1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A script for QOS

Discussion in 'Tomato Firmware' started by Xavier, Oct 7, 2010.

  1. Xavier

    Xavier Networkin' Nut Member

    I've setup the following script to ensure that the traffic to/from a particular host on my network would have a low priority (except from/to specific TCP ports).

    I implemented this with the same HTB queues setup on both uplink and downlink, and with the same rules in the POSTROUTING chain of the mangle table.

    Do you have comments?

    Thanks...

    Code:
    #!/bin/ash  
       
    ######################################################  
    ##  
    ## A firewall script for basic QOS under Tomato   
    ## firmware on a WRT54G  
    ## By Xavier Nodet (xavier [dot] nodet [at] gmail.com)  
    ##  
    ######################################################  
       
    # Upload and download max rates, in kbits.  Don't   
    # overestimate those: it would ruin the performance of   
    # the whole QOS  
    #  
    DN=2400   
    UP=700   
       
    # The interfaces for the download and upload traffic  
    # With Tomato on a WRT54G, these are 'br0' and 'vlan1'  
    #  
    DN_IF=`nvram get lan_ifname`  
    UP_IF=`nvram get wan_ifname`  
       
    # Space-separated lists:  
    # - the IPs that should, by default, have low priority  
    # - the TCP ports that will be high priority even if   
    #   from/to the IPs above  
    #  
    LOW_PRIO_IPS="192.168.1.70"  
    EXCEPT_TCP_PORTS="80 443"  
       
    ######################################################  
    ##  
    ## Setting up the queues  
    ##  
    ######################################################  
       
    # A function to setup queues on a given interface  
    #  
    setqueues() { IF=$1; RATE=$2; OPTIONS=$3  
        SFQ="sfq perturb 10"   
        TCA="tc class add dev $IF"   
        TFA="tc filter add dev $IF"   
        TQA="tc qdisc add dev $IF"   
       
        # Delete everything that's already there (so that the  
        # script runs properly even if the router has not   
        # just rebooted).      
        tc qdisc del dev $IF root   
        # On both uplink and downlink, create one root queue   
        # (labeled 1:1) with two child queues (labeled 1:10   
        # and 1:12).  All queues are HTB queues.  
        $TQA root handle 1: htb $OPTIONS default 10   
        $TCA parent 1:  classid 1:1  htb rate $(($RATE * 100/100))kbit  
        # Queue 1:10 is the default one ('default 10' above),   
        # has  a high priority ('prio 0'), a large garanteed  
        # rate ('rate [95% of the capacity]'), and may use up   
        # to the whole bandwidth ('ceil [100%]').   
        $TCA parent 1:1 classid 1:10 htb rate $(($RATE *  95/100))kbit ceil $(($RATE * 100/100))kbit prio 0   
        # Queue 1:12 has a lower priority, is limited to 85%   
        # of the bandwidth, and has almost no garanteed rate.   
        # It will use bandwidth above its garanteed rate only   
        # if the high-priority queue is below its garanteed   
        # rate...  
        $TCA parent 1:1 classid 1:12 htb rate $(($RATE *   5/100))kbit ceil $(($RATE *  85/100))kbit prio 2   
        # Each queue implements the SFQ algorithm: distribute  
        # rate fairly among all the connections using the   
        # queue.  
        $TQA parent 1:10 handle 10: $SFQ   
        $TQA parent 1:12 handle 12: $SFQ  
        # Two filters direct packets marked 10 or 12 to their  
        # intended queues.  
        $TFA parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10   
        $TFA parent 1:0 prio 2 protocol ip handle 12 fw flowid 1:12   
    }  
       
    # Setup the queues on both interfaces (up and down)  
    setqueues $DN_IF $DN ""  
    setqueues $UP_IF $UP "r2q 1"  
       
    ######################################################  
    ##  
    ## Marking the traffic  
    ##  
    ######################################################  
       
    IP="iptables -t mangle -A POSTROUTING"  
    GOES_TO="-j MARK --set-mark"  
       
    setclassbyip() { the_ip=$1; class=$2;  
        # Mark packets that go to (-d) or from (-s) $the_ip  
        $IP -d $the_ip $GOES_TO $class  
        $IP -s $the_ip $GOES_TO $class  
    }  
       
    setclassbyport() { port=$1; class=$2;  
        # Mark TCP packets that go to (-d) or from (-s) $port  
        $IP -p tcp --dport $port $GOES_TO $class  
        $IP -p tcp --sport $port $GOES_TO $class  
    }  
       
    # Clean the POSTROUTING chain of the mangle table  
    iptables -t mangle --flush POSTROUTING  
       
    # All the rules in the mangle table are examined, from   
    # first to last, whatever the traffic direction. As they   
    # all mark the packets, the last one executed wins.  
    #  
    # Mark as low-priority the traffic to/from the IPs given  
    for the_ip   in $LOW_PRIO_IPS;     do setclassbyip   $the_ip   12; done  
    # Unless it's to/from the ports given as exceptions  
    for the_port in $EXCEPT_TCP_PORTS; do setclassbyport $the_port 10; done  
       
    ## EOF ##  
    
     
  2. Porter

    Porter LI Guru Member

    Well, the obvious questions are:

    What was the impulse for writing this script and is it working successfully?

    Ok, in times of p2p the first questions answers itself...

    One problem I had in a former version of a shaping script I built was that when shaping on the LAN-interface I was not only shaping incoming internet-traffic but also LAN-traffic. Which meant that nobody could move files with 100MBit, but only 4500KBit... Have you checked, whether your script does this?

    I have written a script for traffic shaping, too, but it doesn't allow for IPs to be shaped, but shapes everything based on ports.
    Feel free to have a look at it: http://www.linksysinfo.org/forums/showpost.php?p=368239&postcount=14

    Since it isn't possible to do real ingress shaping in Tomato just by using the QoS-Interface in the Tomato-GUI I have opened this thread http://www.linksysinfo.org/forums/showthread.php?t=64144 to gather the efforts of the community and one day develop this for everybody to use. Feel free to join in.
     
  3. Toastman

    Toastman Super Moderator Staff Member Member

    xavier, welcome to the forum!
     

Share This Page