1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

An Interesting QOS script example

Discussion in 'Tomato Firmware' started by lwlleo, Jan 12, 2012.

  1. lwlleo

    lwlleo Networkin' Nut Member

    ·Thanks everyone let me know more
    ·and share this QOS
    ·put the code into the scripts-firewall-save-reboot
    ·192.168.10. (your gateway ip)
    ·On 4M ADSL D- 5120Kb UP 512Kb
    ·(tun off basic QOS)

    IPS: Start IP address speed limit
    IPE: the IP address of the end of speed limit
    IPS and IPE not to fill 2 --- 254, otherwise the script run time will be longer, will take up some more memory.
    Efficiency, if we adopt the u32 hash is no impact.
    UP = 38: total upload bandwidth. Although my ADSL is 50KB / S, but for low-latency
    DOWN = 380: total download bandwidth. Although my ADSL is 500KB / S, but for low-latency
    UPLOADR = 2: single IP upload guaranteed bandwidth, 2KB / S is very OK.
    UPLOADC = 15: maximum upload bandwidth of a single IP,msn video should be no problem.
    UPLOADR2 = : to be "punished" after a single IP upload guaranteed bandwidth.
    UPLOADC2 = : to be "punished" after the largest single IP UDP upload bandwidth, usually no more than 6KB / S
    DOWNLOADR2: to be "punished" after the download guaranteed bandwidth of a single IP
    DOWNLOADC2: to be "punished" after the maximum bandwidth to download a single IP

    Code:
    #copyright by zhoutao0712
    UIP="192.168.10."
    NET="192.168.10.0/24"
    IPS="2"
    IPE="31"
    UP=38
    DOWN=380
    UPLOADR=2
    UPLOADC=15
    DOWNLOADR=10
    DOWNLOADC=$((DOWN*9/10))
    UPLOADR2=1
    UPLOADC2=3
    DOWNLOADR2=2
    DOWNLOADC2=$((DOWN*3/10))
    
    modprobe imq
    modprobe ipt_IMQ
    modprobe ipt_length
    modprobe ipt_hashlimit
    ifconfig imq1 up
    ifconfig imq0 up
    iptables -t mangle -N QOSDOWN
    iptables -t mangle -N QOSUP
    iptables -t mangle -A PREROUTING -p ! icmp -s $NET -d ! $NET -j QOSUP
    iptables -t mangle -I POSTROUTING -p ! icmp -d $NET -s ! $NET -j QOSDOWN
    iptables -t mangle -A OUTPUT -o br0 -j ACCEPT
    iptables -t mangle -A INPUT -i br0 -j ACCEPT
    iptables -t mangle -A OUTPUT -j QOSUP
    iptables -t mangle -A INPUT -j QOSDOWN
    
    iptables -t mangle -A QOSDOWN -p udp -m mport --sports 53,67,68 -j RETURN
    iptables -t mangle -A QOSUP -p udp -m mport --dports 53,67,68 -j RETURN
    iptables -t mangle -N PUNISH0
    iptables -t mangle -A QOSUP -p udp -j PUNISH0
    iptables -t mangle -A PUNISH0 -m hashlimit --hashlimit 100/sec --hashlimit-mode srcip --hashlimit-name udplmt -j RETURN
    iptables -t mangle -A PUNISH0 -m recent --rcheck --seconds 20 -j DROP
    iptables -t mangle -A PUNISH0 -m recent --set
    iptables -t mangle -N NEWCONN
    iptables -t mangle -A QOSUP -m state --state NEW -j NEWCONN
    iptables -t mangle -A NEWCONN -p ! tcp -m connlimit --connlimit-above 80 -j DROP
    iptables -t mangle -A NEWCONN -p tcp -m connlimit --connlimit-above 120 -j DROP
    
    iptables -t mangle -A QOSDOWN -p tcp ! --syn -m length --length :128 -j RETURN
    iptables -t mangle -A QOSUP -p tcp ! --syn -m length --length :80 -j RETURN
    
    iptables -t mangle -A QOSDOWN -j IMQ --todev 0
    iptables -t mangle -A QOSUP -j IMQ --todev 1
    
    iptables -t mangle -A QOSDOWN -p tcp -m length --length :768 -j MARK --set-mark-return 255
    iptables -t mangle -A QOSUP -p tcp -m length --length :512 -j MARK --set-mark-return 255
    iptables -t mangle -A QOSDOWN -p tcp -m mport --sports 80,443,25,110 -j BCOUNT
    iptables -t mangle -A QOSDOWN -p tcp -m mport --sports 80,443,25,110 -m bcount --range :153600 -j MARK --set-mark-return 254
    iptables -t mangle -A QOSUP -p tcp -m mport --dports 80,443,25,110 -j BCOUNT
    iptables -t mangle -A QOSUP -p tcp -m mport --dports 80,443,25,110 -m bcount --range :51200 -j MARK --set-mark-return 254
    iptables -t mangle -A QOSDOWN -m recent --rdest --rcheck  --seconds 120 -j MARK --set-mark-return 253
    iptables -t mangle -A QOSUP -p udp -m recent --rcheck --seconds 120 -j MARK --set-mark-return 253
    iptables -t mangle -A QOSDOWN -j MARK --set-mark 252
    iptables -t mangle -A QOSUP -j MARK --set-mark 252
    
    if [ $(cat /tmp/qos_state) -eq 1 ]
    then
    exit
    else
    echo 1 >/tmp/qos_state
    fi
    tc qdisc del dev imq0 root;tc qdisc del dev imq1 root
    tc qdisc add dev imq0 root handle 1: htb default 999
    tc qdisc add dev imq1 root handle 1: htb default 999
    tc class add dev imq1 parent 1: classid 1:1 htb rate $((UP))kbps
    tc class add dev imq0 parent 1: classid 1:1 htb rate $((DOWN))kbps
    tc class add dev imq0 parent 1:1 classid 1:5000 htb rate $((DOWN/5))kbps quantum 15000 prio 1
    tc filter add dev imq0 parent 1:0 protocol ip prio 5 handle 255 fw flowid 1:5000
    tc class add dev imq1 parent 1:1 classid 1:5000 htb rate $((UP))kbps quantum 15000 prio 1
    tc filter add dev imq1 parent 1:0 protocol ip prio 5 handle 255 fw flowid 1:5000
    tc class add dev imq0 parent 1:1 classid 1:4000 htb rate $((DOWN/10))kbps ceil $((DOWN*3/10))kbps quantum 8000 prio 3
    tc filter add dev imq0 parent 1:0 protocol ip prio 10 handle 254 fw flowid 1:4000
    tc class add dev imq1 parent 1:1 classid 1:4000 htb rate $((UP/10))kbps ceil $((UP/2))kbps quantum 1500 prio 3
    tc filter add dev imq1 parent 1:0 protocol ip prio 10 handle 254 fw flowid 1:4000
    tc class add dev imq1 parent 1:1 classid 1:3000 htb rate $((UP/3))kbps ceil $((UP))kbps
    tc class add dev imq0 parent 1:1 classid 1:3000 htb rate $((DOWN/3))kbps ceil $((DOWN))kbps
    tc filter add dev imq1 parent 1:0 protocol ip prio 20 handle 253 fw flowid 1:3000
    tc filter add dev imq0 parent 1:0 protocol ip prio 20 handle 253 fw flowid 1:3000
    tc class add dev imq1 parent 1:1 classid 1:2000 htb rate $((UP*2/3))kbps ceil $((UP))kbps
    tc class add dev imq0 parent 1:1 classid 1:2000 htb rate $((DOWN*2/3))kbps ceil $((DOWN))kbps
    tc filter add dev imq1 parent 1:0 protocol ip prio 15 handle 252 fw flowid 1:2000
    tc filter add dev imq0 parent 1:0 protocol ip prio 15 handle 252 fw flowid 1:2000
    tc filter add dev imq0 parent 1:3000 prio 200 handle f0: protocol ip u32 divisor 256
    tc filter add dev imq0 protocol ip parent 1:3000 prio 200 u32 ht 800:: match ip dst $NET hashkey mask 0x000000ff at 16 link f0:
    tc filter add dev imq1 parent 1:3000 prio 200 handle f0: protocol ip u32 divisor 256
    tc filter add dev imq1 protocol ip parent 1:3000 prio 200 u32 ht 800:: match ip src $NET hashkey mask 0x000000ff at 12 link f0:
    tc filter add dev imq0 parent 1:2000 prio 100 handle f1: protocol ip u32 divisor 256
    tc filter add dev imq0 protocol ip parent 1:2000 prio 100 u32 ht 801:: match ip dst $NET hashkey mask 0x000000ff at 16 link f1:
    tc filter add dev imq1 parent 1:2000 prio 100 handle f1: protocol ip u32 divisor 256
    tc filter add dev imq1 protocol ip parent 1:2000 prio 100 u32 ht 801:: match ip src $NET hashkey mask 0x000000ff at 12 link f1:
    n=$IPS;
    while [ $n -le $IPE ]
    do
    m=$(printf "%x\n" $n)
    tc class add dev imq1 parent 1:3000 classid 1:${n}f htb rate $((UPLOADR2))kbps ceil $((UPLOADC2))kbps quantum 1500 prio 7
    tc class add dev imq0 parent 1:3000 classid 1:${n}f htb rate $((DOWNLOADR2))kbps ceil $((DOWNLOADC2))kbps quantum 1500 prio 7
    tc qdisc add dev imq1 parent 1:${n}f handle ${n}f bfifo limit 8kb
    tc qdisc add dev imq0 parent 1:${n}f handle ${n}f sfq perturb 15
    tc filter add dev imq1 parent 1:3000 protocol ip prio 200 u32 ht f0:${m}: match ip src 0/0 flowid 1:${n}f
    tc filter add dev imq0 parent 1:3000 protocol ip prio 200 u32 ht f0:${m}: match ip dst 0/0 flowid 1:${n}f
    tc class add dev imq1 parent 1:2000 classid 1:${n}a htb rate $((UPLOADR))kbps ceil $((UPLOADC))kbps quantum 1500 prio 5
    tc class add dev imq0 parent 1:2000 classid 1:${n}a htb rate $((DOWNLOADR))kbps ceil $((DOWNLOADC))kbps quantum 2000 prio 5
    tc qdisc add dev imq1 parent 1:${n}a handle ${n}a bfifo limit 8kb
    tc qdisc add dev imq0 parent 1:${n}a handle ${n}a sfq perturb 15
    tc filter add dev imq1 parent 1:2000 protocol ip prio 100 u32 ht f1:${m}: match ip src 0/0 flowid 1:${n}a
    tc filter add dev imq0 parent 1:2000 protocol ip prio 100 u32 ht f1:${m}: match ip dst 0/0 flowid 1:${n}a
    n=$((n+1))
    done
    tc class add dev imq1 parent 1:1 classid 1:999 htb rate 1kbps ceil $((UP/5))kbps quantum 1500 prio 7
    tc class add dev imq0 parent 1:1 classid 1:999 htb rate 2kbps ceil $((DOWN))kbps quantum 1500 prio 7
    echo 0 >/tmp/qos_state
    
    iptables -t mangle -I PUNISH0 -m iprange --src-range 192.168.10.200-192.168.10.210 -j RETURN
    iptables -t mangle -I PUNISH0 -s 192.168.10.233 -j RETURN
    
    cat >/tmp/qos_scheduler <<"EOF"
    echo 1 >/tmp/state_scheduler
    if [ $(cat /proc/net/arp|fgrep -c 0x2) -eq 1 ]
    then
    ifconfig imq0 down
    ifconfig imq1 down
    exit
    fi
    if [ $(ifconfig |grep -c imq0) -eq 0 ]
    then
    ifconfig imq0 up
    ifconfig imq1 up
    fi
    ip neigh flush dev $(nvram get lan_ifname)
    EOF
    chmod +x /tmp/qos_scheduler
    cru d qos_scheduler
    echo -e '*/1 * * * *  sh /tmp/qos_scheduler #qos_scheduler#' >>/tmp/var/spool/cron/crontabs/root
    P2P to download when the game or web is very smoothly, Hope you like~~ (fireware: Tomato Firmware v1.28.7494 MIPSR2-Toastman-RT K26 USB VPN )
    From http://bbs.dualwan.cn/

    My english is poor~~~ (May not understand)
     

Share This Page