Skip to content

Instantly share code, notes, and snippets.

@Ansen
Created October 14, 2019 11:49
Show Gist options
  • Select an option

  • Save Ansen/253501dfa6a0c1452d013537731bb4a6 to your computer and use it in GitHub Desktop.

Select an option

Save Ansen/253501dfa6a0c1452d013537731bb4a6 to your computer and use it in GitHub Desktop.
hiboyhiboyhiboy 老毛子固件 Qos脚本;在防火墙规则启动后执行!
#!/bin/sh
#copyright by Emong's Qos update hiboy
export PATH=/opt/sbin:/opt/bin:/opt/usr/sbin:/opt/usr/bin:/usr/sbin:/usr/bin:/sbin:/bin
export LD_LIBRARY_PATH=/opt/lib:/lib
# qos 功能 0关闭;1启动
qoss=0
# 当在线终端≤2台时取消限速.(路由端1+电脑端1=2台)
qosb=2
# 默认为20M
DOWN=2560
UP=256
logger -t "QOS" "最大下载$DOWN KB/S,最大上传$UP KB/S"
# IP限速设置
# 未设置的IP带宽减半,如启用adbyby,因7620的CPU瓶颈,宽带峰值50M
# 注意参数之间有空格
# 可选项:删除前面的#可生效
# [KB/S]IP地址 最大下载 下载保证 最大上传 上传保证
cat > "/tmp/qos_ip_limit_DOMAIN.txt" <<-EOF
#192.168.1.115 2560 100 200 20
192.168.1.2-192.168.1.244 2560 100 100 15
EOF
# 连接数限制
#如果开启该功能后,打开下载软件可能会导致QQ等聊天软件掉线.(因为连接数量会被占光)
# IP地址 TCP连接数 UDP连接数
cat > "/tmp/qos_connlmt_DOMAIN.txt" <<-EOF
#192.168.1.10 100 100
192.168.1.20-192.168.1.25 100 100
EOF
# 端口优先
# 请勿添加下载应用的端口80、8080等等.由于没有被流量控制和处理优先级,下载应用会占用大量资源导致网络卡
# 协议 端口
cat > "/tmp/qos_port_first_DOMAIN.txt" <<-EOF
UDP 53
TCP 22
TCP 23
#TCP 443
TCP 1723
#TCP 3389
TCP 3724,1119,1120
TCP 28012,10008,13006,2349,7101:7103
UDP 2349,12000:12175
EOF
load_var() {
WAN_IF="imq1"
LAN_IF="imq0"
WAN_IFT=$(nvram get wan0_ifname_t)
IPM="iptables -t mangle"
lan_ip="`nvram get lan_ipaddr`/24"
}
load_modules(){
[ ! -f /tmp/qos-emong-modules ] && {
modprobe act_connmark #缺,补621-sched_act_connmark.patch@597
for module in imq ipt_IMQ ipt_web xt_length xt_hashlimit cls_fw sch_htb sch_sfq sch_red xt_length xt_IMQ ipt_ipp2p xt_dscp xt_DSCP cls_u32 sch_hfsc sch_prio ipt_multiport ipt_CONNMARK ipt_length ipt_hashlimit xt_connlimit xt_connbytes ipt_connlimit em_u32 sch_ingress act_mirred
do
modprobe $module
done
modprobe imq numdevs=1
echo >/tmp/qos-emong-modules
}
}
qos_stop() {
tc qdisc del dev $WAN_IF root
tc qdisc del dev $LAN_IF root
$IPM -F
$IPM -X UP
$IPM -X DOWN
$IPM -X IP_DOWN
$IPM -X IP_UP
}
qos_start(){
ip link set imq0 up
ip link set imq1 up
tc qdisc add dev $WAN_IF root handle 1: htb
tc qdisc add dev $LAN_IF root handle 1: htb
tc class add dev $WAN_IF parent 1: classid 1:2 htb rate $((UP))kbps
tc class add dev $LAN_IF parent 1: classid 1:2 htb rate $((DOWN))kbps
tc class add dev $WAN_IF parent 1: classid 1:1 htb rate $((UP*95/100))kbps
tc class add dev $WAN_IF parent 1:1 classid 1:11 htb rate $((UP*5/10))kbps prio 1
tc class add dev $WAN_IF parent 1:1 classid 1:12 htb rate $((UP*5/10))kbps ceil $((UP*9/10))kbps prio 2
tc class add dev $WAN_IF parent 1:12 classid 1:121 htb rate $((UP*4/10))kbps ceil $((UP*8/10))kbps prio 1
