -A ${chain} -p tcp -m tcp --dport 6667 -j TOS --set-tos Minimize-Delay iptables -t mangle -A ${chain} -p tcp -m tcp --sport 6667 -j TOS --set-tos Minimize-Delay # IRC via SSL iptables -t mangle -A ${chain} -p tcp -m tcp --dport 994 -j TOS --set-tos Minimize-Delay ## NON-TCP Traffic # !IMPORTANT: This covers udp, protocol 41 (ipv6 tunnel), etc. iptables -t mangle -A ${chain} -p ! tcp -m length --length :1248 -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p ! tcp -m length --length :1248 -j TOS --set-tos Minimize-Delay iptables -t mangle -A ${chain} -p ! tcp -m length --length :1248 -j RETURN # iptables -t mangle -A ${chain} -p ! tcp -j MARK --set-mark $MARKPRIO1 # iptables -t mangle -A ${chain} -p ! tcp -j TOS --set-tos Minimize-Delay # iptables -t mangle -A ${chain} -p ! tcp -j RETURN # ASX (SVT) iptables -t mangle -A ${chain} -p tcp -m tcp --dport 1755 -j TOS --set-tos Minimize-Delay # MSN iptables -t mangle -A ${chain} -p tcp --dport 1863 -j TOS --set-tos Minimize-Delay # # TOS Minimize-Delay # iptables -t mangle -A ${chain} -m tos --tos Minimize-Delay -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -m tos --tos Minimize-Delay -j RETURN # # Jabber # iptables -t mangle -A ${chain} -p tcp -m tcp --dport 5269 -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p tcp -m tcp --dport 5269 -j RETURN iptables -t mangle -A ${chain} -p tcp -m tcp --dport 5222 -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p tcp -m tcp --dport 5222 -j RETURN iptables -t mangle -A ${chain} -p tcp -m tcp --dport 5223 -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p tcp -m tcp --dport 5223 -j RETURN ### ssh will set TOS itself (?verify?) # iptables -t mangle -A FORWARD -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1 # iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1 ## the "other" SSH port :-) # iptables -t mangle -A FORWARD -p tcp --dport 8888 -j MARK --set-mark $MARKPRIO1 # iptables -t mangle -A OUTPUT -p tcp --dport 8888 -j MARK --set-mark $MARKPRIO1 ## ICQ http://www.icq.com/icqtour/firewall/netadmin.html iptables -t mangle -A ${chain} -p tcp --dport 5190 -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p tcp --dport 5190 -j RETURN ## rtsp Real Time Stream Control Protocol iptables -t mangle -A ${chain} -p tcp --dport 554 -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p tcp --dport 554 -j RETURN ## DNS (also uses udp) iptables -t mangle -A ${chain} -p tcp --sport 53 -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p tcp --sport 53 -j RETURN iptables -t mangle -A ${chain} -p tcp --dport 53 -j MARK --set-mark $MARKPRIO1 iptables -t mangle -A ${chain} -p tcp --dport 53 -j RETURN ##### - End Priority 1 ##### Prio 4 - Tor # Port 9001, 9030 # # Tor, The Onion Router # iptables -t mangle -A ${chain} -p tcp --sport 9001 -j MARK --set-mark $MARKPRIO4 iptables -t mangle -A ${chain} -p tcp --sport 9001 -j TOS --set-tos Normal-Service iptables -t mangle -A ${chain} -p tcp --sport 9001 -j RETURN iptables -t mangle -A ${chain} -p tcp --dport 9001 -j MARK --set-mark $MARKPRIO4 iptables -t mangle -A ${chain} -p tcp --dport 9001 -j TOS --set-tos Normal-Service iptables -t mangle -A ${chain} -p tcp --dport 9001 -j RETURN ##### - End Priority 4 ##### Prio 2 - Maximize-Reliability # Ack packets less than 512 bytes who are # a) tagget normal-service and bigger than 256 # b) TOS-marked ACK # # >512 SYN, ACK, RST # iptables -t mangle -A ${chain} -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m length --length :512 -j TOS --set-tos Maximize-Reliability # iptables -t mangle -A ${chain} -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -j TOS --set-tos Maximize-Reliability # High priority bulk (eg. dest. port 80) # http / https # # HTTP/HTTPS # iptables -t mangle -A ${chain} -p tcp -m tcp --dport 80 -m tos ! --tos Maximize-Throughput -j TOS --set-tos Maximize-Reliability iptables -t mangle -A ${chain} -p tcp -m tcp --dport 443 -m tos ! --tos Maximize-Throughput -j TOS --set-tos Maximize-Reliability iptables -t mangle -A ${chain} -p tcp -m tcp --sport 80 -j TOS --set-tos Maximize-Reliability iptables -t mangle -A ${chain} -p tcp -m tcp --sport 443 -j TOS --set-tos Maximize-Reliability # Just assume all Maximize-Reliability really is Maximize-Reliability for now. # Mark all Maximize-Reliability packets as $MARKPRIO2 iptables -t mangle -A ${chain} -p tcp -m tos --tos Maximize-Reliability -j MARK --set-mark $MARKPRIO2 iptables -t mangle -A ${chain} -p tcp -m tos --tos Maximize-Reliability -j RETURN ### - End Priority 2 ##### Prio 3 ## Normal-Service. Games. # # # CS:S # iptables -t mangle -A ${chain} -p tcp --dport 27015:27020 -j MARK --set-mark $MARKPRIO3 iptables -t mangle -A ${chain} -p tcp --dport 27015:27020 -j RETURN # # WoW # iptables -t mangle -A ${chain} -p tcp --sport 3724 -j MARK --set-mark $MARKPRIO3 iptables -t mangle -A ${chain} -p tcp --sport 3724 -j RETURN iptables -t mangle -A ${chain} -p tcp --dport 3724 -j MARK --set-mark $MARKPRIO3 iptables -t mangle -A ${chain} -p tcp --dport 3724 -j RETURN # # Warcraft III # iptables -t mangle -A ${chain} -p tcp --dport 6112 -j MARK --set-mark $MARKPRIO3 iptables -t mangle -A ${chain} -p tcp --dport 6112 -j RETURN iptables -t mangle -A ${chain} -p tcp --sport 6112 -j MARK --set-mark $MARKPRIO3 iptables -t mangle -A ${chain} -p tcp --sport 6112 -j RETURN # NOTE: We DO NOT want to care about not-TOS-marked (Normal-Service) traffic until later. # iptables -t mangle -A ${chain} -m tos --tos Normal-Service -j MARK --set-mark $MARKPRIO3 # iptables -t mangle -A ${chain} -m tos --tos Normal-Service -j RETURN # iptables -t mangle -A ${chain} -p tcp -s 10.66.79.124 -m length --length 1280: -m tos --tos Normal-Service -m mark --mark 0 -j MARK --set-mark $MARKPRIO5 # iptables -t mangle -A ${chain} -p tcp -s 10.66.77.124 -m length --length 1280: -m tos --tos Normal-Service -m mark --mark 0 -j MARK --set-mark $MARKPRIO5 # iptables -t mangle -A ${chain} -p tcp -m length --length 1280: -m mark --mark $MARKPRIO5 -j RETURN # iptables -t mangle -A FORWARD -s 10.66.77.124 -m length --length 1024: -j TOS --set-tos Minimize-Cost # iptables -t mangle -A FORWARD -s 10.66.77.124 -m length --length 1024: -j MARK --set-mark $MARKPRIO6 # iptables -t mangle -A FORWARD -s 10.66.77.124 -m length --length 1024: -j RETURN iptables -t mangle -A ${chain} -p tcp -m length --length 1280: -m tos --tos Normal-Service -m mark --mark 0 -j MARK --set-mark $MARKPRIO3 ##### Prio 5: Maximize-Throughput packets over 1280 # Mark according to TOS (rtorrent sets Maximize-Throughput) # Remaining TCP packets > 1280 bytes (576 is max for some things, http://www.comsci.us/datacom/ippacket.html) iptables -t mangle -A ${chain} -p tcp -m length --length 1280: -m tos ! --tos Normal-Service -m mark --mark 0 -j TOS --set-tos Maximize-Throughput # BitTorrent iptables -t mangle -A ${chain} -p tcp --dport 6880:6999 -j TOS --set-tos Maximize-Throughput iptables -t mangle -A ${chain} -p tcp --dport 6880:6999 -j MARK --set-mark $MARKPRIO5 iptables -t mangle -A ${chain} -p tcp --dport 6880:6999 -j RETURN iptables -t mangle -A ${chain} -p tcp --sport 6880:6999 -j TOS --set-tos Maximize-Throughput iptables -t mangle -A ${chain} -p tcp --sport 6880:6999 -j MARK --set-mark $MARKPRIO5 iptables -t mangle -A ${chain} -p tcp --sport 6880:6999 -j RETURN # Mark Maximize-Throughput into bucket 5 iptables -t mangle -A ${chain} -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark $MARKPRIO5 # BearShare, Large (1300-1500) UDP packets iptables -t mangle -A ${chain} -p udp -m length --length 1280: -j MARK --set-mark $MARKPRIO5 iptables -t mangle -A ${chain} -p udp -m length --length 1280: -j TOS --set-tos Maximize-Throughput iptables -t mangle -A ${chain} -p udp -m length --length 1280: -j RETURN iptables -t mangle -A ${chain} -p tcp -m tos --tos Maximize-Throughput -j MARK --set-mark $MARKPRIO5 iptables -t mangle -A ${chain} -p tcp -m tos --tos Maximize-Throughput -j RETURN ##### - End Priority 5 ##### Prio 6: make it REALLY slow ## Marked based on IP (above) # # Minimize-Cost tagged packets # iptables -t mangle -A ${chain} -p tcp --sport 44900:44909 -j TOS --set-tos Minimize-Cost iptables -t mangle -A ${chain} -p tcp --dport 44900:44909 -j TOS --set-tos Minimize-Cost iptables -t mangle -A ${chain} -p tcp -m tos --tos Minimize-Cost -j MARK --set-mark $MARKPRIO6 ##### - End Priority 6 ##### Exit chain # 6 iptables -t mangle -A ${chain} -p tcp -m tos --tos Minimize-Cost -j RETURN ##### - End Priority 6 ##### LAST RULES ##### ##### Mark remaining unmarked normal packets according to TOS Normal-Service # iptables -t mangle -A ${chain} -p tcp -m tos --tos Normal-Service -m mark --mark 0 -j MARK --set-mark $MARKPRIO3 # Mark everything, regardless of TOS. All "normal" TOS flags are covered above anyway iptables -t mangle -A ${chain} -p tcp -m mark --mark 0 -j MARK --set-mark $MARKPRIO3 iptables -t mangle -A ${chain} -p tcp -m mark --mark $MARKPRIO3 -j RETURN ### - End TOS done ############## ## Don't mess with this stuff unless you know what you're doing... ## I've tried to explain it a little bit, though :) ############## # Set queue length for DEV ifconfig $DEV txqueuelen 16 ## Set up the queue # Note: For a better explaination of how HTB works # visit http://www.opalsoft.net/qos/DS-28.htm # # .- UPRATE -. - maximum ACTUAL uprate we specify (384k) # / / \ \ # PRIO1 PRIO2 PRIO3 PRIO4 - rates we specified for priorate{1-4} # 160k 128k 64k 32k - these are the guaranteed rates # CEIL CEIL CEIL CEIL - if we aren't maxing out each priority # 384k 384k 384k 220k we can borrow up to the ceil, but as # soon as a higher priority needs bandwidth # it will be able to 'steal' it back # Specify queue discipline (HTB) # http://www.docum.org/docum.org/faq/cache/10.html has some info on shaping # rules, but I still don't really know what the hell r2q does other than: # r2q : this is used to calculate the quantum. By default this is 10. # This can be overruled if you add a htb qdisc. # # From http://www.securepoint.com/lists/html/LARTC/2007-08/msg00023.html : # "the r2q is a divisor used to calculate the quantum of htb # (the amount of bytes that will be transmitted before serving another class: quantum = rate / r2q)." # # Actually quantum is pr. class and CEIL / (global) r2q # # From http://luxik.cdi.cz/%7Edevik/qos/htb/manual/userg.htm : # "Its default value is 10 and because typical MTU is 1500 the default is good for rates from 15 kBps # (120 kbit). For smaller minimal rates specify r2q 1 when creating qdisc - it is good from 12 kbit # which should be enough." tc qdisc add dev $DEV root handle 1:0 htb default 102 r2q 14 # Set root class # Note: This sets the top/root of the queue tree # SHOULD be at least as high as burst rate of any of the CHILDREN below! tc class add dev $DEV parent 1:0 classid 1:1 htb rate $UPRATE burst 24k # Specify sub classes # Note: These are the prio{1-6} nodes from the diagram above # Also note: The example this script is based on preferred 6k bursts. # tc class add dev $DEV parent 1:1 classid 1:101 htb rate $PRIORATE1 ceil $MAXRATEPRI1 burst 12k prio 0 tc class add dev $DEV parent 1:1 classid 1:102 htb rate $PRIORATE2 ceil $MAXRATEPRI2 burst 8k prio 1 tc class add dev $DEV parent 1:1 classid 1:103 htb rate $PRIORATE3 ceil $MAXRATEPRI3 burst 6k prio 2 tc class add dev $DEV parent 1:1 classid 1:104 htb rate $PRIORATE4 ceil $MAXRATEPRI4 burst 4k prio 3 tc class add dev $DEV parent 1:1 classid 1:105 htb rate $PRIORATE5 ceil $MAXRATEPRI5 burst 4k prio 4 tc class add dev $DEV parent 1:1 classid 1:106 htb rate $PRIORATE6 ceil $MAXRATEPRI6 burst 4k prio 5 # Filter packets # Note: This puts the packets in the proper priority class tc filter add dev $DEV parent 1:0 protocol ip prio 0 handle $MARKPRIO1 fw classid 1:101 tc filter add dev $DEV parent 1:0 protocol ip prio 1 handle $MARKPRIO2 fw classid 1:102 tc filter add dev $DEV parent 1:0 protocol ip prio 2 handle $MARKPRIO3 fw classid 1:103 tc filter add dev $DEV parent 1:0 protocol ip prio 3 handle $MARKPRIO4 fw classid 1:104 tc filter add dev $DEV parent 1:0 protocol ip prio 4 handle $MARKPRIO5 fw classid 1:105 tc filter add dev $DEV parent 1:0 protocol ip prio 5 handle $MARKPRIO6 fw classid 1:106 # Add queuing disciplines tc qdisc add dev $DEV parent 1:101 sfq perturb 16 tc qdisc add dev $DEV parent 1:102 sfq perturb 16 tc qdisc add dev $DEV parent 1:103 sfq perturb 16 tc qdisc add dev $DEV parent 1:104 sfq perturb 16 tc qdisc add dev $DEV parent 1:105 sfq perturb 16 tc qdisc add dev $DEV parent 1:106 sfq perturb 16 # tc qdisc add dev $DEV parent 1:106 pfifo echo "Outbound shaping added to $DEV. Rate: ${UPRATE}/sec." echo " PRIO1 Rate: ${PRIORATE1}/sec, limit $MAXRATEPRI1: $DESCRPRI1" echo " PRIO2 Rate: ${PRIORATE2}/sec, limit $MAXRATEPRI2: $DESCRPRI2" echo " PRIO3 Rate: ${PRIORATE3}/sec, limit $MAXRATEPRI3: $DESCRPRI3" echo " PRIO4 Rate: ${PRIORATE4}/sec, limit $MAXRATEPRI4: $DESCRPRI4" echo " PRIO5 Rate: ${PRIORATE5}/sec, limit $MAXRATEPRI5: $DESCRPRI5" echo " PRIO5 Rate: ${PRIORATE6}/sec, limit $MAXRATEPRI6: $DESCRPRI6" #################################################################################### # # Thanks to: # Rudy Grigar. # http://www.tldp.org/HOWTO/ADSL-Bandwidth-Management-HOWTO/implementation.html # http://gentoo-wiki.com/HOWTO_Packet_Shaping # http://lartc.org/ # http://lartc.org/wondershaper/wondershaper-1.1a.tar.gz # http://jared.sonicspike.net/pipermail/adsl-qos/2003-November/000477.html # #################################################################################### # # Commands you can use to view some stats: # # classes: tc -s -d class show dev eth0 # # qdiscs: tc -s qdisc ls dev eth0 # ####################################################################################