Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #set -v
- if [ $(whoami) != "root" ]; then
- echo "should be root"
- exit
- fi
- # crontab doesn't look in /sbin
- tc=/sbin/tc
- # devices (up and down)
- # traffic is routed in to eth1, and out of eth0
- dev_dn=eth0
- dev_up=eth1
- # special filter ip's
- sv_ips=("192.168.20.10" "192.168.20.1") # sv-1, rt-1
- ws_ips=("192.168.20.106" "192.168.20.102") # ws-1, ws-4
- hb_ips=(
- "212.58.224.0/19" "213.120.0.0/14" # bbc iplayer servers
- "87.248.212.0/24" # windows update
- "168.143.161.20" # twirl (uses twitter)
- )
- # throttle speeds (default)
- up_kbit=500 # internet upload
- dn_kbit=8000 # internet download
- local_mbit=100 # static lan speed
- # do not turn off by default
- off=0
- # allow us to override defaults
- while getopts ":d:u:o?" opt
- do
- case $opt in
- d) dn_kbit=$OPTARG ;;
- u) up_kbit=$OPTARG ;;
- o) off=1 ;;
- *) echo "qos-on [-d dn_kbit|-u up_kbit|-o]" ; exit;
- esac
- done
- # upload classes
- # burst is for web page requests
- up_c1="htb \
- rate ${up_kbit}kbit \
- ceil ${up_kbit}kbit \
- prio 1"
- up_c2="htb \
- rate $[8*$up_kbit/10]kbit \
- ceil ${up_kbit}kbit \
- burst 100k \
- prio 2"
- up_c3="htb \
- rate $[4*$up_kbit/10]kbit \
- ceil ${up_kbit}kbit \
- burst 50k \
- prio 3"
- # download classes
- # burst is for web page responses
- dn_c1="htb \
- rate ${dn_kbit}kbit \
- ceil ${dn_kbit}kbit \
- prio 1"
- dn_c2="htb \
- rate $[8*$dn_kbit/10]kbit \
- ceil ${dn_kbit}kbit \
- burst 300k \
- prio 2"
- dn_c3="htb \
- rate $[6*$dn_kbit/10]kbit \
- ceil ${dn_kbit}kbit \
- burst 200k \
- prio 3"
- dn_c4="htb \
- rate $[4*$dn_kbit/10]kbit \
- ceil ${dn_kbit}kbit \
- burst 100k \
- prio 4"
- dn_c5="htb \
- rate $[2*$dn_kbit/10]kbit \
- ceil ${dn_kbit}kbit \
- prio 5"
- echo -e "\n"`date`
- # print some debug info
- if [ $off -eq 0 ]; then
- echo "upload..."
- echo " 1: $up_c1"
- echo " 2: $up_c2"
- echo " 3: $up_c3"
- echo "download..."
- echo " 1: $dn_c1"
- echo " 2: $dn_c2"
- echo " 3: $dn_c3"
- echo " 4: $dn_c4"
- echo " 5: $dn_c5"
- else
- echo "disabling..."
- fi
- # reset all devs
- $tc qdisc del dev $dev_up root 2> /dev/null
- $tc qdisc del dev $dev_dn root 2> /dev/null
- if [ $off -eq 1 ]; then
- exit
- fi
- # add a handle with default flow
- $tc qdisc add dev $dev_up root handle 1: htb default 30
- $tc qdisc add dev $dev_dn root handle 2: htb default 40
- $tc class add dev $dev_up parent 1: classid 1:1 htb rate ${up_kbit}kbit ceil ${up_kbit}kbit
- $tc class add dev $dev_dn parent 2: classid 2:1 htb rate ${dn_kbit}kbit ceil ${dn_kbit}kbit
- # internet upload
- $tc class add dev $dev_up parent 1:1 classid 1:10 $up_c1
- $tc class add dev $dev_up parent 1:1 classid 1:20 $up_c2
- $tc class add dev $dev_up parent 1:1 classid 1:30 $up_c3
- $tc qdisc add dev $dev_up parent 1:10 handle 10: sfq perturb 10
- $tc qdisc add dev $dev_up parent 1:20 handle 20: sfq perturb 10
- $tc qdisc add dev $dev_up parent 1:30 handle 30: sfq perturb 10
- # internet download
- $tc class add dev $dev_dn parent 2:1 classid 2:10 $dn_c1
- $tc class add dev $dev_dn parent 2:1 classid 2:20 $dn_c2
- $tc class add dev $dev_dn parent 2:1 classid 2:30 $dn_c3
- $tc class add dev $dev_dn parent 2:1 classid 2:40 $dn_c4
- $tc class add dev $dev_dn parent 2:1 classid 2:50 $dn_c5
- $tc qdisc add dev $dev_dn parent 2:10 handle 10: sfq perturb 10
- $tc qdisc add dev $dev_dn parent 2:20 handle 20: sfq perturb 10
- $tc qdisc add dev $dev_dn parent 2:30 handle 30: sfq perturb 10
- $tc qdisc add dev $dev_dn parent 2:40 handle 40: sfq perturb 10
- $tc qdisc add dev $dev_dn parent 2:50 handle 50: sfq perturb 10
- # lan up/down (we don't want to limit this)
- $tc class add dev $dev_dn parent 2:1 classid 2:5 htb rate ${local_mbit}mbit
- $tc qdisc add dev $dev_dn parent 2:5 handle 5: sfq perturb 10
- u32_up="$tc filter add dev $dev_up protocol ip parent 1:0 prio 1 u32"
- u32_dn="$tc filter add dev $dev_dn protocol ip parent 2:0 prio 1 u32"
- # lan traffic (up and down goes via eth1)
- for ip in ${sv_ips[*]}; do
- $u32_dn match ip src $ip flowid 2:5
- done
- # ssh and icmp - very high up and down
- $u32_up match ip tos 0x10 0xff flowid 1:10
- $u32_up match ip protocol 1 0xff flowid 1:10
- $u32_dn match ip tos 0x10 0xff flowid 2:20
- $u32_dn match ip protocol 1 0xff flowid 2:20
- # ack - fairly high (but it does use a lot of bw)
- $u32_up \
- match ip protocol 6 0xff \
- match u8 0x05 0x0f at 0 \
- match u16 0x0000 0xffc0 at 2 \
- match u8 0x10 0xff at 33 \
- flowid 1:20
- # cap heavy downloading (before workstations)
- for ip in ${hb_ips[*]}; do
- $u32_dn match ip src $ip flowid 2:50
- done
- # high prio workstations's (left over traffic)
- for ip in ${ws_ips[*]}; do
- $u32_dn match ip dst $ip flowid 2:30
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement