Skip to content

Instantly share code, notes, and snippets.

@r0mdau

r0mdau/qos-epsilan

Last active December 29, 2015 23:09
Show Gist options
  • Save r0mdau/7740906 to your computer and use it in GitHub Desktop.
Save r0mdau/7740906 to your computer and use it in GitHub Desktop.
Download ZIP
QoS Linux, limiter la bande passante sortante d'une interface avec netfilter et tc
Raw
qos-epsilan
#!/bin/bash
iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark 10
iptables -t mangle -A POSTROUTING -p udp --dport 53 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p udp --dport 123 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p udp --dport 161:162 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p tcp --dport 22 -j MARK --set-mark 30
iptables -t mangle -A POSTROUTING -p tcp --dport 80 -j MARK --set-mark 40
iptables -t mangle -A POSTROUTING -p tcp --dport 443 -j MARK --set-mark 40
iptables -t mangle -A POSTROUTING -p udp --sport 53 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p udp --sport 123 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p udp --sport 161:162 -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p tcp --sport 22 -j MARK --set-mark 30
iptables -t mangle -A POSTROUTING -p tcp --sport 80 -j MARK --set-mark 40
iptables -t mangle -A POSTROUTING -p tcp --sport 443 -j MARK --set-mark 40
### RECEPTION max 10mbit
ETH=eth1
tc qdisc add dev $ETH root handle 1: htb default 100
tc class add dev $ETH parent 1:0 classid 1:5 htb rate 10mbit mtu 1500
tc class add dev $ETH parent 1:5 classid 1:10 htb rate 500kbit ceil 500kbit prio 1
tc class add dev $ETH parent 1:5 classid 1:20 htb rate 500kbit ceil 500kbit prio 2
tc class add dev $ETH parent 1:5 classid 1:30 htb rate 250kbit ceil 1mbit prio 3
tc class add dev $ETH parent 1:5 classid 1:40 htb rate 800kbit ceil 3mbit prio 4
tc class add dev $ETH parent 1:5 classid 1:100 htb rate 250kbit ceil 5mbit prio 7
tc filter add dev $ETH parent 1: protocol ip prio 1 handle 10 fw flowid 1:10
tc filter add dev $ETH parent 1: protocol ip prio 2 handle 20 fw flowid 1:20
tc filter add dev $ETH parent 1: protocol ip prio 3 handle 30 fw flowid 1:30
tc filter add dev $ETH parent 1: protocol ip prio 4 handle 40 fw flowid 1:40
### EMISSION max 15mbit
ETH=eth0
tc qdisc add dev $ETH root handle 1: htb default 100
tc class add dev $ETH parent 1:0 classid 1:5 htb rate 15mbit mtu 1500
tc class add dev $ETH parent 1:5 classid 1:10 htb rate 500kbit ceil 500kbit prio 1
tc class add dev $ETH parent 1:5 classid 1:20 htb rate 500kbit ceil 500kbit prio 2
tc class add dev $ETH parent 1:5 classid 1:30 htb rate 250kbit ceil 1mbit prio 3
tc class add dev $ETH parent 1:5 classid 1:40 htb rate 800kbit ceil 4mbit prio 4
tc class add dev $ETH parent 1:5 classid 1:100 htb rate 250kbit ceil 9mbit prio 7
tc filter add dev $ETH parent 1: protocol ip prio 1 handle 10 fw flowid 1:10
tc filter add dev $ETH parent 1: protocol ip prio 2 handle 20 fw flowid 1:20
tc filter add dev $ETH parent 1: protocol ip prio 3 handle 30 fw flowid 1:30
tc filter add dev $ETH parent 1: protocol ip prio 4 handle 40 fw flowid 1:40
Raw
qos-services
#!/bin/bash
ETH=eth0
#On marque les paquets en fonction de leur numero de port ou type (icmp) avec un marqueur numerote (10, 20, 30, 40)
iptables -t mangle -A POSTROUTING -p icmp -o $ETH -j MARK --set-mark 10
iptables -t mangle -A POSTROUTING -p udp --dport 53 -o $ETH -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p udp --dport 123 -o $ETH -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p udp --dport 161:162 -o $ETH -j MARK --set-mark 20
iptables -t mangle -A POSTROUTING -p tcp --dport 22 -o $ETH -j MARK --set-mark 30
iptables -t mangle -A POSTROUTING -p tcp --dport 80 -o $ETH -j MARK --set-mark 40
iptables -t mangle -A POSTROUTING -p tcp --dport 443 -o $ETH -j MARK --set-mark 40
iptables -t mangle -A POSTROUTING -p tcp --dport 20:21 -o $ETH -j MARK --set-mark 40
iptables -t mangle -A POSTROUTING -p tcp --dport 143 -o $ETH -j MARK --set-mark 40
iptables -t mangle -A POSTROUTING -p tcp --dport 993 -o $ETH -j MARK --set-mark 40
#tc fonctionne sour forme d'arbres, on cree la racine, on utilise le qdisc htb de traitement de file
tc qdisc add dev $ETH root handle 1: htb default 100
#on cree une branche, qui accepte au maximum 10mbit de trafic
tc class add dev $ETH parent 1:0 classid 1:5 htb rate 10mbit mtu 1500
#on cree les feuilles suivant la bande passante que l'on souhaite allouer avec des priorites
#elles heritent toute de la branche precedente
#rate est la vitesse que l'on alloue, ceil est la vitesse max possible
#prio represente la priorite de traitement dans la file
tc class add dev $ETH parent 1:5 classid 1:10 htb rate 500kbit ceil 5mbit prio 1
tc class add dev $ETH parent 1:5 classid 1:20 htb rate 500kbit ceil 5mbit prio 2
tc class add dev $ETH parent 1:5 classid 1:30 htb rate 1mbit ceil 5mbit prio 3
tc class add dev $ETH parent 1:5 classid 1:40 htb rate 3mbit ceil 5mbit prio 4
#politique par defaut (indice 100 sur la branche) a appliquer aux paquets non marques par mangle
tc class add dev $ETH parent 1:5 classid 1:100 htb rate 1mbit ceil 5mbit prio 7
#linker le marquage et la politique
tc filter add dev $ETH parent 1: protocol ip prio 1 handle 10 fw flowid 1:10
tc filter add dev $ETH parent 1: protocol ip prio 2 handle 20 fw flowid 1:20
tc filter add dev $ETH parent 1: protocol ip prio 3 handle 30 fw flowid 1:30
tc filter add dev $ETH parent 1: protocol ip prio 4 handle 40 fw flowid 1:40
#observer le resultat de la QoS
#tc -s class show dev $ETH
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment