Skip to Content

Alaa's tc shaping scripts

Alaa's picture

I'm putting these here mainly for DarknessWolf, one day I suppose I'll explain them (or someone who knows more will).

the scripts are very much shorewall oriented

/etc/shorewall/params

##############################################################################
NET_IF=eth0

#maximum bw for the interface
MAX_BW=90mbit

#shaped upstream BW
TC_BW=200kbit

#shaped downstream BW
TC_DOWN_BW=400kbit

#special BW for LAN traffic, I no longer use that
#TC_BW_15=112kbit

#bw classes
TC_BW_20=112kbit
TC_BW_25=56kbit
TC_BW_30=16kbit
TC_BW_35=16kbit


#LAST LINE - ADD YOUR ENTRIES ABOVE THIS ONE - DO NOT REMOVE

''/etc/shorewall/tcrules

#MARK           SOURCE          DEST            PROTO   PORT(S) CLIENT PORT(S)

#default low port
30		$FW		0.0.0.0/0	tcp	0:1024,ircd
30		$FW		0.0.0.0/0	tcp	-	0:1024,ircd

#high priority
20		$FW		0.0.0.0/0	udp
20		$FW		0.0.0.0/0	icmp
20		$FW		0.0.0.0/0	tcp	ssh
20		$FW		0.0.0.0/0	tcp	-	ssh
25		$FW		0.0.0.0/0	tcp	http,https	-
25		$FW		0.0.0.0/0	tcp	-	http,https


#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

/etc/shorewall/tcstart

# flush rules on this interface
#run_tc qdisc del dev $NET_IF root
#echo "		flush rules on $NET_IF"

# add a main parent handle

run_tc qdisc add dev $NET_IF root handle 10: htb default 35

run_tc class add dev $NET_IF parent 10: classid 10:1 htb rate $TC_BW ceil $TC_BW quantum 200

run_tc class add dev $NET_IF parent 10:1 classid 10:20 htb rate $TC_BW_20 ceil $TC_BW prio 2 quantum 200
run_tc qdisc add dev $NET_IF parent 10:20 sfq perturb 10

run_tc class add dev $NET_IF parent 10:1 classid 10:25 htb rate $TC_BW_25 ceil $TC_BW prio 4 quantum 200
run_tc qdisc add dev $NET_IF parent 10:25 sfq perturb 10

run_tc class add dev $NET_IF parent 10:1 classid 10:30 htb rate $TC_BW_30 ceil $TC_BW prio 6 quantum 200
run_tc qdisc add dev $NET_IF parent 10:30 sfq perturb 10

run_tc class add dev $NET_IF parent 10:1 classid 10:35 htb rate $TC_BW_35 ceil $TC_BW prio 7 quantum 200
run_tc qdisc add dev $NET_IF parent 10:35 sfq perturb 10

run_tc filter add dev $NET_IF parent 10:0 protocol ip handle 15 fw flowid 10:15
run_tc filter add dev $NET_IF parent 10:0 protocol ip handle 20 fw flowid 10:20
run_tc filter add dev $NET_IF parent 10:0 protocol ip handle 25 fw flowid 10:25
run_tc filter add dev $NET_IF parent 10:0 protocol ip handle 30 fw flowid 10:30
run_tc filter add dev $NET_IF parent 10:0 protocol ip handle 35 fw flowid 10:35

#tc qdisc add dev $NET_IF handle ffff: ingress
	
tc filter add dev $NET_IF parent ffff: protocol ip prio 49 u32 match ip src \
   192.168.0.0/16 police rate $MAX_BW burst 100k drop flowid :1

tc filter add dev $NET_IF parent ffff: protocol ip prio 50 u32 match ip src \
   0.0.0.0/0 police rate $TC_DOWN_BW burst 10k drop flowid :2


Dr. Radut | book