#!/bin/sh # # CZFree.Net RFC-QoS script # # date: 26/07/2007 # authors: Rakerihoo, Fyzik, Libor, Dzus, Simandl # references: http://www.lartc.org/ # http://luxik.cdi.cz/~devik/qos/htb/ # http://10.24.2.1/forum/showthread.php?s=&threadid=9 # http://www.simandl.cz/stranky/linux/qos/soubory/qos_base # version: 2.1.6 # ps ver : 0.1.4 # # Changelog # # 09/08/07 [sinda] doplnena podpora pro hru "Counter-Strike Source" UDP 270xx # 26/07/07 [sinda] doplnena podpora pro RTP ha-vel.cz a 802.cz dle ip adresy rtp serveru operatora # 31/08/06 [simandl] doplnena podpora pro definici rychlosti a delitelu pro kazdy iface zvlast v souboru iface_conf # 14/07/06 [sinda] doplneny porty pro hru Quake 3 arena # 17/01/06 [simandl] doplneny TOSy pro ha-vel a hlas.802.cz do VoIP tridy 50 # 12/12/05 [simandl] preskupeny protokoly trid - 40 mail&data 50 voip 60 web&squid - tak aby byly rovnomerne vyuzite # 23/11/05 [simandl] doplneny porty pro Lineage2 a Teamspeak # 22/11/05 [danny] DSCP/ToS filtry pro SIP/RTP (VoIP), maximum reliability [DEV] # 20/11/05 [simandl] doplnen port pro RTP # 14/11/05 [simandl] doplneny porty pro SIP a gnomemeeting # 08/11/05 [simandl] doplneny porty pro H.323 # 19/08/05 [simandl] doplneny porty pro hru DarkEden # 30/10/04 [dzus] oprava parseru MTU, vylepseni kontroly konfig. souboru # 27/10/04 [bonez] OpenVPN pridano do data transfer class # 05/06/04 [dzus] do interactive class pridan BZFlag, uprava parseru konfig souboru # 18/02/04 [dzus] SCP zarazeno do download class (rozliseno podle TOS maximize throughput) # 04/01/04 [dzus] podpora pro Jedi Knight, oprava prio u filtru, oprava filtru na FTP, zruseni PPTP class # 20/11/03 [dzus] zrusena H323 class, pridan filtr na TCP ACK, nastaveni quantum podle MTU # 28/09/03 [dzus] oprava bugu ve filtrech (bez prio to nechodi dobre) # 27/09/03 [dzus] konfigurace interfacu se nacita z ext souboru, pridan TOS minimize delay filtr # 20/09/03 [dzus] vyhazeni marku z IPtables, nyni pouze filtry v tc # 01/09/03 [dzus] vynechani internetoveho rozhrani z konfigurace # 07/08/03 [fyzik] preference Inetoveho traffiku # 31/07/03 [fyzik] podpora pro HL@tchor, airfree, fixes # 05/05/03 [fyzik] podpora pro IRC, PPTP, H323, LDAP, DC, NTP # 04/05/03 [fyzik] napsal uvod # 01/05/03 [fyzik] non-CZF-RFC, inspirovan Liborovym Heaven QoS # 00/03/03 [Rakerihoo] napsal RFC-QoS :) # # ToDo # * zkusit a otestovat podtridy CZF-transfer, CZF-klient, CZF-shared a markovanat podle MAC # * pridat podporu ostatnich interaktivnich games ### Configuration START IFACECONFFILE='/etc/network/iface_conf' IPADDRFILE="/etc/network/ip_adresy" #default speeds and dividers DNONCZFSPD='64' DAIRFREESPD='2048' DSSHDIV='2' DPINGDIV='2' DINTERACTDIV='2' DVOIPDIV='2' DWWWDIV='2' DXFERDIV='4' DDFLTDIV='8' ### Configuration STOP if [ ! -f $IFACECONFFILE ] then echo "Interface configuration file doesn't exist - program terminated" 1>&2 exit 1 fi IFACECONF=`grep -v '^[[:space:]]*#' $IFACECONFFILE` IFACECONF=`echo $IFACECONF | sed -e 's/[[:space:]]*}[[:space:]]*/}\\\n/g'` FACES=`echo -e $IFACECONF | sed -e 's/^[[:space:]]*interface[[:space:]]\+\([[:alnum:]]\+\).*/\1/;t;d'` echo "Applying CZF-QOS rules" echo "-Set global variables" IPTABLES="`which iptables`" TC="`which tc`" IP="`which ip`" IPT_RESTORE="`which iptables-restore`" STOCHASIS="sfq perturb 10" QUANTUMOFFS="500" #$IPT_RESTORE < /etc/network/iptables echo "-Remove Qdisc root classes" for FACE in ${FACES} ; do $TC qdisc del dev ${FACE} root &>/dev/null #echo $FACE done ## qoseni podle IP - priklad if [ -f $IPADDRFILE ] then NONCZF="`sed -e 's/^[[:space:]]*\([[:digit:].,/]\+\)[[:space:]].*NONCZF[[:space:]]*\+/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`" NONCZF="$NONCZF `sed -e 's/^.*[[:space:]]\+NONCZF[[:space:]]\+\([[:digit:].,/]\+\)[[:space:]]*/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`" AIRFREE="`sed -e 's/^[[:space:]]*\([[:digit:].,/]\+\)[[:space:]].*AIRFREE[[:space:]]*\+/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`" AIRFREE="$AIRFREE `sed -e 's/^.*[[:space:]]\+AIRFREE[[:space:]]\+\([[:digit:].,/]\+\)[[:space:]]*/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`" fi set_qos_classes () { echo "-Initializing QoS_base rules on interface $FACE (speed $SPEED)" $TC qdisc add dev ${FACE} root handle 1: htb default 300 r2q 2 $TC class add dev ${FACE} parent 1: classid 1:1 htb rate $((${SPEED}/2))kbit ceil ${SPEED}kbit burst 15k quantum ${QUANTUM} $TC class add dev ${FACE} parent 1:1 classid 1:5 htb rate 64kbit ceil $((${SPEED}/${SSHDIV}))kbit burst 5k prio 0 # SSH class $TC class add dev ${FACE} parent 1:1 classid 1:10 htb rate 64kbit ceil $((${SPEED}/${INTERACTDIV}))kbit burst 5k prio 1 # interactive class $TC class add dev ${FACE} parent 1:1 classid 1:20 htb rate 32kbit ceil $((${SPEED}/${PINGDIV}))kbit burst 5k prio 0 $TC class add dev ${FACE} parent 1:1 classid 1:30 htb rate 32kbit ceil 128kbit burst 5k prio 0 # routing class $TC class add dev ${FACE} parent 1:1 classid 1:40 htb rate 32kbit ceil $((${SPEED}/${XFERDIV}))kbit burst 5k prio 4 # email & data transfer class $TC class add dev ${FACE} parent 1:1 classid 1:50 htb rate 32kbit ceil $((${SPEED}/${VOIPDIV}))kbit burst 5k prio 1 # voip class $TC class add dev ${FACE} parent 1:1 classid 1:60 htb rate 32kbit ceil $((${SPEED}/${WWWDIV}))kbit burst 8k prio 3 # web & squid class $TC class add dev ${FACE} parent 1:1 classid 1:300 htb rate 32kbit ceil $((${SPEED}/${DFLTDIV}))kbit burst 1k prio 5 # default trafic class $TC class add dev ${FACE} parent 1:1 classid 1:666 htb rate 32kbit ceil ${NONCZFSPD}kbit burst 1k prio 5 # unsupported trafic class $TC class add dev ${FACE} parent 1:1 classid 1:667 htb rate 32kbit ceil ${AIRFREESPD}kbit burst 1k prio 4 # local wireless free band # $TC class add dev ${FACE} parent 1:1 classid 1:999 htb rate 32kbit ceil $((${SPEED}/2))kbit burst 8k prio 4 # Inet traffic class $TC qdisc add dev ${FACE} parent 1:5 handle 5: $STOCHASIS # SSH sub-classes $TC qdisc add dev ${FACE} parent 1:10 handle 10: $STOCHASIS # interactive sub-classes $TC qdisc add dev ${FACE} parent 1:20 handle 20: $STOCHASIS # ping sub-classes $TC qdisc add dev ${FACE} parent 1:30 handle 30: $STOCHASIS # routing sub-classes $TC qdisc add dev ${FACE} parent 1:40 handle 40: $STOCHASIS # email & data transfer sub-classes $TC qdisc add dev ${FACE} parent 1:50 handle 50: $STOCHASIS # voip sub-classes $TC qdisc add dev ${FACE} parent 1:60 handle 60: $STOCHASIS # web & squid sub-classes $TC qdisc add dev ${FACE} parent 1:300 handle 300: $STOCHASIS # default class $TC qdisc add dev ${FACE} parent 1:666 handle 666: $STOCHASIS # unsupported 32kbit $TC qdisc add dev ${FACE} parent 1:667 handle 667: $STOCHASIS # local wireless 32kbit # $TC qdisc add dev ${FACE} parent 1:999 handle 999: $STOCHASIS # Inet traffic ## SSH class # SSH $TC filter add dev ${FACE} parent 1:0 protocol ip prio 3 u32 match ip sport 22 0xffff match ip protocol 0x6 0xff flowid 1:5 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 3 u32 match ip dport 22 0xffff match ip protocol 0x6 0xff flowid 1:5 ## Interactive class # NTP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 123 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 123 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 123 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 123 0xffff match ip protocol 0x11 0xff flowid 1:10 # DNS $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 53 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 53 0xffff match ip protocol 0x6 0xff flowid 1:10 # IRC $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 194 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 194 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 6667 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 6667 0xffff match ip protocol 0x6 0xff flowid 1:10 # LDAP, LDAPs $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 389 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 389 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 636 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 636 0xffff match ip protocol 0x6 0xff flowid 1:10 # GAMES # vietcong $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5425 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5425 0xffff match ip protocol 0x11 0xff flowid 1:10 # LINEAGE2 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 2106 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 2106 0xffff match ip protocol 0x11 0xff flowid 1:10 # Half-life $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27015 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27015 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27016 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27016 0xfffe match ip protocol 0x11 0xff flowid 1:10 # UT2003, UT2004 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 7777 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 7777 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 7778 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 7778 0xffff match ip protocol 0x11 0xff flowid 1:10 # BZFlag $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5154 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5154 0xffff match ip protocol 0x11 0xff flowid 1:10 # JEDI KNIGHT $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28060 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28060 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28062 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28062 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28070 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28070 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28072 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28072 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28080 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28080 0xfffe match ip protocol 0x11 0xff flowid 1:10 # Dark Eden $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 9997 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 9997 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 9998 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 9998 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 9858 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 9858 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 9650 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 9650 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 4056 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 4056 0xfffe match ip protocol 0x11 0xff flowid 1:10 # Quake 3 arena $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27960 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27960 0xfffe match ip protocol 0x11 0xff flowid 1:10 # Counter-Strike Source $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27000 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27008 0xffc0 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27072 0xfff0 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27088 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27096 0xfffc match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27000 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27008 0xffc0 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27072 0xfff0 