tc class add dev $WAN_IF parent 1:12 classid 1:122 htb rate $((UP*1/10))kbps ceil $((UP*4/10))kbps prio 2
tc class add dev $WAN_IF parent 1:12 classid 1:123 htb rate $((UP*4/10))kbps ceil $((UP*6/10))kbps prio 3
tc qdisc add dev $WAN_IF parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $WAN_IF parent 1:121 handle 121: sfq perturb 10
tc qdisc add dev $WAN_IF parent 1:122 handle 122: sfq perturb 10
tc qdisc add dev $WAN_IF parent 1:123 handle 123: sfq perturb 10
tc filter add dev $WAN_IF parent 1: handle 0x10/0xfff0 fw classid 1:11
tc filter add dev $WAN_IF parent 1: handle 0x20/0xfff0 fw classid 1:121
tc filter add dev $WAN_IF parent 1: handle 0x30/0xfff0 fw classid 1:122
tc filter add dev $WAN_IF parent 1: handle 0x40/0xfff0 fw classid 1:123
tc class add dev $LAN_IF parent 1: classid 1:1 htb rate $((DOWN*95/100))kbps
tc class add dev $LAN_IF parent 1:1 classid 1:11 htb rate $((DOWN*5/10))kbps prio 1
tc class add dev $LAN_IF parent 1:1 classid 1:12 htb rate $((DOWN*5/10))kbps ceil $((DOWN*9/10))kbps prio 2
tc class add dev $LAN_IF parent 1:12 classid 1:121 htb rate $((DOWN*4/10))kbps ceil $((DOWN*8/10))kbps prio 1
tc class add dev $LAN_IF parent 1:12 classid 1:122 htb rate $((DOWN*1/10))kbps ceil $((DOWN*4/10))kbps prio 10
tc class add dev $LAN_IF parent 1:12 classid 1:123 htb rate $((DOWN*4/10))kbps ceil $((DOWN*6/10))kbps prio 3
tc qdisc add dev $LAN_IF parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $LAN_IF parent 1:121 handle 121: sfq perturb 10
tc qdisc add dev $LAN_IF parent 1:122 handle 122: sfq perturb 10
tc qdisc add dev $LAN_IF parent 1:123 handle 123: sfq perturb 10
tc filter add dev $LAN_IF parent 1: handle 0x10/0xfff0 fw classid 1:11
tc filter add dev $LAN_IF parent 1: handle 0x20/0xfff0 fw classid 1:121
tc filter add dev $LAN_IF parent 1: handle 0x30/0xfff0 fw classid 1:122
tc filter add dev $LAN_IF parent 1: handle 0x40/0xfff0 fw classid 1:123
$IPM -N UP
$IPM -N DOWN
$IPM -N IP_UP
$IPM -N IP_DOWN
$IPM -I POSTROUTING -o br0 -j DOWN
$IPM -I PREROUTING -i br0 -j UP
$IPM -A DOWN -j IMQ --todev 0
$IPM -A UP -j IMQ --todev 1
#$IPM -I DOWN -s $lan_ip -j RETURN
$IPM -I DOWN -p tcp -m multiport --dports 22,53,445,139 -j RETURN
$IPM -I DOWN -p icmp -j RETURN
#$IPM -A DOWN -m length --length :100 -j RETURN
$IPM -A DOWN -j MARK --set-mark=0x41
$IPM -A DOWN -m length --length 1024:1500 -j MARK --set-mark=0x31
$IPM -A DOWN -p tcp -m multiport --dports 21,80,443,3389,8118 -j MARK --set-mark=0x21
$IPM -A DOWN -m length --length :768 -j MARK --set-mark=0x11
$IPM -A DOWN -j IP_DOWN
#$IPM -I UP -d $lan_ip -j RETURN
$IPM -I UP -p tcp -m multiport --sports 22,53,445,139 -j RETURN
$IPM -I UP -p icmp -j RETURN
