@pokinwilly:
the main use of the status stuff is looking if the traffic gets categorized well, you can watch the classes fill and stuff... the rest is not important for you as far as you do not know the whole iptables and tc interaction...
Thanks for the clarification.
FYI, I've dropped the WIFI bridge, replaced by latest PLC (Powerline Communications).
# Wan link download speed in Kbits (set to 80%-90% of link capacity; 6000 -> 4800)
DOWNLOAD=4800
# Wan link upload speed in Kbits (set to 80%-90% of link capacity; 600 -> 480)
UPLOAD=480
# Download burst size in Kbytes
D_BURST=50
# Upload burst size in Kbytes
U_BURST=5
# 'Home server' (always on machine used for serving webpages / FTP / P2P / ...)
HOMESERVER_IP=192.168.0.9
#
# Ports used by the 'home server' services
#
HOMESERVER_HTTP_PORT=80
HOMESERVER_HTTPS_PORT=443
HOMESERVER_FTP_PORT=4521
HOMESERVER_HFS_PORT=4580
HOMESERVER_EMULE_TCP_PORT=4662
HOMESERVER_EMULE_UDP_PORT=4672
HOMESERVER_BITTORRENT_PORT=6881
# Wan ('upload' traffic) classification chain
iptables -t mangle -N wan_mark_chain
iptables -t mangle -A POSTROUTING -o $WAN -j wan_mark_chain
# Lan ('download' traffic) classification chain
iptables -t mangle -N lan_mark_chain
iptables -t mangle -A POSTROUTING -o $LAN -j lan_mark_chain
# Restore any saved connection mark (connection already marked and tracked)
iptables -t mangle -A wan_mark_chain -j CONNMARK --restore-mark
iptables -t mangle -A lan_mark_chain -j CONNMARK --restore-mark
### RULES BEGIN #####################################
# DNS (outgoing) queries - Express
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -p udp --dport 53 -j MARK --set-mark 1
# HTTP on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_HTTP_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_HTTP_PORT -j MARK --set-mark 3
# HTTPS on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_HTTPS_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_HTTPS_PORT -j MARK --set-mark 3
# FTP on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_FTP_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p udp --dport $HOMESERVER_FTP_PORT -j MARK --set-mark 3
# HFS on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_HFS_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_HFS_PORT -j MARK --set-mark 3
# Edonkey on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_EMULE_TCP_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_EMULE_TCP_PORT -j MARK --set-mark 3
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p udp --sport $HOMESERVER_EMULE_UDP_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p udp --dport $HOMESERVER_EMULE_UDP_PORT -j MARK --set-mark 3
# Bittorrent on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_BITTORRENT_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_BITTORRENT_PORT -j MARK --set-mark 3
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p udp --sport $HOMESERVER_BITTORRENT_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p udp --dport $HOMESERVER_BITTORRENT_PORT -j MARK --set-mark 3
# Edonkey 'catch-all' - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -m layer7 --l7proto edonkey -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -m layer7 --l7proto edonkey -j MARK --set-mark 3
# Bittorrent 'catch-all' - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -m layer7 --l7proto bittorrent -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -m layer7 --l7proto bittorrent -j MARK --set-mark 3
### RULES END #####################################
# Save mark so we track the full connection
iptables -t mangle -A wan_mark_chain -j CONNMARK --save-mark
iptables -t mangle -A lan_mark_chain -j CONNMARK --save-mark
# ACK packets and suck (connection control) - Express
iptables -t mangle -A wan_mark_chain -p tcp -m length --length :128 --tcp-flags SYN,RST,ACK ACK -j MARK --set-mark 1
iptables -t mangle -A lan_mark_chain -p tcp -m length --length :128 --tcp-flags SYN,RST,ACK ACK -j MARK --set-mark 1
# ICMP (ping and such) - Express
iptables -t mangle -A wan_mark_chain -p icmp -j MARK --set-mark 1
iptables -t mangle -A lan_mark_chain -p icmp -j MARK --set-mark 1
# TOS Minimize-Delay - Express
iptables -t mangle -A wan_mark_chain -m tos --tos Minimize-Delay -j MARK --set-mark 1
iptables -t mangle -A lan_mark_chain -m tos --tos Minimize-Delay -j MARK --set-mark 1
# Default (anything else) - Normal
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -j MARK --set-mark 2
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -j MARK --set-mark 2
Usage:
npshaper.sh start - Start the shapper (set the QOS rules)
npshaper.sh status - Print the QOS rules and stats
npshaper.sh stats - Print the basic express/normal/bulk classes stats
The script will set rules for shapping:
- Downloading traffic on the LAN output side (traffic that comes from the internet, gets queued on the router or droped if needed, before going into the lan)
- Uploading traffic on the WAN side (traffic going from the lan, gets queued on the router or droped if needed, before going to internet).