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27088 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27096 0xfffc match ip protocol 0x11 0xff flowid 1:10 # H323 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 389 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 389 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 522 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 522 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1503 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1503 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1720 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1720 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1731 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1731 0xffff match ip protocol 0x11 0xff flowid 1:10 # SIP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5060 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5060 0xfffe match ip protocol 0x11 0xff flowid 1:10 # RTP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 8000 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 8000 0xffff match ip protocol 0x11 0xff flowid 1:10 # gnomemeeting $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 30000 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 30000 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 30008 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 30008 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 30010 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 30010 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5000 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5000 0xfff8 match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5010 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5010 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5012 0xfffe match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5012 0xfffe match ip protocol 0x11 0xff flowid 1:10 # Lineage2 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 7777 0xffff match ip protocol 0x6 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 7777 0xffff match ip protocol 0x6 0xff flowid 1:10 # Teamspeak $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 8767 0xffff match ip protocol 0x11 0xff flowid 1:10 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 8767 0xffff match ip protocol 0x11 0xff flowid 1:10 # TCP ACK packets smaller than 64 bytes $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 ## Ping class # ICMP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip protocol 0x01 0xff flowid 1:20 ## Routing class # BGP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 179 0xffff match ip protocol 0x6 0xff flowid 1:30 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 179 0xffff match ip protocol 0x6 0xff flowid 1:30 # OSPF $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip protocol 0x59 0xff flowid 1:30 ## Email & Data transfer class # FTP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 20 0xfffe match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 20 0xfffe match ip protocol 0x6 0xff flowid 1:40 # PPTP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1723 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1723 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1723 0xffff match ip protocol 0x11 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1723 0xffff match ip protocol 0x11 0xff flowid 1:40 # OpenVPN $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5000 0xffff match ip protocol 0x11 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5000 0xffff match ip protocol 0x11 0xff flowid 1:40 # SCP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 22 0xffff match ip protocol 0x6 0xff match ip tos 0x08 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 22 0xffff match ip protocol 0x6 0xff match ip tos 0x08 0xff flowid 1:40 # POP3 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 110 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 110 0xffff match ip protocol 0x6 0xff flowid 1:40 # IMAP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 143 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 143 0xffff match ip protocol 0x6 0xff flowid 1:40 # SMTP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 25 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 25 0xffff match ip protocol 0x6 0xff flowid 1:40 # POP3S $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 995 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 995 0xffff match ip protocol 0x6 0xff flowid 1:40 # IMAPS $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 993 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 993 0xffff match ip protocol 0x6 0xff flowid 1:40 # SSMTP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 465 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 465 0xffff match ip protocol 0x6 0xff flowid 1:40 # rsync $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 673 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 673 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 673 0xffff match ip protocol 0x11 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 673 0xffff match ip protocol 0x11 0xff flowid 1:40 # CVS $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 873 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 873 0xffff match ip protocol 0x6 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 873 0xffff match ip protocol 0x11 0xff flowid 1:40 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 873 0xffff match ip protocol 0x11 0xff flowid 1:40 ## VOIP class # VoIP typeofservice mark $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0x68 0xff flowid 1:50 #SIP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0xb8 0xff flowid 1:50 #RTP # VoIP typeofservice mark for RTP ha-vel.cz #$TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0x16 0xff flowid 1:50 #RTP # TOS mimimize delay - VoIP typeofservice mark for RTP vox.802.cz #$TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0x10 0xff flowid 1:50 # VoIP IP addr for RTP ha-vel.cz $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 217.66.161.0/28 flowid 1:50 #RTP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 217.66.161.0/28 flowid 1:50 #RTP # VoIP IP addr for RTP 802.cz $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 212.71.146.178 flowid 1:50 #RTP rtp.802.cz $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 212.71.146.178 flowid 1:50 #RTP rtp.802.cz $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 212.71.146.184/31 flowid 1:50 # rtp[23].802.cz $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 212.71.146.184/31 flowid 1:50 # rtp[23].802.cz $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 212.71.146.163 flowid 1:50 #RTP rtp4.802.cz $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 212.71.146.163 flowid 1:50 #RTP rtp4.802.cz ## Web & Squid class # HTTP $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 80 0xffff match ip protocol 0x6 0xff flowid 1:60 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 80 0xffff match ip protocol 0x6 0xff flowid 1:60 # HTTPS $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 443 0xffff match ip protocol 0x6 0xff flowid 1:60 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 443 0xffff match ip protocol 0x6 0xff flowid 1:60 # WebCache $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 8080 0xffff match ip protocol 0x6 0xff flowid 1:60 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 8080 0xffff match ip protocol 0x6 0xff flowid 1:60 # HTTP port $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3128 0xffff match ip protocol 0x6 0xff flowid 1:60 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3128 0xffff match ip protocol 0x6 0xff flowid 1:60 # ICP port $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3130 0xffff match ip protocol 0x6 0xff flowid 1:60 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3130 0xffff match ip protocol 0x6 0xff flowid 1:60 ## Unsupported class # Kazaa $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1214 0xffff match ip protocol 0x6 0xff flowid 1:666 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1214 0xffff match ip protocol 0x6 0xff flowid 1:666 # IP range of DHCP for airfree AP on this router for ipaddr in $AIRFREE do $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src $ipaddr flowid 1:667 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip dst $ipaddr flowid 1:667 done # non-CZF-RFC - violators of RFCs for ipaddr in $NONCZF do $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src $ipaddr flowid 1:666 $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip dst $ipaddr flowid 1:666 done ## Internet class # IPtables rule # $IPTABLES -t mangle -A FORWARD -s ! 10.0.0.0/8 -o ${FACE} -j MARK --set-mark 999 # $IPTABLES -t mangle -A FORWARD -d ! 10.0.0.0/8 -o ${FACE} -j MARK --set-mark 999 # IPtables mark filter # $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 handle 999 fw flowid 1:999 } for FACE in $FACES do if [ -z "`$IP l | grep $FACE[:@]`" ] then echo "Interface $FACE doesn't exist" continue fi TYPE=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*type[[:space:]]\+\([[:alpha:]]\+\).*}.*/\1/"` if [ "$TYPE" != 'transit' ] then continue fi SPEED=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*speed[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` QUANTUM=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*quantum[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z "$QUANTUM" ] then MTU=`$IP l | grep $FACE[:@] | sed -e "s/^.*mtu[[:space:]]\+\([[:digit:]]\+\).*/\1/"` QUANTUM=$(($QUANTUMOFFS+$MTU)) fi NONCZFSPD=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*NONCZFSPD[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $NONCZFSPD ] ; then NONCZFSPD=$DNONCZFSPD ; fi AIRFREESPD=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*AIRFREESPD[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $AIRFREESPD ] ; then AIRFREESPD=$DAIRFREESPD ; fi SSHDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*SSHDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $SSHDIV ] ; then SSHDIV=$DSSHDIV ; fi PINGDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*PINGDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $PINGDIV ] ; then PINGDIV=$DPINGDIV ; fi INTERACTDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*INTERACTDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $INTERACTDIV ] ; then INTERACTDIV=$DINTERACTDIV ; fi VOIPDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*VOIPDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $VOIPDIV ] ; then VOIPDIV=$DVOIPDIV ; fi WWWDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*WWWDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $WWWDIV ] ; then WWWDIV=$DWWWDIV ; fi XFERDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*XFERDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $XFERDIV ] ; then XFERDIV=$DXFERDIV ; fi DFLTDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*DFLTDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"` if [ -z $DFLTDIV ] ; then DFLTDIV=$DDFLTDIV ; fi #echo $SPEED $NONCZFSPD $AIRFREESPD $SSHDIV $PINGDIV $INTERACTDIV $VOIPDIV $WWWDIV $XFERDIV $DFLTDIV set_qos_classes done exit 0