#$IPM -A UP -m length --length :80 -j RETURN
$IPM -A UP -j MARK --set-mark=0x41
$IPM -A UP -m length --length 1024:1500 -j MARK --set-mark=0x31
$IPM -A UP -p tcp -m multiport --sports 21,80,443,3389,8118 -j MARK --set-mark=0x21
$IPM -A UP -m length --length :512 -j MARK --set-mark=0x11
$IPM -A UP -j IP_UP
}
connlmt() {
$IPM -A FORWARD -p tcp -d $1 -m connlimit --connlimit-above $2 -j DROP
$IPM -A FORWARD -p udp -d $1 -m connlimit --connlimit-above $3 -j DROP
}
ip_limit() {
conns=$6
[ $((conns)) -lt "6" ] && logger -t "QOS" "限速设置[KB/S]IP:$1 最大下载$2 下载保证$3 最大上传$4 上传保证$5"
[ $((conns)) -ge "6" ] && logger -t "QOS" "连接数限制IP:$1 TCP:$2 UDP:$3"
n=$(echo $1|cut -d '-' -f1|cut -d '.' -f4)
m=$(echo $1|cut -d '-' -f2|cut -d '.' -f4)
NET=$(echo $1|cut -d '.' -f1-3)
while [ $n -le $m ]
do
ip=$n
if [ $((conns)) -lt "6" ];then
[ ${#ip} -lt 3 ] && ip=0$ip
[ ${#ip} -lt 3 ] && ip=0$ip
var=1
tc class add dev $WAN_IF parent 1:2 classid 1:$var$ip htb rate $5kbps ceil $4kbps
tc qdisc add dev $WAN_IF parent 1:$var$ip handle $var$ip sfq perturb 10
tc filter add dev $WAN_IF parent 1: handle 0x$var$ip fw flowid 1:$var$ip
tc class add dev $LAN_IF parent 1:2 classid 1:$var$ip htb rate $3kbps ceil $2kbps
tc qdisc add dev $LAN_IF parent 1:$var$ip handle $var$ip sfq perturb 10
tc filter add dev $LAN_IF parent 1: handle 0x$var$ip fw flowid 1:$var$ip
$IPM -A IP_DOWN -d $NET.$n -j MARK --set-mark 0x$var$ip
$IPM -A IP_UP -s $NET.$n -j MARK --set-mark 0x$var$ip
else
connlmt $NET.$n $2 $3
fi
n=$((n+1))
done
}
port_first() {
logger -t "QOS" "端口优先:$1 $2"
$IPM -I DOWN -p $1 -m multiport --dports $2 -j RETURN
$IPM -I UP -p $1 -m multiport --sports $2 -j RETURN
}
if [ "$qoss" != "0" ] && [ -f "/lib/modules/$(uname -r)/kernel/net/netfilter/xt_IMQ.ko" ]; then
if [ $(cat /tmp/qos_state) -eq 1 ]; then
logger -t "QOS" "正在运行"
exit
else
echo 1 >/tmp/qos_state
fi
logger -t "QOS" "启动QOS成功"
echo 1 >/tmp/qoss_state
load_var
load_modules
qos_stop
qos_start
while read line
do
c_line=`echo $line |grep -v "#"`
if [ ! -z "$c_line" ] ; then
ip_limit $line
fi
done < /tmp/qos_ip_limit_DOMAIN.txt
while read line
do
c_line=`echo $line |grep -v "#"`
if [ ! -z "$c_line" ] ; then
line="$line 4 5 6"
ip_limit $line
fi
done < /tmp/qos_connlmt_DOMAIN.txt
while read line
do
c_line=`echo $line |grep -v "#"`
if [ ! -z "$c_line" ] ; then
port_first $line
fi
done < /tmp/qos_port_first_DOMAIN.txt
if [ ! -f /tmp/qos_scheduler.lock ] ; then
/tmp/qos_scheduler.sh $qosb &
fi
echo 0 >/tmp/qos_state
else
logger -t "QOS" "QOS没有开启或闪存不足缺模块"
echo 0 >/tmp/qoss_state
ip link set imq0 down
ip link set imq1 down
fi
logger -t "防火墙规则" "脚本完成"
@Ansen

Ansen commented Oct 14, 2019

Copy link
Copy Markdown
Author

Copy From

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment