Olá pessoal tudo bem?
Preciso de mais uma ajuda, consegui aqui no forum diversas dicas para colocar o bfw para funcionar na LOCAL2=ETH2, e realmente consegui separar as sub-redes para cair na eth2, só que não consigo controlar com o QOS na segunda rede, quer dizer na verdade consegui um script aqui no forum que controla, so que quando reinicio a servidor, as configs LOCAL2_BROADCAST='10.1.255.255'
LOCAL2_NETWORK='10.1.0.0'
somen, alguém sabe me dizer se é possivel deixar essa configs na rede local2, pois o script para o QOS, pega a network da local2.
Mais uma vez obrigado a todos.
BFW Firewall & Router
A powerful network security tool, easy, safe and totally free.
|
|
||
arquivo mestre de configuração
21 mensagens
• Página 1 de 1
por Claudio » Qua Ago 08, 2007 2:09 pm
Realmente esses parametros estão condenados, para as futuras versões eu pretendo remover o broadcast e o network inclusive das redes LAN e INET.
O script do qos deveria CALCULAR esses dados com base no endereço e na mascara.
Acrescente isso no inicio do seu script personalizado de QOS:
O problema com esses parametros é que poucos usuários compreendem a função deles, daí é comum o cidadão alterar o endereço ou a mascara mas deixar o broadcast errado. Como esses valores podem ser calculados pelo sistema é mais seguro simplesmente não deixar o usuário mexer com isso.
O script do qos deveria CALCULAR esses dados com base no endereço e na mascara.
Acrescente isso no inicio do seu script personalizado de QOS:
- Código: Selecionar todos
eval `ipcalc -p -n -b $LOCAL2_IPADDR $LOCAL2_NETMASK`
LOCAL2_BROADCAST="$BROADCAST"
LOCAL2_NETWORK="$NETWORK"
O problema com esses parametros é que poucos usuários compreendem a função deles, daí é comum o cidadão alterar o endereço ou a mascara mas deixar o broadcast errado. Como esses valores podem ser calculados pelo sistema é mais seguro simplesmente não deixar o usuário mexer com isso.
Não dou suporte via mensagem privada e e-mail.
Por favor, não insista.
Por favor, não insista.
-
Claudio 
- Mensagens: 7553
- Registrado em: Qui Ago 25, 2005 9:10 am
- Localização: Vitória - ES - Brasil
- BrazilFW Box:
por André R. Viggiano » Qua Ago 08, 2007 4:22 pm
Claudio pelo menos um desse valor devera ser informado
por exemplo
Mascara :255.255.255.252
Endereco de rede : 192.168.0.5
o sistema calcula o Brodcast
que será
192.168.0.8
ou contrário..., mas pelo menos um desses valores devera ser informado
só a mascara você sabe o tamanho, mas não sabe onde começa ou termina a rede...
se falei m*rd* vou ter que rever meus conceitos de rede...
por exemplo
Mascara :255.255.255.252
Endereco de rede : 192.168.0.5
o sistema calcula o Brodcast
que será
192.168.0.8
ou contrário..., mas pelo menos um desses valores devera ser informado
só a mascara você sabe o tamanho, mas não sabe onde começa ou termina a rede...
se falei m*rd* vou ter que rever meus conceitos de rede...
- André R. Viggiano
por Claudio » Qua Ago 08, 2007 4:48 pm
Olha só,
São 4 parametros:
- Endereço
- Mascara (ou Prefixo)
- Broadcast
- Network
Endereço e Mascara PRECISAM ser informados. Não dá para fazer nada sem eles.
O que eu acho que devemos calcular automaticamente é o Broadcast e o Network.
Releia o post do caeduoliveira que você vai notar que são justamente esses dois parâmetros que o BrazilFW não está guardando. E não guarda de propósito. Eu programei ele para não guardar o broadcast e o network, para evitar erros do usuário.
Por tradição, o broadcast e o network da LAN e da INET ainda existem no sistema (desde a época do coyote) mas eu tenho planos para eliminá-los completamente.
São 4 parametros:
- Endereço
- Mascara (ou Prefixo)
- Broadcast
- Network
Endereço e Mascara PRECISAM ser informados. Não dá para fazer nada sem eles.
O que eu acho que devemos calcular automaticamente é o Broadcast e o Network.
Releia o post do caeduoliveira que você vai notar que são justamente esses dois parâmetros que o BrazilFW não está guardando. E não guarda de propósito. Eu programei ele para não guardar o broadcast e o network, para evitar erros do usuário.
Por tradição, o broadcast e o network da LAN e da INET ainda existem no sistema (desde a época do coyote) mas eu tenho planos para eliminá-los completamente.
Não dou suporte via mensagem privada e e-mail.
Por favor, não insista.
Por favor, não insista.
-
Claudio - Mensagens: 7553
- Registrado em: Qui Ago 25, 2005 9:10 am
- Localização: Vitória - ES - Brasil
- BrazilFW Box:
confundi as coisas
por Claudio » Qua Ago 08, 2007 8:50 pm
o Network serve para que?
O network, somado com a máscara, serve para identificar a rede.
Por exemplo:
192.168.0.0/24
É uma forma de representar todo esse conjunto de endereços.
Quando você precisa escrever uma regra que vale para toda a rede (ou subrede) você utiliza esse formato.
Não dou suporte via mensagem privada e e-mail.
Por favor, não insista.
Por favor, não insista.
-
Claudio - Mensagens: 7553
- Registrado em: Qui Ago 25, 2005 9:10 am
- Localização: Vitória - ES - Brasil
- BrazilFW Box:
por caeduoliveira » Qui Ago 09, 2007 4:38 pm
Na verdade esta pegando a rede, mais quando começo a criar as classes na eth2 começa a dar o seguinte erro: RTNETLINK answers: File exists.
Vou colocar o Script:
#!/bin/sh
#
# Coyote Traffic Control startup script
# Author: Dolly <dolly>
#
# Changed to support Level 7 filtering
# Claudio Roberto Cussuol - 06/16/2005
TC=/usr/sbin/tc
IPTABLES=/usr/sbin/iptables
#TC=echo
#IPTABLES=echo
eval `ipcalc -p -n -b $LOCAL2_IPADDR $LOCAL2_NETMASK`
LOCAL2_BROADCAST="$BROADCAST"
LOCAL2_NETWORK="$NETWORK"
# define SFQ subclass : 1-rootclass
define_class_base_sfq() {
subclasspart=`echo ${1} | cut -f2 -d':'`
echo " - SFQ subclass ${subclasspart}: on $IF_LOCAL, $IF_INET"
$TC qdisc add dev $IF_LOCAL parent ${1} handle $subclasspart: sfq perturb 10
$TC qdisc add dev $IF_INET parent ${1} handle $subclasspart: sfq perturb 10
}
# define QOS subclasses : 1-rootclass, 2-band, 3-ceil, 4-up_band, 5-up_ceil, 6-interface
define_class_base_qos() {
IF_LOCAL=$6
DOWN_HIGH_PRI=$(percentage ${2} $QOS_HIGH_PRI_PER)
DOWN_NORM_PRI=$(percentage ${2} $QOS_NORM_PRI_PER)
DOWN_SLOW_PRI=$(percentage ${2} $QOS_SLOW_PRI_PER)
UP_HIGH_PRI=$(percentage ${4} $QOS_HIGH_PRI_PER)
UP_NORM_PRI=$(percentage ${4} $QOS_NORM_PRI_PER)
UP_SLOW_PRI=$(percentage ${4} $QOS_SLOW_PRI_PER)
subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - QOS subclasses... downstream... ${IF_LOCAL}"
echo " - high prio... prio 0, classid 1:$high_cls_id, rate ${DOWN_HIGH_PRI}kbps, ceil ${3}kbps, burst: ${QOS_FDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent ${1} classid 1:$high_cls_id htb prio 0 rate ${DOWN_HIGH_PRI}kbit ceil ${3}kbit burst ${QOS_FDOWN_BURST}k
echo " - norm prio... prio 1, classid 1:$norm_cls_id, rate ${DOWN_NORM_PRI}kbps, ceil ${3}kbps, burst: ${QOS_NDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent ${1} classid 1:$norm_cls_id htb prio 1 rate ${DOWN_NORM_PRI}kbit ceil ${3}kbit burst ${QOS_NDOWN_BURST}k
echo " - slow prio... prio 2, classid 1:$slow_cls_id, rate ${DOWN_SLOW_PRI}kbps, ceil ${3}kbps, burst: ${QOS_SDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent ${1} classid 1:$slow_cls_id htb prio 2 rate ${DOWN_SLOW_PRI}kbit ceil ${3}kbit burst ${QOS_SDOWN_BURST}k
echo " - SFQ ${IF_LOCAL}... $high_cls_id:, $norm_cls_id:, $slow_cls_id:"
$TC qdisc add dev $IF_LOCAL parent 1:${high_cls_id} handle $high_cls_id: sfq perturb 10
$TC qdisc add dev $IF_LOCAL parent 1:${norm_cls_id} handle $norm_cls_id: sfq perturb 10
$TC qdisc add dev $IF_LOCAL parent 1:${slow_cls_id} handle $slow_cls_id: sfq perturb 10
echo " - QOS subclasses... upstream... ${IF_INET}"
echo " - high prio... prio 0, classid 1:$high_cls_id, rate ${UP_HIGH_PRI}kbps, ceil ${5}kbps, burst: ${QOS_FUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid 1:$high_cls_id htb prio 0 rate ${UP_HIGH_PRI}kbit ceil ${5}kbit burst ${QOS_FUP_BURST}k
echo " - norm prio... prio 1, classid 1:$norm_cls_id, rate ${UP_NORM_PRI}kbps, ceil ${5}kbps, burst: ${QOS_NUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid 1:$norm_cls_id htb prio 1 rate ${UP_NORM_PRI}kbit ceil ${5}kbit burst ${QOS_NUP_BURST}k
echo " - slow prio... prio 2, classid 1:$slow_cls_id, rate ${UP_SLOW_PRI}kbps, ceil ${5}kbps, burst: ${QOS_SUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid 1:$slow_cls_id htb prio 2 rate ${UP_SLOW_PRI}kbit ceil ${5}kbit burst ${QOS_SUP_BURST}k
echo " - SFQ ${IF_INET}... $high_cls_id:, $norm_cls_id:, $slow_cls_id:"
$TC qdisc add dev $IF_INET parent 1:${high_cls_id} handle $high_cls_id: sfq perturb 10
$TC qdisc add dev $IF_INET parent 1:${norm_cls_id} handle $norm_cls_id: sfq perturb 10
$TC qdisc add dev $IF_INET parent 1:${slow_cls_id} handle $slow_cls_id: sfq perturb 10
}
# Define downstream class categorization filter
# 1-device, 2-root, 3-clsid, 4-matchip
define_class_filter_down () {
echo " - TC down filter in class ${2}, ip ${4}, destination ${3}"
$TC filter add dev ${1} protocol ip parent ${2} pref 100 u32 \
match ip dst ${4} flowid ${3}
}
# Define upstream class categorization filter
# 1-device, 2-root, 3-clsid, 4-matchip
define_class_filter_up () {
subclasspart=`echo ${3} | cut -f2 -d':'`
echo " - TC iptables set mark ${subclasspart} for ip ${4}"
$IPTABLES -A PREROUTING -t mangle -s ${4} -j MARK --set-mark ${subclasspart}
echo " - TC up filter in class 1:, handle ${subclasspart}, destination ${3}"
$TC filter add dev ${1} parent 1: protocol ip handle ${subclasspart} pref 100 fw classid 1:${subclasspart}
}
# Defines computer/network class
# 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip, 8-interface
define_class_base () {
IF_LOCAL=$8
echo " - device: $IF_LOCAL, classid: ${2}, root: ${1}, rate: ${3}kbps, ceil: ${4}kbps, burst: ${QOS_FDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent ${1} classid ${2} htb prio 1 rate ${3}kbit ceil ${4}kbit burst ${QOS_FDOWN_BURST}k
echo " - device: $IF_INET, classid: ${2}, root: ${1}, rate: ${5}kbps, ceil: ${6}kbps, burst: ${QOS_FUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid ${2} htb prio 1 rate ${5}kbit ceil ${6}kbit burst ${QOS_FUP_BURST}k
echo " - TC filter: delete old upstream/downstream filters for class ${2}"
$TC filter del dev $IF_LOCAL parent ${2} pref 100 2>/dev/null
$TC filter del dev $IF_INET parent ${2} pref 100 2>/dev/null
define_class_filter_down $IF_LOCAL $1 $2 $7
define_class_filter_up $IF_INET $1 $2 $7
}
# define class : # 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip
define_class () {
define_class_base $1 $2 $3 $4 $5 $6 $7
}
# define class with sfq subclass :
# 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip, 8-interface, 9-connlimit
define_class_sfq () {
define_class_base $1 $2 $3 $4 $5 $6 $7 $8
define_class_base_sfq $2
define_connlimit $7 $9
}
# define downstream class with qos subclasses :
# 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip, 8-interface
define_class_qos () {
define_class_base $1 $2 $3 $4 $5 $6 $7 $8
define_class_base_qos $2 $3 $4 $5 $6 $8
define_qos_downstream_filters $2 $8
define_qos_upstream_filters $2
define_connlimit $7 $9
}
## Builds UPSTREAM QOS filter chain : $1-rootid
define_qos_upstream_filters () {
subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - creating QOS up filters for root class ${1}, to clsids 1:${high_cls_id} 1:${norm_cls_id} 1:${slow_cls_id}"
# Prioritize ACK packets
$TC filter add dev $IF_INET protocol ip parent ${1} pref 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:${high_cls_id}
# TOS minimize delay to fast flow
#$TC filter add dev $IF_INET protocol ip parent ${1} pref 100 u32 \
# match ip tos 0x10 0xff \
# flowid 1:${high_cls_id}
if [ -r /etc/coyote/qos.filters ]; then
echo " - configuring custom upstream QOS filter rules..."
echo -n " - progress "
LINE=0
cat /etc/coyote/qos.filters | while read QOSRULE; do
LINE=$(($LINE+1))
case "$QOSRULE" in
\#*|"") continue ;;
slow*) set_qos_filter "up" $IF_INET $1 ${slow_cls_id} $QOSRULE ;;
fast*) set_qos_filter "up" $IF_INET $1 ${high_cls_id} $QOSRULE ;;
esac
done
echo
fi
# Other traffic goes to normal flow
$TC filter add dev $IF_INET protocol ip parent ${1} pref 100 u32 \
match ip src 0.0.0.0/0 \
flowid 1:${norm_cls_id}
}
## Builds downstream QOS filter chain : $1-rootid, 2-interface
define_qos_downstream_filters () {
IF_LOCAL=$2
subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - creating QOS down filters for root class ${1}, to clsids 1:${high_cls_id} 1:${norm_cls_id} 1:${slow_cls_id}"
# Prioritize ACK packets (small TCP packets witch ACK field set)
$TC filter add dev $IF_LOCAL protocol ip parent ${1} pref 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:${high_cls_id}
# TOS minimize delay to fast flow
#$TC filter add dev $IF_LOCAL protocol ip parent ${1} pref 100 u32 \
# match ip tos 0x10 0xff \
# flowid 1:${high_cls_id}
if [ -r /etc/coyote/qos.filters ]; then
echo " - configuring custom downstream QOS filter rules..."
echo -n " - progress "
LINE=0
cat /etc/coyote/qos.filters | while read QOSRULE; do
LINE=$(($LINE+1))
case "$QOSRULE" in
\#*|"") continue ;;
slow*) set_qos_filter "down" $IF_LOCAL $1 ${slow_cls_id} $QOSRULE ;;
fast*) set_qos_filter "down" $IF_LOCAL $1 ${high_cls_id} $QOSRULE ;;
esac
done
echo
fi
# Match other
$TC filter add dev $IF_LOCAL protocol ip parent ${1} pref 100 u32 \
match ip dst 0.0.0.0/0 \
flowid 1:${norm_cls_id}
}
# parses /etc/coyote/qos.filters rules
set_qos_filter() {
if [ $# -lt 12 ]; then
echo " Invalid rule line# $LINE in /etc/coyote/qos.filters"
return 1
fi
echo -n .
if [ "$6" = "Y" ]; then
# Protocol Option
PROTO=`echo $7 | tr [A-Z] [a-z]`
PROTOOPT=
if [ "$PROTO" = "any" -o "$PROTO" = "all" ]; then
PROTOOPT=""
elif [ "$PROTO" -ge 0 -a "$PROTO" -le 255 ] 2>/dev/null; then
PROTOOPT="match ip protocol $PROTO 0xff"
elif [ "$PROTO" = "icmp" -o "$PROTO" = "tcp" -o "$PROTO" = "udp" ]; then
PROTO_NUM=6
case "$PROTO" in
tcp) PROTO_NUM=6 ;;
icmp) PROTO_NUM=1 ;;
udp) PROTO_NUM=17 ;;
esac
PROTOOPT="match ip protocol $PROTO_NUM 0xff"
else
echo " QOS filter rule line# $LINE - protocol option error"
return 1
fi
# Remote-Port Option
REM_PORT=`echo $8 | tr [A-Z] [a-z]`
REM_PORTOPT=
if [ "$REM_PORT" = "any" -o "$REM_PORT" = "all" ] || [ "$REM_PORT" -eq 0 ] 2>/dev/null; then
REM_PORTOPT=""
elif [ ! -z "$REM_PORT" ]; then
REM_PORTOPT=$REM_PORT
else
echo " QOS filter rule line# $LINE - remote_port option error"
return 1
fi
# Remote-Mask Option
REM_MASK=$9
REM_MASKOPT=
if [ "$REM_MASK" = "any" -o "$REM_MASK" = "all" ] || [ "$REM_MASK" -eq 0 ] 2>/dev/null; then
REM_MASKOPT=""
else
REM_MASKOPT=$REM_MASK
fi
# Local-Port Option
LOC_PORT=`echo $11 | tr [A-Z] [a-z]`
LOC_PORTOPT=
if [ "$LOC_PORT" = "any" -o "$LOC_PORT" = "all" ] || [ "$LOC_PORT" -eq 0 ] 2>/dev/null; then
LOC_PORTOPT=
elif [ ! -z "$LOC_PORT" ]; then
LOC_PORTOPT=$LOC_PORT
else
echo " QOS filter rule line# $LINE - local_port option error"
return 1
fi
# Local-Mask Option
LOC_MASK=$12
LOC_MASKOPT=
if [ "$LOC_MASK" = "any" -o "$LOC_MASK" = "all" ] || [ "$LOC_MASK" -eq 0 ] 2>/dev/null; then
LOC_MASKOPT=
else
LOC_MASKOPT=$LOC_MASK
fi
REMOTE_PART=
if [ ! -z "$REM_PORTOPT" ] && [ ! -z "$REM_MASKOPT" ]; then
if [ $1 = down ]; then
REMOTE_PART="match ip sport $REM_PORTOPT 0x$REM_MASKOPT"
elif [ $1 = up ]; then
REMOTE_PART="match ip dport $REM_PORTOPT 0x$REM_MASKOPT"
else
echo " QOS filter error up/down directive."
return 1
fi
fi
LOCAL_PART=
if [ ! -z "$LOC_PORTOPT" ] && [ ! -z "$LOC_MASKOPT" ]; then
if [ $1 = down ]; then
LOCAL_PART="match ip dport $LOC_PORTOPT 0x$LOC_MASKOPT"
elif [ $1 = up ]; then
LOCAL_PART="match ip sport $LOC_PORTOPT 0x$LOC_MASKOPT"
else
echo " QOS filter error up/down directive."
return 1
fi
fi
#echo Local: $LOCAL_PART, Remote: $REMOTE_PART, Proto: $PROTOOPT
if [ $10 = and ]; then
$TC filter add dev ${2} protocol ip parent ${3} pref 100 u32 \
$PROTOOPT $REMOTE_PART $LOCAL_PART \
flowid 1:${4}
elif [ $10 = or ]; then
if [ "$REMOTE_PART" != "" ]; then
$TC filter add dev ${2} protocol ip parent ${3} pref 100 u32 \
$PROTOOPT $REMOTE_PART \
flowid 1:${4}
fi
if [ "$LOCAL_PART" != "" ]; then
$TC filter add dev ${2} protocol ip parent ${3} pref 100 u32 \
$PROTOOPT $LOCAL_PART \
flowid 1:${4}
fi
else
echo " QOS filter invalid and/or option."
return 1
fi
else
return 0
fi
}
# Limitar conexoes por IP: $1-ip, 2-maximo conexoes
define_connlimit() {
MATCHIP=${1}
MAX_CONN=${2}
# Remove limites caso exista algum
for LIM in $($IPTABLES -t mangle -L -n | grep $MATCHIP | grep "conn/" | cut -c 112-120)
do
REMOVER="$IPTABLES -t mangle -D POSTROUTING -p tcp -s $MATCHIP \
-m state ! --state RELATED \
-m connlimit --connlimit-above $LIM --connlimit-mask 32 \
-j DROP"
$($REMOVER)
done
#echo $REMOVER
#echo " - Removendo limite de conexoes ($MAX_CONN) para $MATCHIP ..."
#$($REMOVER)
# Cria o limite caso o valor passado nao seja 0
if [ ! $MAX_CONN -eq 0 ]; then
CRIAR="$IPTABLES -t mangle -I POSTROUTING -p tcp -s $MATCHIP \
-m state ! --state RELATED \
-m connlimit --connlimit-above $MAX_CONN --connlimit-mask 32 \
-j DROP"
echo " - Criando limite de conexoes ($MAX_CONN) para $MATCHIP ..."
#echo $CRIAR
$($CRIAR)
fi
}
echo "* Deleting old QOS classes..."
# Flush rules
$TC qdisc del dev $IF_LOCAL root 2>/dev/null
$TC qdisc del dev $IF_LOCAL2 root 2>/dev/null
$TC qdisc del dev $IF_LOCAL3 root 2>/dev/null
$TC qdisc del dev $IF_INET root 2>/dev/null
echo "* Deleting old root filters..."
