#!/bin/sh # qos_htb.sh by neo73 # # Si l'interface montée est la boucle locale, on sort if [ $IFACE = "lo" ]; then exit 0; fi echo -n 'QoS : ' # classes : # 1 - ping, DNS, ack : super rapide # 2 - SSH, Jeux : haute priorité, stabilité # 3 - serveurs locaux : un bon débit, temps de réponse acceptable # 4 - utilisateurs : surf, mail ... # 5 - classe par défaut # Paramètres modifiables # En kilobits par seconde MAX_DL=10000 MAX_DL_BURST=200 MAX_UP=1000 MAX_UP_BURST=40 AVER_PRIO=200 MAX_PRIO=200 AVER_JEUX=300 MAX_JEUX=300 AVER_SERVEURS=500 MAX_SERVEURS=1000 AVER_UTILISATEURS=1000 MAX_UTILISATEURS=5000 AVER_LOW=1000 MAX_LOW=5000 WAN=$IFACE # Test debug DEBUG=0 if [ $DEBUG = 1 ]; then log=/dev/tty else log=/tmp/qos.log rm $log fi echo 'Chargement des modules' >> $log 2>> $log modprobe sch_htb >> $log 2>> $log modprobe sch_tbf >> $log 2>> $log modprobe sch_sfq >> $log 2>> $log modprobe cls_u32 >> $log 2>> $log modprobe cls_fw >> $log 2>> $log modprobe sch_ingress >> $log 2>> $log echo 'Suppression des tables' >> $log 2>> $log tc qdisc del dev $WAN root >> $log 2>> $log tc qdisc del dev $WAN ingress >> $log 2>> $log echo '*** Création des classes ***' >> $log 2>> $log echo 'Création de la racine HTB' >> $log 2>> $log tc qdisc add dev $WAN root handle 1: htb default 50 >> $log 2>> $log echo 'Limitation globale du lien' >> $log 2>> $log tc class add dev $WAN parent 1: classid 1:1 htb \ rate ${MAX_UP}kbit ceil ${MAX_UP}kbit burst ${MAX_UP_BURST}k >> $log 2>> $log echo 'Classe ping' >> $log 2>> $log tc class add dev $WAN parent 1:1 classid 1:10 htb \ rate ${AVER_PRIO}kbit ceil ${MAX_PRIO}kbit burst 50k prio 0 >> $log 2>> $log echo 'Classe jeux' >> $log 2>> $log tc class add dev $WAN parent 1:1 classid 1:20 htb \ rate ${AVER_JEUX}kbit ceil ${MAX_JEUX}kbit burst 50k prio 1 >> $log 2>> $log echo 'Classe serveurs' >> $log 2>> $log tc class add dev $WAN parent 1:1 classid 1:30 htb \ rate ${AVER_SERVEURS}kbit ceil ${MAX_SERVEURS}kbit burst 50k prio 2 >> $log 2>> $log echo 'Classe utilisateurs' >> $log 2>> $log tc class add dev $WAN parent 1:1 classid 1:40 htb \ rate ${AVER_UTILISATEURS}kbit ceil ${MAX_UTILISATEURS}kbit burst 30k prio 3 >> $log 2>> $log echo 'Classe sFTP sortant' >> $log 2>> $log tc class add dev $WAN parent 1:1 classid 1:50 htb \ rate ${AVER_LOW}kbit ceil ${MAX_LOW}kbit burst 5k prio 4 >> $log 2>> $log echo 'Gestion des classes' >> $log 2>> $log tc qdisc add dev $WAN parent 1:10 handle 10: sfq perturb 10 >> $log 2>> $log tc qdisc add dev $WAN parent 1:20 handle 20: sfq perturb 10 >> $log 2>> $log tc qdisc add dev $WAN parent 1:30 handle 30: sfq perturb 10 >> $log 2>> $log tc qdisc add dev $WAN parent 1:40 handle 40: sfq perturb 10 >> $log 2>> $log tc qdisc add dev $WAN parent 1:50 handle 50: sfq perturb 10 >> $log 2>> $log echo '*** Création des filtres ***' >> $log 2>> $log # 1 - ICMP, DNS, ACK, GRE echo 'Classe 1' >> $log 2>> $log echo ' - ICMP' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 0 \ u32 match ip protocol 1 0xff flowid 1:10 >> $log 2>> $log echo ' - ACK' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 0 \ u32 match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:10 >> $log 2>> $log echo ' - DNS' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 0 \ u32 match ip dport 53 0xff flowid 1:10 >> $log 2>> $log echo ' - VPN' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 1 u32 \ match ip dport 1723 0xffff flowid 1:10 >> $log 2>> $log # 2 - SSH, Jeux echo 'Classe 2' >> $log 2>> $log # le bit Délai Minimum du champ TOS (ssh, PAS scp) est dirigé vers 1:10 echo ' - Champ TOS' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 5 u32 \ match ip tos 0x10 0xff flowid 1:20 >> $log 2>> $log echo ' - serveur SSH' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 5 u32 \ match ip dport 22 0xffff flowid 1:20 >> $log 2>> $log echo ' - client SSH' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 5 u32 \ match ip sport 22 0xffff flowid 1:20 >> $log 2>> $log echo ' - serveur Q3' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 5 u32 \ match ip sport 27960 0xffff flowid 1:20 >> $log 2>> $log echo ' - serveur TS' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 5 u32 \ match ip sport 8767 0xffff flowid 1:20 >> $log 2>> $log echo ' - client Q3' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 5 u32 \ match ip dport 27960 0xffff flowid 1:20 >> $log 2>> $log echo ' - client TS' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 5 u32 \ match ip dport 8767 0xffff flowid 1:20 >> $log 2>> $log # 3 - serveur Web et FTP echo 'Classe 3' >> $log 2>> $log echo ' - HTTP' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 10 u32 \ match ip sport 80 0xffff flowid 1:30 >> $log 2>> $log echo ' - HTTPS' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 10 u32 \ match ip sport 443 0xffff flowid 1:30 >> $log 2>> $log echo ' - FTP' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 10 u32 \ match ip sport 20 0xffff flowid 1:30 >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 10 u32 \ match ip sport 21 0xffff flowid 1:30 >> $log 2>> $log # 4 - Traffic utilisateur echo 'Classe 4' >> $log 2>> $log echo ' - Traffic utilisateur' >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 20 u32 \ match ip dport 80 0xffff flowid 1:40 >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 20 u32 \ match ip dport 443 0xffff flowid 1:40 >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 20 u32 \ match ip dport 8080 0xffff flowid 1:40 >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 20 u32 \ match ip dport 25 0xffff flowid 1:40 >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 20 u32 \ match ip dport 143 0xffff flowid 1:40 >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 20 u32 \ match ip dport 993 0xffff flowid 1:40 >> $log 2>> $log tc filter add dev $WAN parent 1: protocol ip prio 20 u32 \ match ip dport 995 0xffff flowid 1:40 >> $log 2>> $log # 5 - Classe par défaut echo 'Classe 5' >> $log 2>> $log echo '*** Limitation du download ***' >> $log 2>> $log echo 'Création ingress' >> $log 2>> $log tc qdisc add dev $WAN handle ffff: ingress >> $log 2>> $log echo 'Limitation de la queue de téléchargement' >> $log 2>> $log tc filter add dev $WAN parent ffff: protocol ip prio 1 u32 match ip src \ 0.0.0.0/0 police rate ${MAX_DL}kbit burst ${MAX_DL_BURST}k drop flowid :1 >> $log 2>> $log echo 'Terminé'