Wondershaper implementation that uses IFB for ingress rate limiting

ifb_wondershaper.sh

#!/bin/sh
# Wonder Shaper
# please read the README before filling out these values
#
# Set the following values to somewhat less than your actual download
# and uplink speed. In kilobits. Also set the device that is to be shaped.

# All config needs to be done in /etc/config/wshaper

#. /lib/functions.sh
#config_load wshaper
#for s in downlink uplink network nopriohostdst nopriohostsrc noprioportdst noprioportsrc; do
#       config_get $s settings $s
#done

#device=$(uci_get_state network "$network" ifname "$network")
#[ -z "$device" ] && logger -t wondershaper "Error: Could not find the device for network $network, aborting." && exit 1
#[ -z "$downlink" ] && logger -t wondershaper "Error: Downlink speed not set, aborting." && exit 1
#[ -z "$uplink" ] && logger -t wondershaper "Error: Uplink speed not set, aborting." && exit 1

#MODULES='sch_ingress sch_sfq sch_htb cls_u32 act_police'
COMMAND="$1"
DOWNLINK="$4"
UPLINK="$5"
IFB="$3"
DEV="$2"

# low priority OUTGOING traffic - you can leave this blank if you want
# low priority source netmasks
#NOPRIOHOSTSRC="$nopriohostsrc"
NOPRIOHOSTSRC=

# low priority destination netmasks
#NOPRIOHOSTDST="$nopriohostdst"
NOPRIOHOSTDST=

# low priority source ports
#NOPRIOPORTSRC="$noprioportsrc"
NOPRIOPORTSRC=

# low priority destination ports
#NOPRIOPORTDST="$noprioportdst"
NOPRIOPORTDST=

if [ "$COMMAND" = "status" ]
then
        tc -s qdisc ls dev $DEV
        tc -s class ls dev $DEV
  tc -s qdisc ls dev $IFB
  tc -s class ls dev $IFB
        exit
fi


# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev $DEV root    2> /dev/null > /dev/null
tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

# remove existing ingress stuff
tc qdisc del dev $IFB root    2> /dev/null > /dev/null
tc qdisc del dev $IFB ingress 2> /dev/null > /dev/null
ip link set dev $IFB down 2> /dev/null > /dev/null
rmmod ifb 2> /dev/null > /dev/null

if [ "$COMMAND" = "stop" ]; then
  echo "Queues cleared"
  exit
fi

#if [ "$COMMAND" = "stop" ]
#then
#       for i in $MODULES ; do
#               rmmod $i
#       done
#       exit
#fi

#for i in $MODULES ; do
#        insmod $i
#done

###### uplink

# install root HTB, point default traffic to 1:20:

tc qdisc add dev $DEV root handle 1: htb default 20

# shape everything at $UPLINK speed - this prevents huge queues in your
# DSL modem which destroy latency:

tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k

# high prio class 1:10:

tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit \
   burst 6k prio 1

# bulk & default class 1:20 - gets slightly less traffic,
# and a lower priority:

tc class add dev $DEV parent 1:1 classid 1:20 htb rate $((9*$UPLINK/10))kbit \
   burst 6k prio 2

tc class add dev $DEV parent 1:1 classid 1:30 htb rate $((8*$UPLINK/10))kbit \
   burst 6k prio 2

# all get Stochastic Fairness:
tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10

# TOS Minimum Delay (ssh, NOT scp) in 1:10:

tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
      match ip tos 0x10 0xff  flowid 1:10

# ICMP (ip protocol 1) in the interactive class 1:10 so we
# can do measurements & impress our friends:
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 \
        match ip protocol 1 0xff flowid 1:10

# To speed up downloads while an upload is going on, put ACK packets in
# the interactive class:

tc filter add dev $DEV parent 1: protocol ip prio 10 u32 \
   match ip protocol 6 0xff \
   match u8 0x05 0x0f at 0 \
   match u16 0x0000 0xffc0 at 2 \
   match u8 0x10 0xff at 33 \
   flowid 1:10

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20

# some traffic however suffers a worse fate
for a in $NOPRIOPORTDST
do
        tc filter add dev $DEV parent 1: protocol ip prio 14 u32 \
           match ip dport $a 0xffff flowid 1:30
done

for a in $NOPRIOPORTSRC
do
        tc filter add dev $DEV parent 1: protocol ip prio 15 u32 \
           match ip sport $a 0xffff flowid 1:30
done

for a in $NOPRIOHOSTSRC
do
        tc filter add dev $DEV parent 1: protocol ip prio 16 u32 \
           match ip src $a flowid 1:30
done

for a in $NOPRIOHOSTDST
do
        tc filter add dev $DEV parent 1: protocol ip prio 17 u32 \
           match ip dst $a flowid 1:30
done

# rest is 'non-interactive' ie 'bulk' and ends up in 1:20

tc filter add dev $DEV parent 1: protocol ip prio 18 u32 \
   match ip dst 0.0.0.0/0 flowid 1:20


########## downlink #############
# slow downloads down to somewhat less than the real speed  to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:

#tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:

#tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
#   0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

#tc qdisc add dev $DEV root tbf rate 15000kbit latency 25ms burst 10k

modprobe ifb numifbs=2
ip link set dev $IFB up
tc qdisc add dev $DEV handle ffff: ingress
tc filter add dev $DEV parent ffff: protocol ip u32 match u32 0 0 action mirred egress redirect dev $IFB
tc qdisc add dev $IFB root handle 1: htb default 10
tc class add dev $IFB parent 1: classid 1:1 htb rate ${DOWNLINK}kbit
tc class add dev $IFB parent 1:1 classid 1:10 htb rate ${DOWNLINK}kbit

echo "Wondershaper was started on device $DEV."