# Delete old DOWNSTREAM root filters
$TC filter del dev $IF_LOCAL parent 1:2 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL parent 1:1 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL parent 1: pref 100 2>/dev/null
if [ ! -z $IF_LOCAL2 ]; then
$TC filter del dev $IF_LOCAL2 parent 1:2 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL2 parent 1:1 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL2 parent 1: pref 100 2>/dev/null
fi
if [ ! -z $IF_LOCAL3 ]; then
$TC filter del dev $IF_LOCAL3 parent 1:2 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL3 parent 1:1 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL3 parent 1: pref 100 2>/dev/null
fi
# Delete old UPSTREAM root filters
$TC filter del dev $IF_INET parent 1:1 pref 100 2>/dev/null
$TC filter del dev $IF_INET parent 1: pref 100 2>/dev/null
if [ "$1" = "stop" ]; then
echo "* QOS stopped."
exit
fi
#exit 0
echo "* Initializing Traffic control, building root classes..."
# DOWNSTREAM Root qdisc, divide local and inet traffic to separate classes
eval `ipcalc -p $LOCAL_NETWORK $LOCAL_NETMASK`
TEMP_LOCAL_NET="$LOCAL_NETWORK/$PREFIX"
$TC qdisc add dev $IF_LOCAL root handle 1: htb default 90 r2q 1
$TC class add dev $IF_LOCAL parent 1: classid 1:1 htb rate ${QOS_DOWNSTREAM}kbit burst ${QOS_FDOWN_BURST}k
$TC class add dev $IF_LOCAL parent 1: classid 1:2 htb rate 10mbit burst ${QOS_FDOWN_BURST}k
if [ ! -z $IF_LOCAL2 ]; then
eval `ipcalc -p $LOCAL2_NETWORK $LOCAL2_NETMASK`
TEMP_LOCAL_NET2="$LOCAL2_NETWORK/$PREFIX"
$TC qdisc add dev $IF_LOCAL2 root handle 1: htb default 90 r2q 1
$TC class add dev $IF_LOCAL2 parent 1: classid 1:1 htb rate ${QOS_DOWNSTREAM}kbit burst ${QOS_FDOWN_BURST}k
$TC class add dev $IF_LOCAL2 parent 1: classid 1:2 htb rate 10mbit burst ${QOS_FDOWN_BURST}k
fi
if [ ! -z $IF_LOCAL3 ]; then
eval `ipcalc -p $LOCAL3_NETWORK $LOCAL3_NETMASK`
TEMP_LOCAL_NET3="$LOCAL3_NETWORK/$PREFIX"
$TC qdisc add dev $IF_LOCAL3 root handle 1: htb default 90 r2q 1
$TC class add dev $IF_LOCAL3 parent 1: classid 1:1 htb rate ${QOS_DOWNSTREAM}kbit burst ${QOS_FDOWN_BURST}k
$TC class add dev $IF_LOCAL3 parent 1: classid 1:2 htb rate 10mbit burst ${QOS_FDOWN_BURST}k
fi
# UPSTREAM Root qdisc, default class internet traffic to firewall class
$TC qdisc add dev $IF_INET root handle 1: htb default 89 r2q 1
$TC class add dev $IF_INET parent 1:0 classid 1:1 htb rate ${QOS_UPSTREAM}kbit burst ${QOS_FUP_BURST}
echo "* Initializing packet mangling..."
# Initialize upstream packet mangling
echo -e "TEMP_LOCAL_NET" $TEMP_LOCAL_NET "\n"
echo -e "TEMP_LOCAL_NET2" $TEMP_LOCAL_NET2 "\n"
echo -e "TEMP_LOCAL_NET3" $TEMP_LOCAL_NET3 "\n"
$IPTABLES -F PREROUTING -t mangle
$IPTABLES -A PREROUTING -t mangle -s $TEMP_LOCAL_NET -j MARK --set-mark 255
[ ! -z $IF_LOCAL2 ] && $IPTABLES -A PREROUTING -t mangle -s $TEMP_LOCAL_NET2 -j MARK --set-mark 254
[ ! -z $IF_LOCAL3 ] && $IPTABLES -A PREROUTING -t mangle -s $TEMP_LOCAL_NET3 -j MARK --set-mark 253
echo "* Computing bandwidth for junk and direct fw->inet classes"
UP_FW_STREAM=$(percentage $QOS_UPSTREAM $QOS_UPFW_STREAM)
UPSTREAM_JUNK=$(percentage $QOS_UPSTREAM $QOS_UPSTREAM_JUNK)
DOWNSTREAM_JUNK=$(percentage $QOS_DOWNSTREAM $QOS_DOWNSTREAM_JUNK)
echo " * upstream junk: ${QOS_UPSTREAM_JUNK}% (${UPSTREAM_JUNK}kbps), downstream junk: ${QOS_DOWNSTREAM_JUNK}% (${DOWNSTREAM_JUNK}kbps), direct fw->inet: ${QOS_UPFW_STREAM}% (${UP_FW_STREAM}kbps)"
CLEAR_UPSTREAM=$((${QOS_UPSTREAM}-${UP_FW_STREAM}-${UPSTREAM_JUNK}))
CLEAR_DOWNSTREAM=$((${QOS_DOWNSTREAM}-${DOWNSTREAM_JUNK}))
echo " * clear upstream: ${CLEAR_UPSTREAM}kbps, clear downstream: ${CLEAR_DOWNSTREAM}kbps."
COMP_UP=$(percentage $CLEAR_UPSTREAM $QOS_UPSTREAM_INDIVIDUAL)
COMP_DOWN=$(percentage $CLEAR_DOWNSTREAM $QOS_DOWNSTREAM_INDIVIDUAL)
echo " * individual upstream: ${COMPR_UP}kbps, individual downstream: ${COMP_DOWN}kbps."
echo "* Building Downstream/Upstream classes..."
if [ "$QOS_TYPE" = "COYOTE_DEFAULT" ]; then
echo "QOS: using Coyote init scripts with default config"
define_class_qos \
"1:1" "1:10" \
$CLEAR_DOWNSTREAM $QOS_DOWNSTREAM \
$CLEAR_UPSTREAM $QOS_UPSTREAM \
$TEMP_LOCAL_NET
elif [ "$QOS_TYPE" = "COYOTE_MANUAL" ]; then
echo "QOS: using Coyote init scripts with manual config"
build_class_chain
else
echo "QOS: QOS_TYPE configuration set for another init type"
exit
fi
## Junk and direct FW definition
echo " - downstream junk (default) class: ${DOWNSTREAM_JUNK}kbps, ceil: ${QOS_DOWNSTREAM}kbps, burst: ${QOS_SDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent 1:1 classid 1:90 htb prio 2 rate ${DOWNSTREAM_JUNK}kbit ceil ${QOS_DOWNSTREAM}kbit burst ${QOS_SDOWN_BURST}k
$TC qdisc add dev $IF_LOCAL parent 1:90 handle 90: sfq perturb 10
if [ ! -z $IF_LOCAL2 ]; then
$TC class add dev $IF_LOCAL2 parent 1:1 classid 1:90 htb prio 2 rate ${DOWNSTREAM_JUNK}kbit ceil ${QOS_DOWNSTREAM}kbit burst ${QOS_SDOWN_BURST}k
$TC qdisc add dev $IF_LOCAL2 parent 1:90 handle 90: sfq perturb 10
fi
if [ ! -z $IF_LOCAL3 ]; then
$TC class add dev $IF_LOCAL3 parent 1:1 classid 1:90 htb prio 2 rate ${DOWNSTREAM_JUNK}kbit ceil ${QOS_DOWNSTREAM}kbit burst ${QOS_SDOWN_BURST}k
$TC qdisc add dev $IF_LOCAL3 parent 1:90 handle 90: sfq perturb 10
fi
echo " - upstream junk (default) class: ${UPSTREAM_JUNK}kbps, ceil: ${QOS_UPSTREAM}kbps, burst: ${QOS_SUP_BURST}k"
$TC class add dev $IF_INET parent 1:1 classid 1:90 htb prio 2 rate ${UPSTREAM_JUNK}kbit ceil ${QOS_UPSTREAM}kbit burst ${QOS_SUP_BURST}k
$TC qdisc add dev $IF_INET parent 1:90 handle 90: sfq perturb 10
echo " - direct fw->inet class: ${UP_FW_STREAM}kbps, ceil: ${QOS_UPSTREAM}kbps, burst: ${QOS_NUP_BURST}k"
$TC class add dev $IF_INET parent 1:1 classid 1:89 htb prio 1 rate ${UP_FW_STREAM}kbit ceil ${QOS_UPSTREAM}kbit burst ${QOS_NUP_BURST}k
$TC qdisc add dev $IF_INET parent 1:89 handle 89: sfq perturb 10
## Root Categorization FILTERS
echo "* Building new root DOWNSTREAM/UPSTREAM filters ..."
# Match traffic from firewall, enque to fast flow
# echo " - Match traffic from firewall, enque to fast flow"
$TC filter add dev $IF_LOCAL protocol ip parent 1: pref 100 u32 \
match ip src $TEMP_LOCAL_NET flowid 1:2
# Match traffic for local network
# echo " - Match traffic for local network ..."
$TC filter add dev $IF_LOCAL protocol ip parent 1: pref 100 u32 \
match ip dst $TEMP_LOCAL_NET flowid 1:1
# echo " - FIM $IF_LOCAL"
if [ ! -z $IF_LOCAL2 ]; then
# Match traffic from firewall, enque to fast flow
# echo " - Match traffic from firewall, enque to fast flow"
$TC filter add dev $IF_LOCAL2 protocol ip parent 1: pref 100 u32 \
match ip src $TEMP_LOCAL_NET2 flowid 1:2
# Match traffic for local network 2
# echo " - Match traffic for local network 2 ..."
$TC filter add dev $IF_LOCAL2 protocol ip parent 1: pref 100 u32 \
match ip dst $TEMP_LOCAL_NET2 flowid 1:1
# echo " - FIM $IF_LOCAL2"
fi
if [ ! -z $IF_LOCAL3 ]; then
# Match traffic from firewall, enque to fast flow
# echo " - Match traffic from firewall, enque to fast flow"
$TC filter add dev $IF_LOCAL3 protocol ip parent 1: pref 100 u32 \
match ip src $TEMP_LOCAL_NET3 flowid 1:2
# Match traffic for local network 3
# echo " - Match traffic for local network 3 ..."
$TC filter add dev $IF_LOCAL3 protocol ip parent 1: pref 100 u32 \
match ip dst $TEMP_LOCAL_NET3 flowid 1:1
# echo " - FIM $IF_LOCAL3"
fi
# Match traffic from local network
$TC filter add dev $IF_INET parent 1: protocol ip handle 255 pref 100 fw classid 1:90
# [ ! -z $IF_LOCAL2 ] && $TC filter add dev $IF_INET2 parent 1: protocol ip handle 254 pref 100 fw classid 1:90
# [ ! -z $IF_LOCAL3 ] && $TC filter add dev $IF_INET3 parent 1: protocol ip handle 253 pref 100 fw classid 1:90
echo "* Computing bandwidth for junk and direct fw->inet classes"
Obrigado a todos
Vou colocar o Script:
#!/bin/sh
#
# Coyote Traffic Control startup script
# Author: Dolly <dolly>
#
# Changed to support Level 7 filtering
# Claudio Roberto Cussuol - 06/16/2005
TC=/usr/sbin/tc
IPTABLES=/usr/sbin/iptables
#TC=echo
#IPTABLES=echo
eval `ipcalc -p -n -b $LOCAL2_IPADDR $LOCAL2_NETMASK`
LOCAL2_BROADCAST="$BROADCAST"
LOCAL2_NETWORK="$NETWORK"
# define SFQ subclass : 1-rootclass
define_class_base_sfq() {
subclasspart=`echo ${1} | cut -f2 -d':'`
echo " - SFQ subclass ${subclasspart}: on $IF_LOCAL, $IF_INET"
$TC qdisc add dev $IF_LOCAL parent ${1} handle $subclasspart: sfq perturb 10
$TC qdisc add dev $IF_INET parent ${1} handle $subclasspart: sfq perturb 10
}
# define QOS subclasses : 1-rootclass, 2-band, 3-ceil, 4-up_band, 5-up_ceil, 6-interface
define_class_base_qos() {
IF_LOCAL=$6
DOWN_HIGH_PRI=$(percentage ${2} $QOS_HIGH_PRI_PER)
DOWN_NORM_PRI=$(percentage ${2} $QOS_NORM_PRI_PER)
DOWN_SLOW_PRI=$(percentage ${2} $QOS_SLOW_PRI_PER)
UP_HIGH_PRI=$(percentage ${4} $QOS_HIGH_PRI_PER)
UP_NORM_PRI=$(percentage ${4} $QOS_NORM_PRI_PER)
UP_SLOW_PRI=$(percentage ${4} $QOS_SLOW_PRI_PER)
subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - QOS subclasses... downstream... ${IF_LOCAL}"
echo " - high prio... prio 0, classid 1:$high_cls_id, rate ${DOWN_HIGH_PRI}kbps, ceil ${3}kbps, burst: ${QOS_FDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent ${1} classid 1:$high_cls_id htb prio 0 rate ${DOWN_HIGH_PRI}kbit ceil ${3}kbit burst ${QOS_FDOWN_BURST}k
echo " - norm prio... prio 1, classid 1:$norm_cls_id, rate ${DOWN_NORM_PRI}kbps, ceil ${3}kbps, burst: ${QOS_NDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent ${1} classid 1:$norm_cls_id htb prio 1 rate ${DOWN_NORM_PRI}kbit ceil ${3}kbit burst ${QOS_NDOWN_BURST}k
echo " - slow prio... prio 2, classid 1:$slow_cls_id, rate ${DOWN_SLOW_PRI}kbps, ceil ${3}kbps, burst: ${QOS_SDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent ${1} classid 1:$slow_cls_id htb prio 2 rate ${DOWN_SLOW_PRI}kbit ceil ${3}kbit burst ${QOS_SDOWN_BURST}k
echo " - SFQ ${IF_LOCAL}... $high_cls_id:, $norm_cls_id:, $slow_cls_id:"
$TC qdisc add dev $IF_LOCAL parent 1:${high_cls_id} handle $high_cls_id: sfq perturb 10
$TC qdisc add dev $IF_LOCAL parent 1:${norm_cls_id} handle $norm_cls_id: sfq perturb 10
$TC qdisc add dev $IF_LOCAL parent 1:${slow_cls_id} handle $slow_cls_id: sfq perturb 10
echo " - QOS subclasses... upstream... ${IF_INET}"
echo " - high prio... prio 0, classid 1:$high_cls_id, rate ${UP_HIGH_PRI}kbps, ceil ${5}kbps, burst: ${QOS_FUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid 1:$high_cls_id htb prio 0 rate ${UP_HIGH_PRI}kbit ceil ${5}kbit burst ${QOS_FUP_BURST}k
echo " - norm prio... prio 1, classid 1:$norm_cls_id, rate ${UP_NORM_PRI}kbps, ceil ${5}kbps, burst: ${QOS_NUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid 1:$norm_cls_id htb prio 1 rate ${UP_NORM_PRI}kbit ceil ${5}kbit burst ${QOS_NUP_BURST}k
echo " - slow prio... prio 2, classid 1:$slow_cls_id, rate ${UP_SLOW_PRI}kbps, ceil ${5}kbps, burst: ${QOS_SUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid 1:$slow_cls_id htb prio 2 rate ${UP_SLOW_PRI}kbit ceil ${5}kbit burst ${QOS_SUP_BURST}k
echo " - SFQ ${IF_INET}... $high_cls_id:, $norm_cls_id:, $slow_cls_id:"
$TC qdisc add dev $IF_INET parent 1:${high_cls_id} handle $high_cls_id: sfq perturb 10
$TC qdisc add dev $IF_INET parent 1:${norm_cls_id} handle $norm_cls_id: sfq perturb 10
$TC qdisc add dev $IF_INET parent 1:${slow_cls_id} handle $slow_cls_id: sfq perturb 10
}
# Define downstream class categorization filter
# 1-device, 2-root, 3-clsid, 4-matchip
define_class_filter_down () {
echo " - TC down filter in class ${2}, ip ${4}, destination ${3}"
$TC filter add dev ${1} protocol ip parent ${2} pref 100 u32 \
match ip dst ${4} flowid ${3}
}
# Define upstream class categorization filter
# 1-device, 2-root, 3-clsid, 4-matchip
define_class_filter_up () {
subclasspart=`echo ${3} | cut -f2 -d':'`
echo " - TC iptables set mark ${subclasspart} for ip ${4}"
$IPTABLES -A PREROUTING -t mangle -s ${4} -j MARK --set-mark ${subclasspart}
echo " - TC up filter in class 1:, handle ${subclasspart}, destination ${3}"
$TC filter add dev ${1} parent 1: protocol ip handle ${subclasspart} pref 100 fw classid 1:${subclasspart}
}
# Defines computer/network class
# 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip, 8-interface
define_class_base () {
IF_LOCAL=$8
echo " - device: $IF_LOCAL, classid: ${2}, root: ${1}, rate: ${3}kbps, ceil: ${4}kbps, burst: ${QOS_FDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent ${1} classid ${2} htb prio 1 rate ${3}kbit ceil ${4}kbit burst ${QOS_FDOWN_BURST}k
echo " - device: $IF_INET, classid: ${2}, root: ${1}, rate: ${5}kbps, ceil: ${6}kbps, burst: ${QOS_FUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid ${2} htb prio 1 rate ${5}kbit ceil ${6}kbit burst ${QOS_FUP_BURST}k
echo " - TC filter: delete old upstream/downstream filters for class ${2}"
$TC filter del dev $IF_LOCAL parent ${2} pref 100 2>/dev/null
$TC filter del dev $IF_INET parent ${2} pref 100 2>/dev/null
define_class_filter_down $IF_LOCAL $1 $2 $7
define_class_filter_up $IF_INET $1 $2 $7
}
# define class : # 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip
define_class () {
define_class_base $1 $2 $3 $4 $5 $6 $7
}
# define class with sfq subclass :
# 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip, 8-interface, 9-connlimit
define_class_sfq () {
define_class_base $1 $2 $3 $4 $5 $6 $7 $8
define_class_base_sfq $2
define_connlimit $7 $9
}
# define downstream class with qos subclasses :
# 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip, 8-interface
define_class_qos () {
define_class_base $1 $2 $3 $4 $5 $6 $7 $8
define_class_base_qos $2 $3 $4 $5 $6 $8
define_qos_downstream_filters $2 $8
define_qos_upstream_filters $2
define_connlimit $7 $9
}
## Builds UPSTREAM QOS filter chain : $1-rootid
define_qos_upstream_filters () {
subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - creating QOS up filters for root class ${1}, to clsids 1:${high_cls_id} 1:${norm_cls_id} 1:${slow_cls_id}"
# Prioritize ACK packets
$TC filter add dev $IF_INET protocol ip parent ${1} pref 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:${high_cls_id}
# TOS minimize delay to fast flow
#$TC filter add dev $IF_INET protocol ip parent ${1} pref 100 u32 \
# match ip tos 0x10 0xff \
# flowid 1:${high_cls_id}
if [ -r /etc/coyote/qos.filters ]; then
echo " - configuring custom upstream QOS filter rules..."
echo -n " - progress "
LINE=0
cat /etc/coyote/qos.filters | while read QOSRULE; do
LINE=$(($LINE+1))
case "$QOSRULE" in
\#*|"") continue ;;
slow*) set_qos_filter "up" $IF_INET $1 ${slow_cls_id} $QOSRULE ;;
fast*) set_qos_filter "up" $IF_INET $1 ${high_cls_id} $QOSRULE ;;
esac
done
echo
fi
# Other traffic goes to normal flow
$TC filter add dev $IF_INET protocol ip parent ${1} pref 100 u32 \
match ip src 0.0.0.0/0 \
flowid 1:${norm_cls_id}
}
## Builds downstream QOS filter chain : $1-rootid, 2-interface
define_qos_downstream_filters () {
IF_LOCAL=$2
subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - creating QOS down filters for root class ${1}, to clsids 1:${high_cls_id} 1:${norm_cls_id} 1:${slow_cls_id}"
# Prioritize ACK packets (small TCP packets witch ACK field set)
$TC filter add dev $IF_LOCAL protocol ip parent ${1} pref 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:${high_cls_id}
# TOS minimize delay to fast flow
#$TC filter add dev $IF_LOCAL protocol ip parent ${1} pref 100 u32 \
# match ip tos 0x10 0xff \
# flowid 1:${high_cls_id}
if [ -r /etc/coyote/qos.filters ]; then
echo " - configuring custom downstream QOS filter rules..."
echo -n " - progress "
LINE=0
cat /etc/coyote/qos.filters | while read QOSRULE; do
LINE=$(($LINE+1))
case "$QOSRULE" in
\#*|"") continue ;;
slow*) set_qos_filter "down" $IF_LOCAL $1 ${slow_cls_id} $QOSRULE ;;
fast*) set_qos_filter "down" $IF_LOCAL $1 ${high_cls_id} $QOSRULE ;;
esac
done
echo
fi
# Match other
$TC filter add dev $IF_LOCAL protocol ip parent ${1} pref 100 u32 \
match ip dst 0.0.0.0/0 \
flowid 1:${norm_cls_id}
}
# parses /etc/coyote/qos.filters rules
set_qos_filter() {
if [ $# -lt 12 ]; then
echo " Invalid rule line# $LINE in /etc/coyote/qos.filters"
return 1
fi
echo -n .
if [ "$6" = "Y" ]; then
# Protocol Option
PROTO=`echo $7 | tr [A-Z] [a-z]`
PROTOOPT=
if [ "$PROTO" = "any" -o "$PROTO" = "all" ]; then
PROTOOPT=""
elif [ "$PROTO" -ge 0 -a "$PROTO" -le 255 ] 2>/dev/null; then
PROTOOPT="match ip protocol $PROTO 0xff"
elif [ "$PROTO" = "icmp" -o "$PROTO" = "tcp" -o "$PROTO" = "udp" ]; then
PROTO_NUM=6
case "$PROTO" in
tcp) PROTO_NUM=6 ;;
icmp) PROTO_NUM=1 ;;
udp) PROTO_NUM=17 ;;
esac
PROTOOPT="match ip protocol $PROTO_NUM 0xff"
else
echo " QOS filter rule line# $LINE - protocol option error"
return 1
fi
# Remote-Port Option
REM_PORT=`echo $8 | tr [A-Z] [a-z]`
REM_PORTOPT=
if [ "$REM_PORT" = "any" -o "$REM_PORT" = "all" ] || [ "$REM_PORT" -eq 0 ] 2>/dev/null; then
REM_PORTOPT=""
elif [ ! -z "$REM_PORT" ]; then
REM_PORTOPT=$REM_PORT
else
echo " QOS filter rule line# $LINE - remote_port option error"
return 1
fi
# Remote-Mask Option
REM_MASK=$9
REM_MASKOPT=
if [ "$REM_MASK" = "any" -o "$REM_MASK" = "all" ] || [ "$REM_MASK" -eq 0 ] 2>/dev/null; then
REM_MASKOPT=""
else
REM_MASKOPT=$REM_MASK
fi
# Local-Port Option
LOC_PORT=`echo $11 | tr [A-Z] [a-z]`
LOC_PORTOPT=
if [ "$LOC_PORT" = "any" -o "$LOC_PORT" = "all" ] || [ "$LOC_PORT" -eq 0 ] 2>/dev/null; then
LOC_PORTOPT=
elif [ ! -z "$LOC_PORT" ]; then
LOC_PORTOPT=$LOC_PORT
else
echo " QOS filter rule line# $LINE - local_port option error"
return 1
fi
# Local-Mask Option
LOC_MASK=$12
LOC_MASKOPT=
if [ "$LOC_MASK" = "any" -o "$LOC_MASK" = "all" ] || [ "$LOC_MASK" -eq 0 ] 2>/dev/null; then
LOC_MASKOPT=
else
LOC_MASKOPT=$LOC_MASK
fi
REMOTE_PART=
if [ ! -z "$REM_PORTOPT" ] && [ ! -z "$REM_MASKOPT" ]; then
if [ $1 = down ]; then
REMOTE_PART="match ip sport $REM_PORTOPT 0x$REM_MASKOPT"
elif [ $1 = up ]; then
REMOTE_PART="match ip dport $REM_PORTOPT 0x$REM_MASKOPT"
else
echo " QOS filter error up/down directive."
return 1
fi
fi
LOCAL_PART=
if [ ! -z "$LOC_PORTOPT" ] && [ ! -z "$LOC_MASKOPT" ]; then
if [ $1 = down ]; then
LOCAL_PART="match ip dport $LOC_PORTOPT 0x$LOC_MASKOPT"
elif [ $1 = up ]; then
LOCAL_PART="match ip sport $LOC_PORTOPT 0x$LOC_MASKOPT"
else
echo " QOS filter error up/down directive."
return 1
fi
fi
#echo Local: $LOCAL_PART, Remote: $REMOTE_PART, Proto: $PROTOOPT
if [ $10 = and ]; then
$TC filter add dev ${2} protocol ip parent ${3} pref 100 u32 \
$PROTOOPT $REMOTE_PART $LOCAL_PART \
flowid 1:${4}
elif [ $10 = or ]; then
if [ "$REMOTE_PART" != "" ]; then
$TC filter add dev ${2} protocol ip parent ${3} pref 100 u32 \
$PROTOOPT $REMOTE_PART \
flowid 1:${4}
fi
if [ "$LOCAL_PART" != "" ]; then
$TC filter add dev ${2} protocol ip parent ${3} pref 100 u32 \
$PROTOOPT $LOCAL_PART \
flowid 1:${4}
fi
else
echo " QOS filter invalid and/or option."
return 1
fi
else
return 0
fi
}
# Limitar conexoes por IP: $1-ip, 2-maximo conexoes
define_connlimit() {
MATCHIP=${1}
MAX_CONN=${2}
# Remove limites caso exista algum
for LIM in $($IPTABLES -t mangle -L -n | grep $MATCHIP | grep "conn/" | cut -c 112-120)
do
REMOVER="$IPTABLES -t mangle -D POSTROUTING -p tcp -s $MATCHIP \
-m state ! --state RELATED \
-m connlimit --connlimit-above $LIM --connlimit-mask 32 \
-j DROP"
$($REMOVER)
done
#echo $REMOVER
#echo " - Removendo limite de conexoes ($MAX_CONN) para $MATCHIP ..."
#$($REMOVER)
# Cria o limite caso o valor passado nao seja 0
if [ ! $MAX_CONN -eq 0 ]; then
CRIAR="$IPTABLES -t mangle -I POSTROUTING -p tcp -s $MATCHIP \
-m state ! --state RELATED \
-m connlimit --connlimit-above $MAX_CONN --connlimit-mask 32 \
-j DROP"
echo " - Criando limite de conexoes ($MAX_CONN) para $MATCHIP ..."
#echo $CRIAR
$($CRIAR)
fi
}
echo "* Deleting old QOS classes..."
# Flush rules
$TC qdisc del dev $IF_LOCAL root 2>/dev/null
$TC qdisc del dev $IF_LOCAL2 root 2>/dev/null
$TC qdisc del dev $IF_LOCAL3 root 2>/dev/null
$TC qdisc del dev $IF_INET root 2>/dev/null
echo "* Deleting old root filters..."
# Delete old DOWNSTREAM root filters
$TC filter del dev $IF_LOCAL parent 1:2 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL parent 1:1 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL parent 1: pref 100 2>/dev/null
if [ ! -z $IF_LOCAL2 ]; then
$TC filter del dev $IF_LOCAL2 parent 1:2 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL2 parent 1:1 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL2 parent 1: pref 100 2>/dev/null
fi
if [ ! -z $IF_LOCAL3 ]; then
$TC filter del dev $IF_LOCAL3 parent 1:2 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL3 parent 1:1 pref 100 2>/dev/null
$TC filter del dev $IF_LOCAL3 parent 1: pref 100 2>/dev/null
fi
# Delete old UPSTREAM root filters
$TC filter del dev $IF_INET parent 1:1 pref 100 2>/dev/null
$TC filter del dev $IF_INET parent 1: pref 100 2>/dev/null
if [ "$1" = "stop" ]; then
echo "* QOS stopped."
exit
fi
#exit 0
echo "* Initializing Traffic control, building root classes..."
# DOWNSTREAM Root qdisc, divide local and inet traffic to separate classes
eval `ipcalc -p $LOCAL_NETWORK $LOCAL_NETMASK`
TEMP_LOCAL_NET="$LOCAL_NETWORK/$PREFIX"
$TC qdisc add dev $IF_LOCAL root handle 1: htb default 90 r2q 1
$TC class add dev $IF_LOCAL parent 1: classid 1:1 htb rate ${QOS_DOWNSTREAM}kbit burst ${QOS_FDOWN_BURST}k
$TC class add dev $IF_LOCAL parent 1: classid 1:2 htb rate 10mbit burst ${QOS_FDOWN_BURST}k
if [ ! -z $IF_LOCAL2 ]; then
eval `ipcalc -p $LOCAL2_NETWORK $LOCAL2_NETMASK`
TEMP_LOCAL_NET2="$LOCAL2_NETWORK/$PREFIX"
$TC qdisc add dev $IF_LOCAL2 root handle 1: htb default 90 r2q 1
$TC class add dev $IF_LOCAL2 parent 1: classid 1:1 htb rate ${QOS_DOWNSTREAM}kbit burst ${QOS_FDOWN_BURST}k
$TC class add dev $IF_LOCAL2 parent 1: classid 1:2 htb rate 10mbit burst ${QOS_FDOWN_BURST}k
fi
if [ ! -z $IF_LOCAL3 ]; then
eval `ipcalc -p $LOCAL3_NETWORK $LOCAL3_NETMASK`
TEMP_LOCAL_NET3="$LOCAL3_NETWORK/$PREFIX"
$TC qdisc add dev $IF_LOCAL3 root handle 1: htb default 90 r2q 1
$TC class add dev $IF_LOCAL3 parent 1: classid 1:1 htb rate ${QOS_DOWNSTREAM}kbit burst ${QOS_FDOWN_BURST}k
$TC class add dev $IF_LOCAL3 parent 1: classid 1:2 htb rate 10mbit burst ${QOS_FDOWN_BURST}k
fi
# UPSTREAM Root qdisc, default class internet traffic to firewall class
$TC qdisc add dev $IF_INET root handle 1: htb default 89 r2q 1
$TC class add dev $IF_INET parent 1:0 classid 1:1 htb rate ${QOS_UPSTREAM}kbit burst ${QOS_FUP_BURST}
echo "* Initializing packet mangling..."
# Initialize upstream packet mangling
echo -e "TEMP_LOCAL_NET" $TEMP_LOCAL_NET "\n"
echo -e "TEMP_LOCAL_NET2" $TEMP_LOCAL_NET2 "\n"
echo -e "TEMP_LOCAL_NET3" $TEMP_LOCAL_NET3 "\n"
$IPTABLES -F PREROUTING -t mangle
$IPTABLES -A PREROUTING -t mangle -s $TEMP_LOCAL_NET -j MARK --set-mark 255
[ ! -z $IF_LOCAL2 ] && $IPTABLES -A PREROUTING -t mangle -s $TEMP_LOCAL_NET2 -j MARK --set-mark 254
[ ! -z $IF_LOCAL3 ] && $IPTABLES -A PREROUTING -t mangle -s $TEMP_LOCAL_NET3 -j MARK --set-mark 253
echo "* Computing bandwidth for junk and direct fw->inet classes"
UP_FW_STREAM=$(percentage $QOS_UPSTREAM $QOS_UPFW_STREAM)
UPSTREAM_JUNK=$(percentage $QOS_UPSTREAM $QOS_UPSTREAM_JUNK)
DOWNSTREAM_JUNK=$(percentage $QOS_DOWNSTREAM $QOS_DOWNSTREAM_JUNK)
echo " * upstream junk: ${QOS_UPSTREAM_JUNK}% (${UPSTREAM_JUNK}kbps), downstream junk: ${QOS_DOWNSTREAM_JUNK}% (${DOWNSTREAM_JUNK}kbps), direct fw->inet: ${QOS_UPFW_STREAM}% (${UP_FW_STREAM}kbps)"
CLEAR_UPSTREAM=$((${QOS_UPSTREAM}-${UP_FW_STREAM}-${UPSTREAM_JUNK}))
CLEAR_DOWNSTREAM=$((${QOS_DOWNSTREAM}-${DOWNSTREAM_JUNK}))
echo " * clear upstream: ${CLEAR_UPSTREAM}kbps, clear downstream: ${CLEAR_DOWNSTREAM}kbps."
COMP_UP=$(percentage $CLEAR_UPSTREAM $QOS_UPSTREAM_INDIVIDUAL)
COMP_DOWN=$(percentage $CLEAR_DOWNSTREAM $QOS_DOWNSTREAM_INDIVIDUAL)
echo " * individual upstream: ${COMPR_UP}kbps, individual downstream: ${COMP_DOWN}kbps."
echo "* Building Downstream/Upstream classes..."
if [ "$QOS_TYPE" = "COYOTE_DEFAULT" ]; then
echo "QOS: using Coyote init scripts with default config"
define_class_qos \
"1:1" "1:10" \
$CLEAR_DOWNSTREAM $QOS_DOWNSTREAM \
$CLEAR_UPSTREAM $QOS_UPSTREAM \
$TEMP_LOCAL_NET
elif [ "$QOS_TYPE" = "COYOTE_MANUAL" ]; then
echo "QOS: using Coyote init scripts with manual config"
build_class_chain
else
echo "QOS: QOS_TYPE configuration set for another init type"
exit
fi
## Junk and direct FW definition
echo " - downstream junk (default) class: ${DOWNSTREAM_JUNK}kbps, ceil: ${QOS_DOWNSTREAM}kbps, burst: ${QOS_SDOWN_BURST}k"
$TC class add dev $IF_LOCAL parent 1:1 classid 1:90 htb prio 2 rate ${DOWNSTREAM_JUNK}kbit ceil ${QOS_DOWNSTREAM}kbit burst ${QOS_SDOWN_BURST}k
$TC qdisc add dev $IF_LOCAL parent 1:90 handle 90: sfq perturb 10
if [ ! -z $IF_LOCAL2 ]; then
$TC class add dev $IF_LOCAL2 parent 1:1 classid 1:90 htb prio 2 rate ${DOWNSTREAM_JUNK}kbit ceil ${QOS_DOWNSTREAM}kbit burst ${QOS_SDOWN_BURST}k
$TC qdisc add dev $IF_LOCAL2 parent 1:90 handle 90: sfq perturb 10
fi
if [ ! -z $IF_LOCAL3 ]; then
$TC class add dev $IF_LOCAL3 parent 1:1 classid 1:90 htb prio 2 rate ${DOWNSTREAM_JUNK}kbit ceil ${QOS_DOWNSTREAM}kbit burst ${QOS_SDOWN_BURST}k
$TC qdisc add dev $IF_LOCAL3 parent 1:90 handle 90: sfq perturb 10
fi
echo " - upstream junk (default) class: ${UPSTREAM_JUNK}kbps, ceil: ${QOS_UPSTREAM}kbps, burst: ${QOS_SUP_BURST}k"
$TC class add dev $IF_INET parent 1:1 classid 1:90 htb prio 2 rate ${UPSTREAM_JUNK}kbit ceil ${QOS_UPSTREAM}kbit burst ${QOS_SUP_BURST}k
$TC qdisc add dev $IF_INET parent 1:90 handle 90: sfq perturb 10
echo " - direct fw->inet class: ${UP_FW_STREAM}kbps, ceil: ${QOS_UPSTREAM}kbps, burst: ${QOS_NUP_BURST}k"
$TC class add dev $IF_INET parent 1:1 classid 1:89 htb prio 1 rate ${UP_FW_STREAM}kbit ceil ${QOS_UPSTREAM}kbit burst ${QOS_NUP_BURST}k
$TC qdisc add dev $IF_INET parent 1:89 handle 89: sfq perturb 10
## Root Categorization FILTERS
echo "* Building new root DOWNSTREAM/UPSTREAM filters ..."
# Match traffic from firewall, enque to fast flow
# echo " - Match traffic from firewall, enque to fast flow"
$TC filter add dev $IF_LOCAL protocol ip parent 1: pref 100 u32 \
match ip src $TEMP_LOCAL_NET flowid 1:2
# Match traffic for local network
# echo " - Match traffic for local network ..."
$TC filter add dev $IF_LOCAL protocol ip parent 1: pref 100 u32 \
match ip dst $TEMP_LOCAL_NET flowid 1:1
# echo " - FIM $IF_LOCAL"
if [ ! -z $IF_LOCAL2 ]; then
# Match traffic from firewall, enque to fast flow
# echo " - Match traffic from firewall, enque to fast flow"
$TC filter add dev $IF_LOCAL2 protocol ip parent 1: pref 100 u32 \
match ip src $TEMP_LOCAL_NET2 flowid 1:2
# Match traffic for local network 2
# echo " - Match traffic for local network 2 ..."
$TC filter add dev $IF_LOCAL2 protocol ip parent 1: pref 100 u32 \
match ip dst $TEMP_LOCAL_NET2 flowid 1:1
# echo " - FIM $IF_LOCAL2"
fi
if [ ! -z $IF_LOCAL3 ]; then
# Match traffic from firewall, enque to fast flow
# echo " - Match traffic from firewall, enque to fast flow"
$TC filter add dev $IF_LOCAL3 protocol ip parent 1: pref 100 u32 \
match ip src $TEMP_LOCAL_NET3 flowid 1:2
# Match traffic for local network 3
# echo " - Match traffic for local network 3 ..."
$TC filter add dev $IF_LOCAL3 protocol ip parent 1: pref 100 u32 \
match ip dst $TEMP_LOCAL_NET3 flowid 1:1
# echo " - FIM $IF_LOCAL3"
fi
# Match traffic from local network
$TC filter add dev $IF_INET parent 1: protocol ip handle 255 pref 100 fw classid 1:90
# [ ! -z $IF_LOCAL2 ] && $TC filter add dev $IF_INET2 parent 1: protocol ip handle 254 pref 100 fw classid 1:90
# [ ! -z $IF_LOCAL3 ] && $TC filter add dev $IF_INET3 parent 1: protocol ip handle 253 pref 100 fw classid 1:90
echo "* Computing bandwidth for junk and direct fw->inet classes"
Obrigado a todos
- caeduoliveira
por maeliseu » Qui Ago 09, 2007 8:03 pm
caeduoliveira, blz?
bom aqui o IF_LOCAL=eth0 e o IF_LOCAL2=ath0
bom analisei e acho que resolvi olha
vc manda alterar o IF_LOCAL para a interface que vc colhe das linhas do arquivo /etc/coyote/qos.classes
que vc acrescenta no parâmetro 8 da linha
IF_LOCAL=$8
isso faz com que se a ultima linha estiver indicando ath0 ele tenta depois criar a mesma regra para ela em IF_LOCAL2
bom resolvi assim :
na define_class_base () {
que usa IF_LOCAL=$8
troquei os $IF_LOCAL por $8 e tirei a linha IF_LOCAL=$8
acontece tmb em :
define_class_base_qos() com o IF_LOCAL=$6
define_qos_downstream_filters () com o IF_LOCAL=$2
e agora parece que está gerando o gráfico no RRD para os IP´s que estão na eth0 e na ath0
ha claro , depois altero o script do webadmin pra incluir o parametro IF_LOCAL no arquivo /etc/coyote/qos.classes como fiz no de subrede
bom aqui o IF_LOCAL=eth0 e o IF_LOCAL2=ath0
bom analisei e acho que resolvi olha
vc manda alterar o IF_LOCAL para a interface que vc colhe das linhas do arquivo /etc/coyote/qos.classes
que vc acrescenta no parâmetro 8 da linha
IF_LOCAL=$8
isso faz com que se a ultima linha estiver indicando ath0 ele tenta depois criar a mesma regra para ela em IF_LOCAL2
# Match traffic for local network
# echo " - Match traffic for local network ..."
$TC filter add dev $IF_LOCAL protocol ip parent 1: pref 100 u32 \
match ip dst $TEMP_LOCAL_NET flowid 1:1
# echo " - FIM $IF_LOCAL"
if [ ! -z $IF_LOCAL2 ]; then # Match traffic from firewall, enque to fast flow
# echo " - Match traffic from firewall, enque to fast flow"
$TC filter add dev $IF_LOCAL2 protocol ip parent 1: pref 100 u32 \
match ip src $TEMP_LOCAL_NET2 flowid 1:2
bom resolvi assim :
na define_class_base () {
que usa IF_LOCAL=$8
troquei os $IF_LOCAL por $8 e tirei a linha IF_LOCAL=$8
acontece tmb em :
define_class_base_qos() com o IF_LOCAL=$6
define_qos_downstream_filters () com o IF_LOCAL=$2
e agora parece que está gerando o gráfico no RRD para os IP´s que estão na eth0 e na ath0
ha claro , depois altero o script do webadmin pra incluir o parametro IF_LOCAL no arquivo /etc/coyote/qos.classes como fiz no de subrede
- maeliseu
por maeliseu » Qui Ago 09, 2007 10:33 pm
como prometido
arquivo do webadmin pra incluir a Rede local na configuração das Classes QOS
define_class_qos rootid clsid down_rate down_ceil up_rate up_ceil matchip LAN
define_class_qos "1:1" "1:13" 5 5 5 5 192.168.0.13 ath0
/var/http/htdocs/cgi-bin/qosclasses.cgi
arquivo do webadmin pra incluir a Rede local na configuração das Classes QOS
define_class_qos rootid clsid down_rate down_ceil up_rate up_ceil matchip LAN
define_class_qos "1:1" "1:13" 5 5 5 5 192.168.0.13 ath0
/var/http/htdocs/cgi-bin/qosclasses.cgi
- Código: Selecionar todos
#!/bin/sh
# QOS classes configuration webadmin script
# Author: Claudio Roberto Cussuol
. /var/http/web-functions
SCRIPT="qosclasses.cgi"
FILE="/etc/coyote/qos.classes"
TMPFILE="/etc/coyote/qostemp"
RELOAD="/etc/rc.d/rc.qos"
COLOR="row6"
#==================================
output_line() {
echo "<tr>"
echo "<td>$DTYPE</td>"
echo "<td>$DROOTID</td>"
echo "<td>$DCLSID</td>"
echo "<td>$DDOWN_RATE</td>"
echo "<td>$DDOWN_CEIL</td>"
echo "<td>$DUP_RATE</td>"
echo "<td>$DUP_CEIL</td>"
echo "<td>$DMATCHIP</td>"
echo "<td>$FORM_DIF_LOCAL</td>"
echo "<td>$DCOMMENT</td>"
echo "<td><a> [$Faf] </a><a> [$Fae] </a></td></tr>"
if [ "$COLOR" = "row6" ] ; then COLOR="row8"; else COLOR="row6"; fi
}
#==================================
treat_rate() {
DRATE=
NRATE=
SRATE=
FORM_DIF_LOCAL=
case $1 in
'$COMP_DOWN')
SRATE="$Pha"
DRATE=$SRATE ;;
'$COMP_UP')
SRATE="$Phb"
DRATE=$SRATE ;;
'$CLEAR_DOWNSTREAM')
SRATE="$Phc"
DRATE=$SRATE ;;
'$CLEAR_UPSTREAM')
SRATE="$Phd"
DRATE=$SRATE ;;
*)
NRATE=$1
DRATE="$1 kbit/s" ;;
esac
}
#==================================
treat_line() {
TYPE=$1
ROOTID=$2
CLSID=$3
DOWN_RATE=$4
DOWN_CEIL=$5
UP_RATE=$6
UP_CEIL=$7
MATCHIP=$8
FORM_IF_LOCAL=$9
[ "$TYPE" = "define_class_qos" ] && DTYPE=Filtered
[ "$TYPE" = "define_class_sfq" ] && DTYPE=Simple
DROOTID=`echo $ROOTID | sed s/\"//g`
DCLSID=`echo $CLSID | sed s/\"//g`
treat_rate $DOWN_RATE
DDOWN_RATE=$DRATE
NDOWN_RATE=$NRATE
SDOWN_RATE=$SRATE
treat_rate $DOWN_CEIL
DDOWN_CEIL=$DRATE
NDOWN_CEIL=$NRATE
SDOWN_CEIL=$SRATE
treat_rate $UP_RATE
DUP_RATE=$DRATE
NUP_RATE=$NRATE
SUP_RATE=$SRATE
treat_rate $UP_CEIL
DUP_CEIL=$DRATE
NUP_CEIL=$NRATE
SUP_CEIL=$SRATE
DMATCHIP=$MATCHIP
FORM_DIF_LOCAL=$FORM_IF_LOCAL
COMMENT=`echo $TMPLINE | sed s/.*#//`
[ "$COMMENT" = "$TMPLINE" ] && COMMENT=""
DCOMMENT=$COMMENT
}
#==================================
mount_configuration() {
ROOTID='"'$FORM_ROOTID'"'
CLSID='"'$FORM_CLSID'"'
DOWN_RATE=$FORM_NDOWN_RATE
DOWN_CEIL=$FORM_NDOWN_CEIL
UP_RATE=$FORM_NUP_RATE
UP_CEIL=$FORM_NUP_CEIL
[ -z $DOWN_RATE ] && DOWN_RATE='$'$FORM_SDOWN_RATE
[ -z $DOWN_CEIL ] && DOWN_CEIL='$'$FORM_SDOWN_CEIL
[ -z $UP_RATE ] && UP_RATE='$'$FORM_SUP_RATE
[ -z $UP_CEIL ] && UP_CEIL='$'$FORM_SUP_CEIL
[ -z $FORM_MATCHIP ] && FORM_MATCHIP=192.168.0.1
[ -z $FORM_IF_LOCAL ] && FORM_IF_LOCAL=$IF_LOCAL
CONFIG_LINE="$FORM_TYPE $ROOTID $CLSID $DOWN_RATE $DOWN_CEIL $UP_RATE $UP_CEIL $FORM_MATCHIP $FORM_IF_LOCAL #$FORM_COMMENT"
}
#==================================
show_list() { #<td><b>Line#</td>
cat << CLEOF
<table><tr><th>$Phe</th></tr>
<tr><td>$Phf</td><td>$Phg</td><td>$Phh</td><td>$Phi</td>
<td>$Phj</td><td>$Phk</td><td>$Phl</td><td>$Phm</td>
<td>LAN</td><td>$Fad</td><td>$Fac</td></tr>
CLEOF
LINECOUNT=0
cat $FILE | tr [\\] [\|] | while read TMPLINE; do
LINECOUNT=$(($LINECOUNT+1))
case "$TMPLINE" in
\#*|"")
continue ;;
define_class_sfq*|define_class_qos*)
treat_line $TMPLINE
output_line ;;
esac
done
cat << CLEOF
</table><br>
<table><tr><td><b>$Pic</td><td></b>[ <a><u>$Pfh</u></a> ]</td></tr>
<tr><td><b>$Pid</b></td><td>[ <a><u>$Pfi</u></a> | <a><u>$Pfj</u></a> |
<a><u>$Phn</u></a> ]</td></tr>
<tr><td><b>$Faw</b></td><td>[ <a><u>$Pgc</u></a> ]</td></tr>
</table></form>
CLEOF
}
#==================================
show_form() {
FORMTITLE="$Phe"
[ -z "$TYPE" ] && TYPE=define_class_qos
[ -z "$DROOTID" ] && DROOTID='1:1'
[ -z "$DOWN_RATE" ] && NDOWN_RATE='' && SDOWN_RATE='Individual Download'
[ -z "$DOWN_CEIL" ] && NDOWN_CEIL='' && SDOWN_CEIL='Total Download'
[ -z "$UP_RATE" ] && NUP_RATE='' && SUP_RATE='Individual Upload'
[ -z "$UP_CEIL" ] && NUP_CEIL='' && SUP_CEIL='Total Upload'
cat << CLEOF
<form><input><input>
<table><tr><th>$FORMTITLE</th></tr>
<tr><td><b>$Phf</b><br><small>$Pho $Phq</small></td>
<td><input>$Phr
<input>$Phs</td></tr>
<tr><td><b>$Phg</b><br><small>$Pht</small></td><td><input></td></tr>
<tr><td><b>$Phh</b><br><small>$Phu</small></td><td><input></td></tr>
<tr><td><b>$Phi</b><br><small>$Phv $Phw</small></td><td><input> kbits/s $Far<br>
<select><option></option><option>$Phx</option>
<option>$Phy</option></select></td></tr>
<tr><td><b>$Phj</b><br><small>$Phz $Phw</small></td><td><input> kbits/s $Far<br>
<select><option></option><option>$Phx</option>
<option>$Phy</option></select></td></tr>
<tr><td><b>$Phk</b><br><small>$Phv $Phw</small></td><td><input> kbits/s $Far<br>
<select><option></option><option>$Phb</option>
<option>$Phd</option></select></td></tr>
<tr><td><b>$Phl</b><br><small>$Phz $Phw</small></td><td><input> kbits/s $Far<br>
<select><option></option><option>$Phb</option>
<option>$Phd</option></select></td></tr>
<tr><td><b>$Pia</b><br><small>$Pie</small></td><td><input></td></tr>
<tr><td><b>LAN</b><br><small></small></td><td><input></td></tr>
<tr><td><b>$Fad ($Fop)</b><br><small>$Pif</small></td><td><input></td></tr>
</table><p><input> <input></p>
</form>
CLEOF
}
#==================================
# MAIN ROUTINE
cl_header2 "$Phe - Mit_FW"
if [ "$FORM_OKBTN" = "$Fsb" ]; then
mount_configuration
if [ -n "$CONFIG_LINE" ] ; then
if [ "$FORM_ACTION" = "ADD" ]; then
echo -e $CONFIG_LINE >> $FILE
else
LINECOUNT=0
echo -n > $TMPFILE
cat $FILE | tr [\\] [\|] | while read TMPLINE; do
LINECOUNT=$(($LINECOUNT+1))
if [ "$LINECOUNT" -ne "$FORM_LINE" ] ; then
echo "$TMPLINE" >> $TMPFILE
else
echo $CONFIG_LINE >> $TMPFILE
fi
done
rm -f $FILE
mv $TMPFILE $FILE
touch /tmp/need.save
fi
echo "<center><div>$Pig<br><a>$Pih</a><br><a>$Wtl</a></div>></center><br>"
fi
fi
case "$FORM_ACTION" in
"DELETE")
LINECOUNT=0
echo -n > $TMPFILE
cat $FILE | tr [\\] [\|] | while read TMPLINE; do
LINECOUNT=$(($LINECOUNT+1))
if [ "$LINECOUNT" -ne "$FORM_LINE" ] ; then
echo "$TMPLINE" >> $TMPFILE
fi
done
rm -f $FILE
mv $TMPFILE $FILE
touch /tmp/need.save
echo "<center><div>$Pij<br><a>$Pih</a><br><a>$Wtl</a></div>></center><br>"
show_list
;;
"CALL_EDIT")
TMPLINE=`head -n $FORM_LINE $FILE | tail -n 1`
treat_line $TMPLINE
ACTION="EDIT"
LINE=$FORM_LINE
show_form
;;
"CALL_ADD")
METHOD=$FORM_METHOD
ACTION="ADD"
LINE=0
show_form
;;
"RELOAD")
echo "<br><pre>"
$RELOAD
echo "</pre><center><div><a>$Fbk</a></div>></center><br>"
;;
*)
show_list
;;
esac
cl_footer2
- maeliseu
por lecir » Ter Dez 04, 2007 5:34 pm
Deixa ver se entendi...
Eu devo substituir o conteúdo de /var/http/htdocs/cgi-bin/qosclasses.cgi por este código q o Maeliseu postou e alterar a sintaxe das linhas no arkivo /etc/coyote/qos.classes colocando no final da linha a inteface a qual pertence o ip?
Pergunto isso pq fiz exatamente isso e nao tive sucesso. Como ninguém retornou confirmando o funcionamento ou não, fiquei na dúvida de ter feito isso certo.
Aguardo uma luz dos colegas do fórum.
==================
InícioDoMês=DinDinP/BFW
==================
Eu devo substituir o conteúdo de /var/http/htdocs/cgi-bin/qosclasses.cgi por este código q o Maeliseu postou e alterar a sintaxe das linhas no arkivo /etc/coyote/qos.classes colocando no final da linha a inteface a qual pertence o ip?
Pergunto isso pq fiz exatamente isso e nao tive sucesso. Como ninguém retornou confirmando o funcionamento ou não, fiquei na dúvida de ter feito isso certo.
Aguardo uma luz dos colegas do fórum.
==================
InícioDoMês=DinDinP/BFW
==================
- lecir
por lecir » Qua Dez 05, 2007 6:54 pm
maeliseu, to tentando me achar nisso montando um checklist:
( ) Substituição do conteúdo de /var/http/htdocs/cgi-bin/qosclasses.cgi p/ postado nesse tópico;
( ) Alteração das regras do QOS em /etc/coyote/qos.classes conforme:
define_class_qos "1:1" "1:13" 5 50 5 50 192.168.1.13 eth0:0
( ) Alteração de: arquivo /etc/rc.d/rc.qos.coyote conforme:
# define QOS subclasses : 1-rootclass, 2-band, 3-ceil, 4-up_band, 5-up_ceil, 6-interface
define_class_base_qos() {
#IF_LOCAL=$6 #removido conforme instruçoes
DOWN_HIGH_PRI=$(percentage ${2} $QOS_HIGH_PRI_PER)
DOWN_NORM_PRI=$(percentage ${2} $QOS_NORM_PRI_PER)
DOWN_SLOW_PRI=$(percentage ${2} $QOS_SLOW_PRI_PER)
UP_HIGH_PRI=$(percentage ${4} $QOS_HIGH_PRI_PER)
UP_NORM_PRI=$(percentage ${4} $QOS_NORM_PRI_PER)
UP_SLOW_PRI=$(percentage ${4} $QOS_SLOW_PRI_PER)
subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - QOS subclasses... downstream... ${6}"
echo " - high prio... prio 0, classid 1:$high_cls_id, rate ${DOWN_HIGH_PRI}kbps, ceil ${3}kbps, burst: ${QOS_FDOWN_BURST}k"
$TC class add dev $6 parent ${1} classid 1:$high_cls_id htb prio 0 rate ${DOWN_HIGH_PRI}kbit ceil ${3}kbit burst ${QOS_FDOWN_BURST}k
echo " - norm prio... prio 1, classid 1:$norm_cls_id, rate ${DOWN_NORM_PRI}kbps, ceil ${3}kbps, burst: ${QOS_NDOWN_BURST}k"
$TC class add dev $6 parent ${1} classid 1:$norm_cls_id htb prio 1 rate ${DOWN_NORM_PRI}kbit ceil ${3}kbit burst ${QOS_NDOWN_BURST}k
echo " - slow prio... prio 2, classid 1:$slow_cls_id, rate ${DOWN_SLOW_PRI}kbps, ceil ${3}kbps, burst: ${QOS_SDOWN_BURST}k"
$TC class add dev $6 parent ${1} classid 1:$slow_cls_id htb prio 2 rate ${DOWN_SLOW_PRI}kbit ceil ${3}kbit burst ${QOS_SDOWN_BURST}k
echo " - SFQ ${6}... $high_cls_id:, $norm_cls_id:, $slow_cls_id:"
$TC qdisc add dev $6 parent 1:${high_cls_id} handle $high_cls_id: sfq perturb 10
$TC qdisc add dev $6 parent 1:${norm_cls_id} handle $norm_cls_id: sfq perturb 10
$TC qdisc add dev $6 parent 1:${slow_cls_id} handle $slow_cls_id: sfq perturb 10
----------/---------
# Defines computer/network class
# 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip, 8-interface
define_class_base () {
#IF_LOCAL=$8# removido conforme instruçoes
echo " - device: $8, classid: ${2}, root: ${1}, rate: ${3}kbps, ceil: ${4}kbps, burst: ${QOS_FDOWN_BURST}k"
$TC class add dev $8 parent ${1} classid ${2} htb prio 1 rate ${3}kbit ceil ${4}kbit burst ${QOS_FDOWN_BURST}k
echo " - device: $IF_INET, classid: ${2}, root: ${1}, rate: ${5}kbps, ceil: ${6}kbps, burst: ${QOS_FUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid ${2} htb prio 1 rate ${5}kbit ceil ${6}kbit burst ${QOS_FUP_BURST}k
echo " - TC filter: delete old upstream/downstream filters for class ${2}"
$TC filter del dev $8 parent ${2} pref 100 2>/dev/null
$TC filter del dev $IF_INET parent ${2} pref 100 2>/dev/null
define_class_filter_down $8 $1 $2 $7
define_class_filter_up $IF_INET $1 $2 $7
}
----------/------------
## Builds downstream QOS filter chain : $1-rootid, 2-interface
define_qos_downstream_filters () {
#IF_LOCAL=$2 #removido conforme instruçoes subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - creating QOS down filters for root class ${1}, to clsids 1:${high_cls_id} 1:${norm_cls_id} 1:${slow_cls_id}"
# Prioritize ACK packets (small TCP packets witch ACK field set)
$TC filter add dev $2 protocol ip parent ${1} pref 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:${high_cls_id}
# TOS minimize delay to fast flow
#$TC filter add dev $2 protocol ip parent ${1} pref 100 u32 \
# match ip tos 0x10 0xff \
# flowid 1:${high_cls_id}
if [ -r /etc/coyote/qos.filters ]; then
echo " - configuring custom downstream QOS filter rules..."
echo -n " - progress "
LINE=0
cat /etc/coyote/qos.filters | while read QOSRULE; do
LINE=$(($LINE+1))
case "$QOSRULE" in
\#*|"") continue ;;
slow*) set_qos_filter "down" $2 $1 ${slow_cls_id} $QOSRULE ;;
fast*) set_qos_filter "down" $2 $1 ${high_cls_id} $QOSRULE ;;
esac
done
echo
fi
# Match other
$TC filter add dev $2 protocol ip parent ${1} pref 100 u32 \
match ip dst 0.0.0.0/0 \
flowid 1:${norm_cls_id}
}
=========/=========
estas foram as alterações q fiz... porém, tá dando um erro no qos.reload:
What is " "?
Usage: ... u32 [ match SELECTOR ... ] [ link HTID ] [ classid CLASSID ]
[ police POLICE_SPEC ] [ offset OFFSET_SPEC ]
[ ht HTID ] [ hashkey HASHKEY_SPEC ]
[ sample SAMPLE ]
or u32 divisor DIVISOR
Where: SELECTOR := SAMPLE SAMPLE ...
SAMPLE := { ip | ip6 | udp | tcp | icmp | u{32|16|8} } SAMPLE_ARGS
FILTERID := X:Y:Z
/bin/qos.reload: /etc/rc.d/rc.qos.coyote: 566: match: not found
até me lembro de ter lido sobre esta msg no fórum, mas nao consegui localizar ela agora q to precisando... :-(
( ) Substituição do conteúdo de /var/http/htdocs/cgi-bin/qosclasses.cgi p/ postado nesse tópico;
( ) Alteração das regras do QOS em /etc/coyote/qos.classes conforme:
define_class_qos "1:1" "1:13" 5 50 5 50 192.168.1.13 eth0:0
( ) Alteração de: arquivo /etc/rc.d/rc.qos.coyote conforme:
# define QOS subclasses : 1-rootclass, 2-band, 3-ceil, 4-up_band, 5-up_ceil, 6-interface
define_class_base_qos() {
#IF_LOCAL=$6 #removido conforme instruçoes
DOWN_HIGH_PRI=$(percentage ${2} $QOS_HIGH_PRI_PER)
DOWN_NORM_PRI=$(percentage ${2} $QOS_NORM_PRI_PER)
DOWN_SLOW_PRI=$(percentage ${2} $QOS_SLOW_PRI_PER)
UP_HIGH_PRI=$(percentage ${4} $QOS_HIGH_PRI_PER)
UP_NORM_PRI=$(percentage ${4} $QOS_NORM_PRI_PER)
UP_SLOW_PRI=$(percentage ${4} $QOS_SLOW_PRI_PER)
subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - QOS subclasses... downstream... ${6}"
echo " - high prio... prio 0, classid 1:$high_cls_id, rate ${DOWN_HIGH_PRI}kbps, ceil ${3}kbps, burst: ${QOS_FDOWN_BURST}k"
$TC class add dev $6 parent ${1} classid 1:$high_cls_id htb prio 0 rate ${DOWN_HIGH_PRI}kbit ceil ${3}kbit burst ${QOS_FDOWN_BURST}k
echo " - norm prio... prio 1, classid 1:$norm_cls_id, rate ${DOWN_NORM_PRI}kbps, ceil ${3}kbps, burst: ${QOS_NDOWN_BURST}k"
$TC class add dev $6 parent ${1} classid 1:$norm_cls_id htb prio 1 rate ${DOWN_NORM_PRI}kbit ceil ${3}kbit burst ${QOS_NDOWN_BURST}k
echo " - slow prio... prio 2, classid 1:$slow_cls_id, rate ${DOWN_SLOW_PRI}kbps, ceil ${3}kbps, burst: ${QOS_SDOWN_BURST}k"
$TC class add dev $6 parent ${1} classid 1:$slow_cls_id htb prio 2 rate ${DOWN_SLOW_PRI}kbit ceil ${3}kbit burst ${QOS_SDOWN_BURST}k
echo " - SFQ ${6}... $high_cls_id:, $norm_cls_id:, $slow_cls_id:"
$TC qdisc add dev $6 parent 1:${high_cls_id} handle $high_cls_id: sfq perturb 10
$TC qdisc add dev $6 parent 1:${norm_cls_id} handle $norm_cls_id: sfq perturb 10
$TC qdisc add dev $6 parent 1:${slow_cls_id} handle $slow_cls_id: sfq perturb 10
----------/---------
# Defines computer/network class
# 1-root, 2-classid, 3-band, 4-ceil, 5-up_band, 6-up_ceil, 7-matchip, 8-interface
define_class_base () {
#IF_LOCAL=$8# removido conforme instruçoes
echo " - device: $8, classid: ${2}, root: ${1}, rate: ${3}kbps, ceil: ${4}kbps, burst: ${QOS_FDOWN_BURST}k"
$TC class add dev $8 parent ${1} classid ${2} htb prio 1 rate ${3}kbit ceil ${4}kbit burst ${QOS_FDOWN_BURST}k
echo " - device: $IF_INET, classid: ${2}, root: ${1}, rate: ${5}kbps, ceil: ${6}kbps, burst: ${QOS_FUP_BURST}k"
$TC class add dev $IF_INET parent ${1} classid ${2} htb prio 1 rate ${5}kbit ceil ${6}kbit burst ${QOS_FUP_BURST}k
echo " - TC filter: delete old upstream/downstream filters for class ${2}"
$TC filter del dev $8 parent ${2} pref 100 2>/dev/null
$TC filter del dev $IF_INET parent ${2} pref 100 2>/dev/null
define_class_filter_down $8 $1 $2 $7
define_class_filter_up $IF_INET $1 $2 $7
}
----------/------------
## Builds downstream QOS filter chain : $1-rootid, 2-interface
define_qos_downstream_filters () {
#IF_LOCAL=$2 #removido conforme instruçoes subclasspart=`echo ${1} | cut -f2 -d':'`
high_cls_id=$(($subclasspart*10))
norm_cls_id=$(($subclasspart*10+1))
slow_cls_id=$(($subclasspart*10+2))
echo " - creating QOS down filters for root class ${1}, to clsids 1:${high_cls_id} 1:${norm_cls_id} 1:${slow_cls_id}"
# Prioritize ACK packets (small TCP packets witch ACK field set)
$TC filter add dev $2 protocol ip parent ${1} pref 100 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:${high_cls_id}
# TOS minimize delay to fast flow
#$TC filter add dev $2 protocol ip parent ${1} pref 100 u32 \
# match ip tos 0x10 0xff \
# flowid 1:${high_cls_id}
if [ -r /etc/coyote/qos.filters ]; then
echo " - configuring custom downstream QOS filter rules..."
echo -n " - progress "
LINE=0
cat /etc/coyote/qos.filters | while read QOSRULE; do
LINE=$(($LINE+1))
case "$QOSRULE" in
\#*|"") continue ;;
slow*) set_qos_filter "down" $2 $1 ${slow_cls_id} $QOSRULE ;;
fast*) set_qos_filter "down" $2 $1 ${high_cls_id} $QOSRULE ;;
esac
done
echo
fi
# Match other
$TC filter add dev $2 protocol ip parent ${1} pref 100 u32 \
match ip dst 0.0.0.0/0 \
flowid 1:${norm_cls_id}
}
=========/=========
estas foram as alterações q fiz... porém, tá dando um erro no qos.reload:
What is " "?
Usage: ... u32 [ match SELECTOR ... ] [ link HTID ] [ classid CLASSID ]
[ police POLICE_SPEC ] [ offset OFFSET_SPEC ]
[ ht HTID ] [ hashkey HASHKEY_SPEC ]
[ sample SAMPLE ]
or u32 divisor DIVISOR
Where: SELECTOR := SAMPLE SAMPLE ...
SAMPLE := { ip | ip6 | udp | tcp | icmp | u{32|16|8} } SAMPLE_ARGS
FILTERID := X:Y:Z
/bin/qos.reload: /etc/rc.d/rc.qos.coyote: 566: match: not found
até me lembro de ter lido sobre esta msg no fórum, mas nao consegui localizar ela agora q to precisando... :-(
- lecir
- maeliseu
21 mensagens
• Página 1 de 1
Voltar para BrazilFW 2.x - Ajuda em Geral (Todas as Línguas)
Quem está online
Usuários navegando neste fórum: Nenhum usuário registrado e 2 visitantes