API tools faq
paste
Advertisement
Guest User

qos

a guest
May 18th, 2019
875
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 25.17 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. run_command ()
  4. {
  5.     if [ "$verbose" == "yes" ]; then
  6.     echo $1
  7.     fi
  8.  
  9.     $1 > /tmp/q0s-error1 2> /tmp/q0s-error2
  10.     errorcode=$?
  11.     if [ $errorcode -ne 0 ]; then
  12.     if [ "$2" != "force" ]; then
  13.         echo
  14.         echo
  15.         echo "*ERROR* Unable to execute the following command:"
  16.         echo
  17.         echo "        $1"
  18.         echo
  19.         echo "The error message(s) was the following:"
  20.         echo
  21.         cat /tmp/q0s-error1
  22.         cat /tmp/q0s-error2
  23.         rm -f /tmp/q0s-error1 /tmp/q0s-error2
  24.         echo
  25.         echo
  26.         echo
  27.         echo "The script will now terminate."
  28.         exit $errorcode
  29.     fi
  30.     fi
  31.     rm -f /tmp/q0s-error1 /tmp/q0s-error2
  32.     if [ -z "$quiet" ]; then
  33.     echo -n "."
  34.     fi
  35. }
  36.  
  37. conffile="/etc/q0s.conf"
  38.  
  39. if [ "$1" == "-v" ]; then
  40.     verbose="yes"
  41. fi
  42.  
  43. if [ "$1" == "-q" ]; then
  44.     quiet="yes"
  45. fi
  46.  
  47. if [ -z "$quiet" ]; then
  48.     echo "QoS initializing..."
  49.     echo
  50. fi
  51.  
  52. # Parse the configuration file
  53. if [ -r $conffile ]; then
  54.     if [ "$verbose" ]; then
  55.     echo "Using $conffile"
  56.     fi
  57.     source $conffile
  58. else
  59.     echo "Unable to read $conffile"
  60.     exit 1
  61. fi
  62.  
  63.  
  64. # Convert from array format to comma separated list for use with multiport
  65. band1ports=`echo ${band1ports[@]} | sed -e 's/ /,/g'`
  66. band2ports=`echo ${band2ports[@]} | sed -e 's/ /,/g'`
  67. band3ports=`echo ${band3ports[@]} | sed -e 's/ /,/g'`
  68. band5ports=`echo ${band5ports[@]} | sed -e 's/ /,/g'`
  69. band8ports=`echo ${band8ports[@]} | sed -e 's/ /,/g'`
  70. l7_band=${l7_band[@]}
  71. l7_proto=${l7_proto[@]}
  72.  
  73. specialserviceports=${specialserviceports[@]}
  74. specialhosts=${specialhosts[@]}
  75. specialhosts_shpd=${specialhosts_shpd[@]}
  76.  
  77. # Was which user set, if not use hardcoded path
  78. which=${which:="/usr/bin/which"}
  79.  
  80. # which sanity check (can it find itself?)
  81. if [ "`$which which`" == "$which" ]; then
  82.     tc=${tc:=`which tc 2>/dev/null`}
  83.     iptables=${iptables:=`which iptables 2>/dev/null`}
  84. fi
  85.  
  86. # If these paths are not user set, and which couldn't find them. use hardcoded paths
  87. tc=${tc:="/sbin/tc"}
  88. iptables=${iptables:="/sbin/iptables"}
  89.  
  90. shp_pct=${shp_pct:=10}
  91. class8_shp_pct=${class8_shp_pct:=10}
  92.  
  93. wan_spd_down_shpd=${wad_spd_down_shpd:=$[$wan_spd_down-(($wan_spd_down*$shp_pct)/100)]}
  94. wan_spd_up_shpd=${wan_spd_up_shpd:=$[$wan_spd_up-(($wan_spd_up*$shp_pct)/100)]}
  95.  
  96. lan_spd=${lan_spd:=102400}
  97. lan_spd_shpd=${lan_spd_shpd:=$[$lan_spd-($lan_spd*$shp_pct)/100]}
  98.  
  99. wan_spd_class8_down_shpd=${wan_spd_class8_down_shpd:=$[$wan_spd_down-(($wan_spd_down*($shp_pct+$class8_shp_pct))/100)]}
  100. wan_spd_class8_up_shpd=${wan_spd_class8_up_shpd:=$[$wan_spd_up-(($wan_spd_up*($shp_pct+$class8_shp_pct))/100)]}
  101.  
  102. band0down=${band0down:=$[$wan_spd_down_shpd*10/100]}
  103. band1down=${band1down:=$[$wan_spd_down_shpd*15/100]}
  104. band2down=${band2down:=$[$wan_spd_down_shpd*30/100]}
  105. band3down=${band3down:=$[$wan_spd_down_shpd*40/100]}
  106. band4down=${band4down:=$[$wan_spd_down_shpd/100]}
  107. band5down=${band5down:=$[$wan_spd_down_shpd/100]}
  108. band6down=${band6down:=$[$wan_spd_down_shpd/100]}
  109. band7down=${band7down:=$[$wan_spd_down_shpd/100]}
  110. band8down=${band8down:=$[$wan_spd_down_shpd/100]}
  111.  
  112. band0up=${band0up:=$[$wan_spd_up_shpd*10/100]}
  113. band1up=${band1up:=$[$wan_spd_up_shpd*15/100]}
  114. band2up=${band2up:=$[$wan_spd_up_shpd*30/100]}
  115. band3up=${band3up:=$[$wan_spd_up_shpd*40/100]}
  116. band4up=${band4up:=$[$wan_spd_up_shpd/100]}
  117. band5up=${band5up:=$[$wan_spd_up_shpd/100]}
  118. band6up=${band6up:=$[$wan_spd_up_shpd/100]}
  119. band7up=${band7up:=$[$wan_spd_up_shpd/100]}
  120. band8up=${band8up:=$[$wan_spd_up_shpd/100]}
  121.  
  122. band1move=${band1move:=20000}
  123. band2move=${band2move:=250000}
  124. band3move=${band3move:=1000000}
  125. band4move=${band4move:=2000000}
  126. band5move=${band5move:=5000000}
  127. band6move=${band6move:=7000000}
  128.  
  129. force_interactive=${force_interactive:=500}
  130.  
  131. mark_offset=${mark_offset:=0xFF}
  132.  
  133. if [ -z "$quiet" ]; then
  134.     echo -e "LAN interface: $lan_if \t Shaped at: ${lan_spd_shpd}/${lan_spd_shpd}kbps"
  135.     echo -e "WAN interface: $wan_if \t Shaped at: ${wan_spd_down_shpd}/${wan_spd_up_shpd}kbps"
  136.     echo
  137.     echo "Bandwidth on LAN and WAN have been shaped by ${shp_pct}%"
  138.     echo
  139.     if [ "$has_ipp2p" == "yes" ]; then
  140.     echo "Using ipp2p for marking packets."
  141.     fi
  142.    
  143.     if [ "$has_l7" == "yes" ]; then
  144.     echo "Using layer 7 packet classifier for marking packets."
  145.     fi
  146.     echo
  147.  
  148.     echo -n "Setting up htb tree for $lan_if."
  149. fi
  150. run_command "$tc qdisc del dev $lan_if root" "force"
  151.  
  152. # Add classes and egrees (output) qdiscs to LAN interface
  153. run_command "$tc qdisc add dev $lan_if root handle 1: htb default 70"
  154.  
  155.   run_command "$tc class add dev $lan_if parent 1: classid 1:10 htb rate ${lan_spd_shpd}kbit ceil ${lan_spd_shpd}kbit burst 6k prio 1"
  156.     run_command "$tc qdisc add dev $lan_if parent 1:10 handle 10: sfq perturb 10"
  157.  
  158.   run_command "$tc class add dev $lan_if parent 1: classid 1:20 htb rate ${wan_spd_down_shpd}kbit ceil ${wan_spd_down_shpd}kbit burst 6k prio 0"
  159.  
  160.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:30 htb rate ${band0down}kbit ceil ${band0down}kbit burst 6k prio 0"
  161.          run_command "$tc qdisc add dev $lan_if parent 1:30 handle 30: sfq perturb 10"
  162.  
  163.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:40 htb rate ${band1down}kbit ceil ${wan_spd_down_shpd}kbit burst 6k prio 1"
  164.          run_command "$tc qdisc add dev $lan_if parent 1:40 handle 40: sfq perturb 10"
  165.  
  166.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:50 htb rate ${band2down}kbit ceil ${wan_spd_down_shpd}kbit burst 6k prio 2"
  167.          run_command "$tc qdisc add dev $lan_if parent 1:50 handle 50: sfq perturb 10"
  168.  
  169.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:60 htb rate ${band3down}kbit ceil ${wan_spd_down_shpd}kbit burst 6k prio 3"
  170.          run_command "$tc qdisc add dev $lan_if parent 1:60 handle 60: sfq perturb 10"
  171.  
  172.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:70 htb rate ${band4down}kbit ceil ${wan_spd_down_shpd}kbit burst 6k prio 4"
  173.          run_command "$tc qdisc add dev $lan_if parent 1:70 handle 70: sfq perturb 10"
  174.  
  175.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:80 htb rate ${band5down}kbit ceil ${wan_spd_down_shpd}kbit burst 6k prio 5"
  176.          run_command "$tc qdisc add dev $lan_if parent 1:80 handle 80: sfq perturb 10"
  177.  
  178.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:90 htb rate ${band6down}kbit ceil ${wan_spd_down_shpd}kbit burst 6k prio 6"
  179.          run_command "$tc qdisc add dev $lan_if parent 1:90 handle 90: sfq perturb 10"
  180.  
  181.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:100 htb rate ${band7down}kbit ceil ${wan_spd_down_shpd}kbit burst 6k prio 7"
  182.          run_command "$tc qdisc add dev $lan_if parent 1:100 handle 100: sfq perturb 10"
  183.  
  184.        run_command "$tc class add dev $lan_if parent 1:20 classid 1:110 htb rate ${band8down}kbit ceil ${wan_spd_class8_down_shpd}kbit burst 6k prio 8"
  185.          run_command "$tc qdisc add dev $lan_if parent 1:110 handle 110: sfq perturb 10"
  186.  
  187. if [ -z "$quiet" ]; then
  188.     echo; echo -n "Setting up htb tree for $wan_if."
  189. fi
  190.  
  191. # Add classes and egress (output) qdiscs to external interface
  192.  
  193. run_command "$tc qdisc del dev $wan_if root" "force"
  194.  
  195. run_command "$tc qdisc add dev $wan_if root handle 1: htb default 70"
  196.  
  197.   run_command "$tc class add dev $wan_if parent 1: classid 1:10 htb rate ${wan_spd_down}kbit ceil ${wan_spd_down}kbit burst 6k prio 1"
  198.     run_command "$tc qdisc add dev $wan_if parent 1:10 handle 10: sfq perturb 10"
  199.  
  200.   run_command "$tc class add dev $wan_if parent 1: classid 1:20 htb rate ${wan_spd_up_shpd}kbit ceil ${wan_spd_up_shpd}kbit burst 6k prio 0"
  201.  
  202.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:30 htb rate ${band0up}kbit ceil ${band0up}kbit burst 6k prio 0"
  203.         run_command "$tc qdisc add dev $wan_if parent 1:30 handle 30: sfq perturb 10"
  204.  
  205.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:40 htb rate ${band1up}kbit ceil ${wan_spd_up_shpd}kbit burst 6k prio 1"
  206.         run_command "$tc qdisc add dev $wan_if parent 1:40 handle 40: sfq perturb 10"
  207.  
  208.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:50 htb rate ${band2up}kbit ceil ${wan_spd_up_shpd}kbit burst 6k prio 2"
  209.         run_command "$tc qdisc add dev $wan_if parent 1:50 handle 50: sfq perturb 10"
  210.  
  211.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:60 htb rate ${band3up}kbit ceil ${wan_spd_up_shpd}kbit burst 6k prio 3"
  212.         run_command "$tc qdisc add dev $wan_if parent 1:60 handle 60: sfq perturb 10"
  213.  
  214.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:70 htb rate ${band4up}kbit ceil ${wan_spd_up_shpd}kbit burst 6k prio 4"
  215.         run_command "$tc qdisc add dev $wan_if parent 1:70 handle 70: sfq perturb 10"
  216.  
  217.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:80 htb rate ${band5up}kbit ceil ${wan_spd_up_shpd}kbit burst 6k prio 5"
  218.         run_command "$tc qdisc add dev $wan_if parent 1:80 handle 80: sfq perturb 10"
  219.  
  220.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:90 htb rate ${band6up}kbit ceil ${wan_spd_up_shpd}kbit burst 6k prio 6"
  221.         run_command "$tc qdisc add dev $wan_if parent 1:90 handle 90: sfq perturb 10"
  222.  
  223.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:100 htb rate ${band7up}kbit ceil ${wan_spd_up_shpd}kbit burst 6k prio 7"
  224.         run_command "$tc qdisc add dev $wan_if parent 1:100 handle 100: sfq perturb 10"
  225.  
  226.       run_command "$tc class add dev $wan_if parent 1:20 classid 1:110 htb rate ${band8up}kbit ceil ${wan_spd_class8_up_shpd}kbit burst 6k prio 8"
  227.         run_command "$tc qdisc add dev $wan_if parent 1:110 handle 110: sfq perturb 10"
  228.  
  229.  
  230. # Set up rules for sorting the packages into the bands
  231. if [ -z "$quiet" ]; then
  232.     echo; echo -n "Setting up filters."
  233. fi
  234.  
  235. tc_filter_wan="$tc filter add dev $wan_if protocol ip parent 1:0 prio 1 handle"
  236. tc_filter_lan="$tc filter add dev $lan_if protocol ip parent 1:0 prio 1 handle"
  237.  
  238. run_command "$tc_filter_lan $((1 + $mark_offset)) fw flowid 1:10"
  239.  
  240. run_command "$tc_filter_lan $((3 + $mark_offset)) fw flowid 1:30"
  241. run_command "$tc_filter_wan $((3 + $mark_offset)) fw flowid 1:30"
  242.  
  243. run_command "$tc_filter_lan $((4 + $mark_offset)) fw flowid 1:40"
  244. run_command "$tc_filter_wan $((4 + $mark_offset)) fw flowid 1:40"
  245.  
  246. run_command "$tc_filter_lan $((5 + $mark_offset)) fw flowid 1:50"
  247. run_command "$tc_filter_wan $((5 + $mark_offset)) fw flowid 1:50"
  248.  
  249. run_command "$tc_filter_lan $((6 + $mark_offset)) fw flowid 1:60"
  250. run_command "$tc_filter_wan $((6 + $mark_offset)) fw flowid 1:60"
  251.  
  252. run_command "$tc_filter_lan $((7 + $mark_offset)) fw flowid 1:70"
  253. run_command "$tc_filter_wan $((7 + $mark_offset)) fw flowid 1:70"
  254.  
  255. run_command "$tc_filter_lan $((8 + $mark_offset)) fw flowid 1:80"
  256. run_command "$tc_filter_wan $((8 + $mark_offset)) fw flowid 1:80"
  257.  
  258. run_command "$tc_filter_lan $((9 + $mark_offset)) fw flowid 1:90"
  259. run_command "$tc_filter_wan $((9 + $mark_offset)) fw flowid 1:90"
  260.  
  261. run_command "$tc_filter_lan $((10 + $mark_offset)) fw flowid 1:100"
  262. run_command "$tc_filter_wan $((10 + $mark_offset)) fw flowid 1:100"
  263.  
  264. run_command "$tc_filter_lan $((11 + $mark_offset)) fw flowid 1:110"
  265. run_command "$tc_filter_wan $((11 + $mark_offset)) fw flowid 1:110"
  266.  
  267. if [ -z "$quiet" ]; then
  268.     echo; echo -n "Setting up packet marking."
  269. fi
  270.  
  271. # Reset rules
  272. run_command "$iptables -F q0s_fwd -t mangle" "force"
  273. run_command "$iptables -F q0s_out_lan -t mangle" "force"
  274. run_command "$iptables -F q0s_out_wan -t mangle" "force"
  275. run_command "$iptables -X q0s_fwd -t mangle" "force"
  276. run_command "$iptables -X q0s_out_lan -t mangle" "force"
  277. run_command "$iptables -X q0s_out_wan -t mangle" "force"
  278. run_command "$iptables -N q0s_fwd -t mangle" "force"
  279. run_command "$iptables -N q0s_out_wan -t mangle" "force"
  280. run_command "$iptables -N q0s_out_lan -t mangle" "force"
  281.  
  282. run_command "$iptables -D FORWARD -t mangle -i $lan_if -o $wan_if -j q0s_fwd" "force"
  283. run_command "$iptables -D FORWARD -t mangle -i $wan_if -o $lan_if -j q0s_fwd" "force"
  284. run_command "$iptables -D OUTPUT -t mangle -o $wan_if -j q0s_out_wan" "force"
  285. run_command "$iptables -D OUTPUT -t mangle -o $lan_if -j q0s_out_lan" "force"
  286. run_command "$iptables -A FORWARD -t mangle -i $lan_if -o $wan_if -j q0s_fwd"
  287. run_command "$iptables -A FORWARD -t mangle -i $wan_if -o $lan_if -j q0s_fwd"
  288. run_command "$iptables -A OUTPUT -t mangle -o $wan_if -j q0s_out_wan"
  289. run_command "$iptables -A OUTPUT -t mangle -o $lan_if -j q0s_out_lan"
  290.  
  291. # If packets are connmarked, just return
  292. run_command "$iptables -A q0s_fwd -t mangle -p tcp -j CONNMARK --restore-mark"
  293. run_command "$iptables -A q0s_fwd -t mangle -p tcp -m mark --mark $((3 + $mark_offset)) -j RETURN"
  294. run_command "$iptables -A q0s_fwd -t mangle -p tcp -m mark --mark $((4 + $mark_offset)) -j RETURN"
  295. run_command "$iptables -A q0s_fwd -t mangle -p tcp -m mark --mark $((11 + $mark_offset)) -j RETURN"
  296. run_command "$iptables -A q0s_fwd -t mangle -p tcp -m mark --mark $(($ipp2p_band + 3 + $mark_offset)) -j RETURN"
  297.  
  298. # *** Band 1 ports ***
  299. if [ -n "$band1ports" ]; then
  300.     # Default priority
  301.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band1ports -j MARK --set-mark $((4 + $mark_offset))"
  302.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band1ports -j MARK --set-mark $((4 + $mark_offset))"
  303.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --dports $band1ports -j MARK --set-mark $((4 + $mark_offset))"
  304.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --sports $band1ports -j MARK --set-mark $((4 + $mark_offset))"
  305.    
  306.     # Connbytes priority
  307.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band1move:$band2move -j MARK --set-mark $((5 + $mark_offset))"
  308.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band2move:$band3move -j MARK --set-mark $((6 + $mark_offset))"
  309.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  310.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band1move:$band2move -j MARK --set-mark $((5 + $mark_offset))"
  311.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band2move:$band3move -j MARK --set-mark $((6 + $mark_offset))"
  312.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  313.    
  314.     # Output default and connbytes
  315.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band1ports -j MARK --set-mark $((4 + $mark_offset))"
  316.     run_command "$iptables -A q0s_out_wan -t mangle -p udp -m multiport --dports $band1ports -j MARK --set-mark $((4 + $mark_offset))"
  317.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band1move:$band2move -j MARK --set-mark $((5 + $mark_offset))"
  318.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band2move:$band3move -j MARK --set-mark $((6 + $mark_offset))"
  319.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band1ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  320.  
  321.     # Mark interactive, if packets are smaller than $force_interactive
  322.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band1ports -m length --length 0:$force_interactive -j MARK --set-mark $((4 + $mark_offset))"
  323.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band1ports -m length --length 0:$force_interactive -j MARK --set-mark $((4 + $mark_offset))"
  324. fi
  325.  
  326. # *** Band 2 ports ***
  327.  
  328. if [ -n "$band2ports" ]; then
  329.     # Default priority
  330.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band2ports -j MARK --set-mark $((5 + $mark_offset))"
  331.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band2ports -j MARK --set-mark $((5 + $mark_offset))"
  332.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --dports $band2ports -j MARK --set-mark $((5 + $mark_offset))"
  333.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --sports $band2ports -j MARK --set-mark $((5 + $mark_offset))"
  334.    
  335.     # Connbytes priority
  336.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band2ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band2move:$band3move -j MARK --set-mark $((6 + $mark_offset))"
  337.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band2ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  338.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band2ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band2move:$band3move -j MARK --set-mark $((6 + $mark_offset))"
  339.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band2ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  340.    
  341.     # Output default and connbytes
  342.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band2ports -j MARK --set-mark $((5 + $mark_offset))"
  343.     run_command "$iptables -A q0s_out_wan -t mangle -p udp -m multiport --dports $band2ports -j MARK --set-mark $((5 + $mark_offset))"
  344.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band2ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band2move:$band3move -j MARK --set-mark $((6 + $mark_offset))"
  345.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band2ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  346. fi
  347.  
  348. # *** Band 3 ports ***
  349. if [ -n "$band3ports" ]; then
  350.     # Default priority
  351.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band3ports -j MARK --set-mark $((6 + $mark_offset))"
  352.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --dports $band3ports -j MARK --set-mark $((6 + $mark_offset))"
  353.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band3ports -j MARK --set-mark $((6 + $mark_offset))"
  354.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --sports $band3ports -j MARK --set-mark $((6 + $mark_offset))"
  355.    
  356.     # Connbytes priority
  357.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band3ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  358.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band3ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  359.    
  360.     # Output default and connbytes
  361.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band3ports -j MARK --set-mark $((6 + $mark_offset))"
  362.     run_command "$iptables -A q0s_out_wan -t mangle -p udp -m multiport --dports $band3ports -j MARK --set-mark $((6 + $mark_offset))"
  363.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band3ports -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band3move:$band4move -j MARK --set-mark $((7 + $mark_offset))"
  364. fi
  365.  
  366. # Transfers over band4move is moved down in priority:
  367. run_command "$iptables -A q0s_fwd -t mangle -p tcp -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band4move:$band5move -j MARK --set-mark $((8 + $mark_offset))"
  368.  
  369. # *** Band 5 ports ***
  370. if [ -n "$band5ports" ]; then
  371.     # Default priority
  372.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dport $band5ports -j MARK --set-mark $((9 + $mark_offset))"
  373.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --dport $band5ports -j MARK --set-mark $((9 + $mark_offset))"
  374.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sport $band5ports -j MARK --set-mark $((9 + $mark_offset))"
  375.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --sport $band5ports -j MARK --set-mark $((9 + $mark_offset))"
  376.    
  377.     # Output default
  378.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band5ports -j MARK --set-mark $((9 + $mark_offset))"
  379.     run_command "$iptables -A q0s_out_wan -t mangle -p udp -m multiport --dports $band5ports -j MARK --set-mark $((9 + $mark_offset))"
  380. fi
  381.  
  382. # Transfers over band4move is moved down in priority, connmark for the last match:
  383. run_command "$iptables -A q0s_fwd -t mangle -p tcp -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band5move:$band6move -j MARK --set-mark $((9 + $mark_offset))"
  384. run_command "$iptables -A q0s_fwd -t mangle -p tcp -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band6move: -j MARK --set-mark $((10 + $mark_offset))"
  385.  
  386. run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band5move:$band6move -j MARK --set-mark $((9 + $mark_offset))"
  387. run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m connbytes --connbytes-dir both --connbytes-mode bytes --connbytes $band6move: -j MARK --set-mark $((10 + $mark_offset))"
  388.  
  389. # Special band 8, these ports are always in that band
  390. if [ -n "$band8ports" ]; then
  391.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --dports $band8ports -j MARK --set-mark $((11 + $mark_offset))"
  392.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --dports $band8ports -j MARK --set-mark $((11 + $mark_offset))"
  393.    
  394.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m multiport --sports $band8ports -j MARK --set-mark $((11 + $mark_offset))"
  395.     run_command "$iptables -A q0s_fwd -t mangle -p udp -m multiport --sports $band8ports -j MARK --set-mark $((11 + $mark_offset))"
  396.    
  397.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp -m multiport --dports $band8ports -j MARK --set-mark $((11 + $mark_offset))"
  398.     run_command "$iptables -A q0s_out_wan -t mangle -p udp -m multiport --dports $band8ports -j MARK --set-mark $((11 + $mark_offset))"
  399. fi
  400.  
  401. if [ "$has_ipp2p" == "yes" ]; then
  402.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m ipp2p $ipp2p_protos -j MARK --set-mark $(($ipp2p_band + 3 + $mark_offset))"
  403.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m mark --mark $(($ipp2p_band + 3 + $mark_offset)) -j CONNMARK --save-mark"
  404. fi
  405.  
  406. if [ "$has_l7" == "yes" ]; then
  407.     for ((i=1; i<${#l7_proto[*]}; i++)); do
  408.     run_command "$iptables -A q0s_fwd -t mangle -p tcp -m layer7 $l7_opts --l7proto ${l7_proto[$i]} -j MARK --set-mark $((${l7_band[$i]} + 3 + $mark_offset))"
  409.     done
  410. fi
  411.  
  412. # Packets from special hosts get in the interactive traffic band at all times
  413. for host in $specialhosts; do
  414.     run_command "$iptables -A q0s_fwd -t mangle -s $host -j MARK --set-mark $((4 + $mark_offset))"
  415.     run_command "$iptables -A q0s_fwd -t mangle -d $host -j MARK --set-mark $((4 + $mark_offset))"
  416. done
  417.  
  418. for port in $specialserviceports; do
  419.     run_command "$iptables -A q0s_out_wan -t mangle -p tcp --sport $port -j MARK --set-mark $((3 + $mark_offset))"
  420.     run_command "$iptables -A q0s_out_wan -t mangle -p udp --sport $port -j MARK --set-mark $((3 + $mark_offset))"
  421. done
  422.  
  423. # These get interactive, but have a much lower max rate
  424. for host in $specialhosts_shpd; do
  425.     run_command "$iptables -A q0s_fwd -t mangle -s $host -j MARK --set-mark $((3 + $mark_offset))"
  426.     run_command "$iptables -A q0s_fwd -t mangle -d $host -j MARK --set-mark $((3 + $mark_offset))"
  427. done
  428.  
  429. # LOCALHOST to LAN needs full speed, not just the default
  430. run_command "$iptables -A q0s_out_lan -t mangle -j MARK --set-mark $((1 + $mark_offset))"
  431.  
  432. #putting ACK packets in the interactive queue
  433. run_command "$tc filter add dev $wan_if parent 1: protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:40"
  434. run_command "$tc filter add dev $lan_if parent 1: protocol ip prio 10 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33 flowid 1:40"
  435.  
  436. # Ensure that we never download more than the configured rate
  437. run_command "$tc qdisc del dev $wan_if handle ffff: ingress" "force"
  438. run_command "$tc qdisc add dev $wan_if handle ffff: ingress"
  439. run_command "$tc filter add dev $wan_if parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate ${wan_spd_down_shpd}kbit burst 10k drop flowid :1"
  440. echo
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!