tc-filter-hash-table.sh

1. cat tc-filter-hash-table.sh
2.  
3. ./tc-filter-hash-table.sh | tee -a output.txt | sudo tc -force -batch - 2>> output.txt
4. ---------------------------------------------------------------------------------------
5. #!/bin/bash
6. # tvorba prototypu pravidel - pri volani tc na vse uz to bylo v minutach
7. #./tc-filter-hash-table.sh | tee -a output.txt | sudo tc -force -batch - 2>> output.txt
8.  
9. # prikaz pro operaci s tc - musi se volat script jako tc, ale uz to je burt viz vyse
10. #v_tc="/sbin/tc"
11. v_tc="echo"
12.  
13. v_upload="enp0s31f6" #onboard - pro odchozi data
14. v_download='enx00e04c3004a4' #usb - pro prichozi data
15.  
16. # ingress qdisky pro presmerovavani trafficu
17. "$v_tc" qdisc show dev $v_upload
18. "$v_tc" qdisc show dev $v_download
19.  
20. "$v_tc" qdisc add dev "$v_upload" ingress
21. "$v_tc" qdisc add dev "$v_download" ingress
22.  
23. "$v_tc" qdisc add dev "$v_upload" root handle 1: hfsc default ffff
24. "$v_tc" qdisc add dev "$v_download" root handle 1: hfsc default ffff
25.  
26. # root filter - bez nej nelze nic
27. "$v_tc" filter add dev "$v_upload" parent 1:0 protocol ip prio 3 u32
28. "$v_tc" filter add dev "$v_download" parent 1:0 protocol ip prio 3 u32
29.  
30. # vytvoreni hlavni hash tabulky pro 2.(Be) Byte IP adresy - proto handle b
31. "$v_tc" filter add dev "$v_upload" parent 1:0 protocol ip prio 5 handle b: u32 divisor 256
32. "$v_tc" filter add dev "$v_download" parent 1:0 protocol ip prio 5 handle b: u32 divisor 256
33.  
34. # vychozi bod hash tabulky - muze mit jen jeden bucket 800::800 - vytvori se v nem filter pro presmerovani
35. # na link 2, coz je vyse vytvorena hash tabulka pro B Byte
36. "$v_tc" filter add dev "$v_upload" parent 1:0 protocol ip prio 3 handle ::1 u32\
37.     ht 800:: match ip src 0.0.0.0/0 hashkey mask 0x00ff0000 at 12 link b:
38.  
39. "$v_tc" filter add dev "$v_download" parent 1:0 protocol ip prio 3 handle ::1 u32\
40.     ht 800:: match ip dst 0.0.0.0/0 hashkey mask 0x00ff0000 at 16 link b:
41.  
42. # vytvoreni korenovych trid - root router
43. "$v_tc" class add dev "$v_upload" parent 1: classid 1:1\
44.     hfsc ls m1 0 d 0 m2 13107200 ul m1 0 d 0 m2 13107200
45.  
46. "$v_tc" class add dev "$v_download" parent 1: classid 1:1\
47.     hfsc ls m1 0 d 0 m2 13107200 ul m1 0 d 0 m2 13107200
48.  
49. # catch all
50. "$v_tc" class add dev "$v_upload" parent 1:1 classid 1:ffff\
51.     hfsc ls m1 0 d 0 m2 1310720 ul m1 0 d 0 m2 1310720
52.  
53. "$v_tc" class add dev "$v_download" parent 1:1 classid 1:ffff\
54.     hfsc ls m1 0 d 0 m2 1310720 ul m1 0 d 0 m2 1310720
55.  
56. # vytvoreni jednotlivych hash tabulek pro divisor na druhem byte a linku do prislusnych hash tabulek
57. # 0x0 - 0xff
58. for bByte in {0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}
59. do
60.     # vytvoreni jednotlivych hash tabulek pro 3. (Ce) Byte IP adresy - handle c(0-255)
61.     # je to z toho duvodu, ze nelze adresovat nulovou hodnotu ::1 by asi nemuselo fungovat
62.     # v nem budou jednotlive buckety :bucket: rozdelujici adresy podle tretiho Byte
63.     # v bucketech budou jednotlive filtery hash:bucket:filter zaznamy pro jednotlive groupy
64.     # tady samozrejme muze dochazet k vice kontrolam, ale uz by jich nemelo byt tolik
65.     # asi tu taky bude nutne zachovat centralizovanou rezervaci IP handle, protoze nebude mozne
66.     # jednoznacne zarucit, ze sem neprileti napr group 10.168.10.0/27 a 192.168.10.0/27 - nebo to mozna
67.     # mozne bude - handle by mohlo byt rovno 1. (A) Byte
68.     # kdyz bude group mit sirsi masku nez /24 - tzn. < 24, tak se do kazdeho prislusneho bucketu
69.     # bude muset udelat filter s presmerovanim do dane group - taky se to nesmi zapomenout mazat /16 je vcelku
70.     # dostatecny limit
71.  
72.     # JEDNOTLIVA PRAVIDLA PAK S PRIORITOU 9 - PRIORITA 8 PRO NESEJPOVANE IP
73.     "$v_tc" filter add dev "$v_upload" parent 1:0 protocol ip prio 7 handle b"$bByte": u32 divisor 256
74.     "$v_tc" filter add dev "$v_download" parent 1:0 protocol ip prio 7 handle b"$bByte": u32 divisor 256
75.  
76.     # vytvoreni jednotlivych linku na zaklade divisoru
77.     # link na prislusne tabulky podle id druheho byte s prefixem b
78.     "$v_tc" filter add dev "$v_upload" parent 1:0 protocol ip prio 5 handle ::1 u32\
79.         ht b:"$bByte": match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at 12 link b"$bByte":
80.  
81.     "$v_tc" filter add dev "$v_download" parent 1:0 protocol ip prio 5 handle ::1 u32\
82.         ht b:"$bByte": match ip src 0.0.0.0/0 hashkey mask 0x0000ff00 at 16 link b"$bByte":
83. done
84.  
85. # VYTVORENI JEDNOTLIVYCH GROUP, AT JE KAM PRESMEROVAVAT Z HASH TABULKY
86. # povesene jsou zatim vsechny na koren, coz pro ladeni vubec nicemu nevadi
87. # 0x2000 - 0x4fff
88. for groupId in {2,3,4}{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}{0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F}
89. do
90.     # VYTVORENI TRID PRO GROUPY
91.     "$v_tc" class add dev "$v_upload" parent 1:1 classid 1:"$groupId"\
92.         hfsc ls m1 0 d 0 m2 2621440 ul m1 0 d 0 m2 2621440
93.  
94.     "$v_tc" class add dev "$v_download" parent 1:1 classid 1:"$groupId"\
95.         hfsc ls m1 0 d 0 m2 2621440 ul m1 0 d 0 m2 2621440
96.  
97.     # VYTVORENI QDISCU PRO GROUPY
98.     "$v_tc" qdisc add dev "$v_upload" parent 1:"$groupId" handle "$groupId": hfsc default ffff
99.     "$v_tc" qdisc add dev "$v_download" parent 1:"$groupId" handle "$groupId": hfsc default ffff
100.  
101.     # ROOT FILTER V QDISCU TRIDY - BEZ NEJ NELZE NIC - POZOR NA ZMENU PARENTU
102.     "$v_tc" filter add dev "$v_upload" parent "$groupId":0 protocol ip prio 9 u32
103.     "$v_tc" filter add dev "$v_download" parent "$groupId":0 protocol ip prio 9 u32
104.  
105.     # VYTVORENI SEKUNDARNICH HASH TABULEK PRO 4.(DE) BYTE IP ADRESY - PROTO HANDLE D
106.     "$v_tc" filter add dev "$v_upload" parent "$groupId":0 protocol ip prio 11 handle d: u32 divisor 256
107.     "$v_tc" filter add dev "$v_download" parent "$groupId":0 protocol ip prio 11 handle d: u32 divisor 256
108.  
109.     # vychozi bod hash tabulky - muze mit jen jeden bucket 800::800 - vytvori se v nem filter pro presmerovani
110.     # na link 2, coz je vyse vytvorena hash tabulka pro B Byte
111.     "$v_tc" filter add dev "$v_upload" parent "$groupId":0 protocol ip prio 9 handle ::1 u32\
112.         ht 800:: match ip src 0.0.0.0/0 hashkey mask 0x000000ff at 12 link d:
113.  
114.     "$v_tc" filter add dev "$v_download" parent "$groupId":0 protocol ip prio 9 handle ::1 u32\
115.         ht 800:: match ip dst 0.0.0.0/0 hashkey mask 0x000000ff at 16 link d:
116.  
117.     # catch all 2048kbps
118.     "$v_tc" class add dev "$v_upload" parent "$groupId":0 classid "$groupId":ffff\
119.         hfsc ls m1 0 d 0 m2 262144 ul m1 0 d 0 m2 262144
120.  
121.     "$v_tc" class add dev "$v_download" parent "$groupId":0 classid "$groupId":ffff\
122.         hfsc ls m1 0 d 0 m2 262144 ul m1 0 d 0 m2 262144
123. done
124.  
125. # DEFINICE SUBNETU PRO PRESMEROVANI DO GROUPY
126. #"$v_tc" filter add dev "$v_upload" parent 1:0 protocol ip prio 7 handle ::1 u32\
127. #ht ba8:0a: match ip src 192.168.10.0/24 hashkey mask 0x000000ff at 12 flowid 2000:
128. "$v_tc" filter add dev "$v_upload" parent 1:0 protocol ip prio 7 handle ::1 u32\
129.     ht ba8:0a: match ip src 192.168.10.0/24 at 12 flowid 1:2000
130.  
131. #"$v_tc" filter add dev "$v_download" parent 1:0 protocol ip prio 7 handle ::1 u32\
132. #ht ba8:0a: match ip dst 192.168.10.0/24 hashkey mask 0x000000ff at 16 flowid 2000:
133. "$v_tc" filter add dev "$v_download" parent 1:0 protocol ip prio 7 handle ::1 u32\
134.     ht ba8:0a: match ip dst 192.168.10.0/24 at 16 flowid 1:2000
135.  
136. # potud to jede catch allem groupy - ale rychleji...