Hi,
I used examples I found on this newsgroup and I made the script below.
I have 100 mbits to the internet (eth1) and I need tree qdics :
interactive, normal and slow.
Questions :
With the changes I made for the original examples...(300 kbits)
1) is my prio OK
2) is my rate OK
3) is my burst OK
4) What is the best technique (efficience) : TOS, mark because I
included both in this script and I want to pick one
Thank you !
This newsgroup is very usefull
Yves Bergeron
------------------------------------------------------------------------
#!/bin/bash -x
UPLINK=95000
DEV=eth1
iptables -t mangle -F
tc qdisc del dev $DEV root 2> /dev/null > /dev/null
# creation de la queue root
tc qdisc add dev $DEV root handle 1: htb default 20
tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k
# la classe de haute priorite 1:10 : (interactif)
tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
burst 6k prio 1
# la classe en deuxieme priorite 1:20 c'est le defaut
tc class add dev $DEV parent 1:1 classid 1:20 htb rate $[9*$UPLINK/10]kbit \
burst 6k prio 2
# la classe en basse priorite 1:30 (services trop gourmands)
tc class add dev $DEV parent 1:1 classid 1:30 htb rate 600 kbit \
burst 4k prio 3
# les trois classes sont gerees par SFQ :
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
########## utilisation de fw ##########################
# utilisation des mark de iptables (port 3389)
iptables -t mangle -A PREROUTING -p tcp -m multiport --sport 3389 -j MARK
--set-mark 0x1
iptables -t mangle -A PREROUTING -p tcp -m multiport --sport 3389 -j RETURN
tc filter add dev $DEV parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
########## utilisation de TOS et u32 ####################
# le bit Delai Minimum du champ TOS (ssh, etc... )
iptables -t mangle -A PREROUTING -p tcp -m multiport --sport 53,23,22 -j TOS
--set-tos 16
iptables -t mangle -A PREROUTING -p tcp -m multiport --sport 53,23,22 -j RETURN
iptables -t mangle -A OUTPUT -p tcp -m multiport --dport 53,23,22 -j TOS
--set-tos 16
iptables -t mangle -A OUTPUT -p tcp -m multiport --dport 53,23,22 -j RETURN
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip tos 0x10 0xff flowid 1:10
########## utilisation de u32 et triplets ###############
# on place une adresse dans le flow de punition
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip src x.x.x.x/x flowid 1:30
# le web
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip dport 80 0xffff flowid 1:10
# ICMP (ip protocol 1) est dirige vers la classe interactive 1:10
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
match ip protocol 1 0xff flowid 1:10
# pour accelerer les telechargements vers l'aval lors de la presence d'un
# flux montant, les paquets ACK sont places dans la classe interactive :
tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:10
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