Traffic is asigned to one of the three classes by packet marking them with marks 1 (traffic control, pings, and such goes into express 1:10), 2 (default, goes into 1:20) or 3 (bulk, like p2p, goes into 1:30)
The "### RULES BEGIN ### ... ### RULES END ###" section is meant to be edited so you can add custom rules to set what is 'bulk', 'normal' or 'express' traffic (via the marks).
By default it classifies P2P, web serving or FTP data comming from, or going to, the 'home server' (I have an always on computer that I use as a web server and P2P client) as 'bulk'.
This way, the rest of the computers on the network ( doing web surfing, gaming, voice...) won't even notice (no high latency) when eMule is running, or when somebody is using the 'home server' FTP.
Though the script is far from perfect, I think it has one main advantage: it classifies both the 'download' and 'upload' connections!
CaScAdE script, on the downloading side, just shapes the wan ingress (download), so it does "drop anything that is coming in too fast"; but does not classify it so some traffic classes get priority and guaranted bandwidth.
As an example of the 'results', this is my current 'status' (tc qdiscs, tc classes and iptables mangle chain)
Code:
# /jffs/etc/bbshaper.sh status
--- Current status ---
--- WAN (Upload) ---
qdisc htb 1: r2q 10 default 0 direct_packets_stat 23
Sent 108459650 bytes 214524 pkts (dropped 973, overlimits 3658)
class htb 1:1 root rate 480000bit ceil 480000bit burst 5Kb cburst 5Kb
Sent 108446797 bytes 214511 pkts (dropped 0, overlimits 0)
rate 186152bit 82pps
lended: 12754 borrowed: 0 giants: 0
tokens: 130762 ctokens: 130762
Chain INPUT (policy ACCEPT 373K packets, 77M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1584K packets, 691M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 339K packets, 76M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1950K packets, 777M bytes)
pkts bytes target prot opt in out source destination
215K 107M wan_mark_chain all -- any vlan1 anywhere anywhere
175K 44M lan_mark_chain all -- any br0 anywhere anywhere
Chain lan_mark_chain (1 references)
pkts bytes target prot opt in out source destination
175K 44M CONNMARK all -- any any anywhere anywhere CONNMARK restore
11 540 MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:www MARK set 0x3
0 0 MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:https MARK set 0x3
0 0 MARK udp -- any any anywhere 192.168.0.9 MARK match 0x0 udp dpt:4521 MARK set 0x3
9 448 MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:4580 MARK set 0x3
2444 122K MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:4662 MARK set 0x3
7374 536K MARK udp -- any any anywhere 192.168.0.9 MARK match 0x0 udp dpt:4672 MARK set 0x3
337 16667 MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:6881 MARK set 0x3
8259 1065K MARK udp -- any any anywhere 192.168.0.9 MARK match 0x0 udp dpt:6881 MARK set 0x3
0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x3
0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x3
175K 44M CONNMARK all -- any any anywhere anywhere CONNMARK save
76563 3862K MARK tcp -- any any anywhere anywhere length 0:128 tcp flags:SYN,RST,ACK/ACK MARK set 0x1
1130 84914 MARK icmp -- any any anywhere anywhere MARK set 0x1
0 0 MARK all -- any any anywhere anywhere TOS match Minimize-Delay MARK set 0x1
60697 36M MARK all -- any any anywhere anywhere MARK match 0x0 MARK set 0x2
77695 3949K RETURN all -- any any anywhere anywhere MARK match 0x1
60697 36M RETURN all -- any any anywhere anywhere MARK match 0x2
36198 4235K RETURN all -- any any anywhere anywhere MARK match 0x3
Chain wan_mark_chain (1 references)
pkts bytes target prot opt in out source destination
215K 107M CONNMARK all -- any any anywhere anywhere CONNMARK restore
29 1914 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:domain MARK set 0x1
0 0 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:www MARK set 0x3
0 0 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:https MARK set 0x3
0 0 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:4521 MARK set 0x3
7 287 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:4580 MARK set 0x3
49 4630 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:4662 MARK set 0x3
5089 325K MARK udp -- any any 192.168.0.9 anywhere MARK match 0x0 udp spt:4672 MARK set 0x3
88 11038 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:6881 MARK set 0x3
2767 363K MARK udp -- any any 192.168.0.9 anywhere MARK match 0x0 udp spt:6881 MARK set 0x3
21 2350 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x3
42 4536 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x3
215K 107M CONNMARK all -- any any anywhere anywhere CONNMARK save
59261 3160K MARK tcp -- any any anywhere anywhere length 0:128 tcp flags:SYN,RST,ACK/ACK MARK set 0x1
679 40746 MARK icmp -- any any anywhere anywhere MARK set 0x1
0 0 MARK all -- any any anywhere anywhere TOS match Minimize-Delay MARK set 0x1
88275 54M MARK all -- any any anywhere anywhere MARK match 0x0 MARK set 0x2
60356 3233K RETURN all -- any any anywhere anywhere MARK match 0x1
88275 54M RETURN all -- any any anywhere anywhere MARK match 0x2
66819 49M RETURN all -- any any anywhere anywhere MARK match 0x3
Traffic stats:
D/U Class Packets Bytes
D Express 77714 3950K
D Normal 60956 37M
D Bulk 36213 4237K
U Express 60701 3251K
U Normal 88301 54M
U Bulk 66849 49M
I just started using this script - basically the version from the first post slightly modified to change the actual RTP ports my ATA uses, add NNTP, and change WAN port...
Wow! What a difference it made! I was struggling to make QoS to work for my VoIP. Tried DD-WRT built-in QoS and Tomato QoS on my ASUS wl-520gu. DD-WRT QoS did not seem to work at all - the voice was still garbled while running torrents or downloading/uploading large files via HTTP. Tomato worked, but limited my download speed at 3900kbps while my actual downlink speed is 6800kbps - no matter what downlink speed I specify (and it doesn't allow 0), and what my other settings were. So finally I tried this script, and it worked! The strange thing is that it also limited my download speed by 3900kbps if I specify any positive value for DOWNLINK parameter. But when DOWNLINK is set to 0, all works perfectly! I can now run torrents and speed tests at the same time, and talk on the phone - with no effect on the sound quality (tested via echo tests). Thank you CaScAdE!
I have a question though - what is the meaning of limits (200 and 700) in the lines below:
Running CaScAdE's script from the first post I was able to get my network running very smoothly for about a month until we had a new room mate come in who seems to be doing something to his torrents that (after some minor script changes) is not affecting my gaming but is destroying my Ventrilo use. I modified the script to look like
Code:
--snip--
# p2p + ftp gets mark 6
$IPTABLES -t mangle -A PREROUTING -p udp --source-port 1023:65535 -j MARK --set-mark 6
$IPTABLES -t mangle -A POSTROUTING -p udp --source-port 1023:65535 -j MARK --set-mark 6
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto edonkey -j MARK --set-mark 6
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto gnutella -j MARK --set-mark 6
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j MARK --set-mark 6
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK --set-mark 6
# rtp/voice get mark 3
$IPTABLES -t mangle -A POSTROUTING -p udp -m length --length 150:250 -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -p udp --source-port 11000:11009 -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto sip -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto teamspeak -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ventrilo -j MARK --set-mark 3
# gaming gets mark 3 well
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto quake-halflife -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto counterstrike-source -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto teamfortress2 -j MARK --set-mark 3
$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto worldofwarcraft -j MARK --set-mark 3
--snip--
If anyone has any ideas on how I can get my ventrilo functioning normally again I'd be thrilled. At his point, after days of playing with difference scripts, I'm looking to beat the technology as the logical and reluctant next step is to get the user to change his torrenting habits.
# Wan link download speed in Kbits (set to 80%-90% of link capacity; 6000 -> 4800)
DOWNLOAD=4800
# Wan link upload speed in Kbits (set to 80%-90% of link capacity; 600 -> 480)
UPLOAD=480
# Download burst size in Kbytes
D_BURST=50
# Upload burst size in Kbytes
U_BURST=5
# 'Home server' (always on machine used for serving webpages / FTP / P2P / ...)
HOMESERVER_IP=192.168.0.9
#
# Ports used by the 'home server' services
#
HOMESERVER_HTTP_PORT=80
HOMESERVER_HTTPS_PORT=443
HOMESERVER_FTP_PORT=4521
HOMESERVER_HFS_PORT=4580
HOMESERVER_EMULE_TCP_PORT=4662
HOMESERVER_EMULE_UDP_PORT=4672
HOMESERVER_BITTORRENT_PORT=6881
# Wan ('upload' traffic) classification chain
iptables -t mangle -N wan_mark_chain
iptables -t mangle -A POSTROUTING -o $WAN -j wan_mark_chain
# Lan ('download' traffic) classification chain
iptables -t mangle -N lan_mark_chain
iptables -t mangle -A POSTROUTING -o $LAN -j lan_mark_chain
# Restore any saved connection mark (connection already marked and tracked)
iptables -t mangle -A wan_mark_chain -j CONNMARK --restore-mark
iptables -t mangle -A lan_mark_chain -j CONNMARK --restore-mark
### RULES BEGIN #####################################
# DNS (outgoing) queries - Express
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -p udp --dport 53 -j MARK --set-mark 1
# HTTP on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_HTTP_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_HTTP_PORT -j MARK --set-mark 3
# HTTPS on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_HTTPS_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_HTTPS_PORT -j MARK --set-mark 3
# FTP on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_FTP_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p udp --dport $HOMESERVER_FTP_PORT -j MARK --set-mark 3
# HFS on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_HFS_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_HFS_PORT -j MARK --set-mark 3
# Edonkey on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_EMULE_TCP_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_EMULE_TCP_PORT -j MARK --set-mark 3
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p udp --sport $HOMESERVER_EMULE_UDP_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p udp --dport $HOMESERVER_EMULE_UDP_PORT -j MARK --set-mark 3
# Bittorrent on home server - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p tcp --sport $HOMESERVER_BITTORRENT_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p tcp --dport $HOMESERVER_BITTORRENT_PORT -j MARK --set-mark 3
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -s $HOMESERVER_IP -p udp --sport $HOMESERVER_BITTORRENT_PORT -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -d $HOMESERVER_IP -p udp --dport $HOMESERVER_BITTORRENT_PORT -j MARK --set-mark 3
# Edonkey 'catch-all' - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -m layer7 --l7proto edonkey -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -m layer7 --l7proto edonkey -j MARK --set-mark 3
# Bittorrent 'catch-all' - Bulk
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -m layer7 --l7proto bittorrent -j MARK --set-mark 3
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -m layer7 --l7proto bittorrent -j MARK --set-mark 3
### RULES END #####################################
# Save mark so we track the full connection
iptables -t mangle -A wan_mark_chain -j CONNMARK --save-mark
iptables -t mangle -A lan_mark_chain -j CONNMARK --save-mark
# ACK packets and suck (connection control) - Express
iptables -t mangle -A wan_mark_chain -p tcp -m length --length :128 --tcp-flags SYN,RST,ACK ACK -j MARK --set-mark 1
iptables -t mangle -A lan_mark_chain -p tcp -m length --length :128 --tcp-flags SYN,RST,ACK ACK -j MARK --set-mark 1
# ICMP (ping and such) - Express
iptables -t mangle -A wan_mark_chain -p icmp -j MARK --set-mark 1
iptables -t mangle -A lan_mark_chain -p icmp -j MARK --set-mark 1
# TOS Minimize-Delay - Express
iptables -t mangle -A wan_mark_chain -m tos --tos Minimize-Delay -j MARK --set-mark 1
iptables -t mangle -A lan_mark_chain -m tos --tos Minimize-Delay -j MARK --set-mark 1
# Default (anything else) - Normal
iptables -t mangle -A wan_mark_chain -m mark --mark 0 -j MARK --set-mark 2
iptables -t mangle -A lan_mark_chain -m mark --mark 0 -j MARK --set-mark 2
Usage:
npshaper.sh start - Start the shapper (set the QOS rules)
npshaper.sh status - Print the QOS rules and stats
npshaper.sh stats - Print the basic express/normal/bulk classes stats
The script will set rules for shapping:
- Downloading traffic on the LAN output side (traffic that comes from the internet, gets queued on the router or droped if needed, before going into the lan)
- Uploading traffic on the WAN side (traffic going from the lan, gets queued on the router or droped if needed, before going to internet).
Traffic is asigned to one of the three classes by packet marking them with marks 1 (traffic control, pings, and such goes into express 1:10), 2 (default, goes into 1:20) or 3 (bulk, like p2p, goes into 1:30)
The "### RULES BEGIN ### ... ### RULES END ###" section is meant to be edited so you can add custom rules to set what is 'bulk', 'normal' or 'express' traffic (via the marks).
By default it classifies P2P, web serving or FTP data comming from, or going to, the 'home server' (I have an always on computer that I use as a web server and P2P client) as 'bulk'.
This way, the rest of the computers on the network ( doing web surfing, gaming, voice...) won't even notice (no high latency) when eMule is running, or when somebody is using the 'home server' FTP.
Though the script is far from perfect, I think it has one main advantage: it classifies both the 'download' and 'upload' connections!
CaScAdE script, on the downloading side, just shapes the wan ingress (download), so it does "drop anything that is coming in too fast"; but does not classify it so some traffic classes get priority and guaranted bandwidth.
As an example of the 'results', this is my current 'status' (tc qdiscs, tc classes and iptables mangle chain)
Code:
# /jffs/etc/bbshaper.sh status
--- Current status ---
--- WAN (Upload) ---
qdisc htb 1: r2q 10 default 0 direct_packets_stat 23
Sent 108459650 bytes 214524 pkts (dropped 973, overlimits 3658)
class htb 1:1 root rate 480000bit ceil 480000bit burst 5Kb cburst 5Kb
Sent 108446797 bytes 214511 pkts (dropped 0, overlimits 0)
rate 186152bit 82pps
lended: 12754 borrowed: 0 giants: 0
tokens: 130762 ctokens: 130762
Chain INPUT (policy ACCEPT 373K packets, 77M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1584K packets, 691M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 339K packets, 76M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1950K packets, 777M bytes)
pkts bytes target prot opt in out source destination
215K 107M wan_mark_chain all -- any vlan1 anywhere anywhere
175K 44M lan_mark_chain all -- any br0 anywhere anywhere
Chain lan_mark_chain (1 references)
pkts bytes target prot opt in out source destination
175K 44M CONNMARK all -- any any anywhere anywhere CONNMARK restore
11 540 MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:www MARK set 0x3
0 0 MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:https MARK set 0x3
0 0 MARK udp -- any any anywhere 192.168.0.9 MARK match 0x0 udp dpt:4521 MARK set 0x3
9 448 MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:4580 MARK set 0x3
2444 122K MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:4662 MARK set 0x3
7374 536K MARK udp -- any any anywhere 192.168.0.9 MARK match 0x0 udp dpt:4672 MARK set 0x3
337 16667 MARK tcp -- any any anywhere 192.168.0.9 MARK match 0x0 tcp dpt:6881 MARK set 0x3
8259 1065K MARK udp -- any any anywhere 192.168.0.9 MARK match 0x0 udp dpt:6881 MARK set 0x3
0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x3
0 0 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x3
175K 44M CONNMARK all -- any any anywhere anywhere CONNMARK save
76563 3862K MARK tcp -- any any anywhere anywhere length 0:128 tcp flags:SYN,RST,ACK/ACK MARK set 0x1
1130 84914 MARK icmp -- any any anywhere anywhere MARK set 0x1
0 0 MARK all -- any any anywhere anywhere TOS match Minimize-Delay MARK set 0x1
60697 36M MARK all -- any any anywhere anywhere MARK match 0x0 MARK set 0x2
77695 3949K RETURN all -- any any anywhere anywhere MARK match 0x1
60697 36M RETURN all -- any any anywhere anywhere MARK match 0x2
36198 4235K RETURN all -- any any anywhere anywhere MARK match 0x3
Chain wan_mark_chain (1 references)
pkts bytes target prot opt in out source destination
215K 107M CONNMARK all -- any any anywhere anywhere CONNMARK restore
29 1914 MARK udp -- any any anywhere anywhere MARK match 0x0 udp dpt:domain MARK set 0x1
0 0 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:www MARK set 0x3
0 0 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:https MARK set 0x3
0 0 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:4521 MARK set 0x3
7 287 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:4580 MARK set 0x3
49 4630 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:4662 MARK set 0x3
5089 325K MARK udp -- any any 192.168.0.9 anywhere MARK match 0x0 udp spt:4672 MARK set 0x3
88 11038 MARK tcp -- any any 192.168.0.9 anywhere MARK match 0x0 tcp spt:6881 MARK set 0x3
2767 363K MARK udp -- any any 192.168.0.9 anywhere MARK match 0x0 udp spt:6881 MARK set 0x3
21 2350 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x3
42 4536 MARK all -- any any anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x3
215K 107M CONNMARK all -- any any anywhere anywhere CONNMARK save
59261 3160K MARK tcp -- any any anywhere anywhere length 0:128 tcp flags:SYN,RST,ACK/ACK MARK set 0x1
679 40746 MARK icmp -- any any anywhere anywhere MARK set 0x1
0 0 MARK all -- any any anywhere anywhere TOS match Minimize-Delay MARK set 0x1
88275 54M MARK all -- any any anywhere anywhere MARK match 0x0 MARK set 0x2
60356 3233K RETURN all -- any any anywhere anywhere MARK match 0x1
88275 54M RETURN all -- any any anywhere anywhere MARK match 0x2
66819 49M RETURN all -- any any anywhere anywhere MARK match 0x3
Traffic stats:
D/U Class Packets Bytes
D Express 77714 3950K
D Normal 60956 37M
D Bulk 36213 4237K
U Express 60701 3251K
U Normal 88301 54M
U Bulk 66849 49M
Trying toe get this script to work on a WRT610N with DD-WRT v24-sp2 (11/25/09) big - build 13309M NEWD-2 Eko but it simply wont work at all. This is from a pretty old post so does anyone have a clue as to why this won't work? Any possible changes in later versions of dd-wrt that will prevent this from working?
What other services can I use besides Skype that are trustworthy and effective? Unfortunetly, Skype does not network with a country that I wish to communicate with. Are there other options out there for internet/phone communicating?
_____________________
yahoo keyword tool ~ overture ~ traffic estimator ~ adwords traffic estimator
Sorry, if this question already exists, but what i have to do to play without lags ? As far as im concerned, QOS doesnot work. My sister always wathes movies online and i have bad ping. I have Asus WL-520GC and dd-wrt micro. Also i connected another router for me personnaly and at sistas router set low transmittion fixed rate and low tx power, but i still have troubles like all these settings does not work at all!!!
Are these instructions still valid or is QoS in the current build 16454 as good as what these instructions suggests?
I'm also looking into possibly adding a League of Legends and a Crysis 2 l7-filter but I'm not too sure of how to do that and add it. I'm looking at this document:
and I'm assuming I can use wireshark to maybe sniff some UDP packets from those games to get the correct patterns necessary to improve the QoS for those applications?
Try this info on setting up QoS on your Internet link. I use it. I can have full speed torrents running and still have excellent response time (latency/lag) in first person shooter games.
Posted: Thu Sep 06, 2012 17:31 Post subject: Just want fix the default classes for dd-wrt?
I just want to fix the default classes that come in dd-wrt so they will work right, that way to make changes I can just pick the classes/ports/ips/macs I want using the web interface like it is supposed to be.
This is what I want to "CHANGE" the default classes to be:
Exempt: 1% - 50% of bandwidth (never more)
Premium: 15% - 20% of bandwidth (never more)
Express: 10% - 15% of bandwidth (never more)
Standard: 5% - 10% of bandwidth (never more)
Bulk: 1% - 5% of bandwidth (never more)
The reason they don't work for me is for example, I never want "Bulk" to run faster than 50kb (modem speed slow) so I pick "Bulk" and the port, but apparently it doesn't care, since it is the only thing running it still gets full priority, runs at 50000kb (100%), but I never ever want a bulk download to run that fast, not even if it is the only thing running, I want to spread the data load out over time to truly limit the total amount of data that can flow through bulk over a given day/week/month. The default classes allow unlimited data to flow throw all classes at 100% at any given time depending on loads, so this is not at all useful in limiting the TOTAL amount of data that goes through each class over time, so these default classes simply don't work:
For the moment I keep trying to use the "TC" command at root to "CHANGE" the existing "BULK 40" class trying only to limit it to a 1% to 5% limit then apply it to all ports, all the time, but I can't get even this to work, everything still runs at full speed all the time.
If I get the proper command to change one class limit and force every Bulk download into it's class and stay there all the time then I could modify to change every default class to work as needed. Can anybody help?
I'll even write a code generator for it once I am done so others can simply pick from the drop down and generate the code changes to the default classes we want since surely everybody will want different speed limits for each class depending on their bandwidth and loads, and I'm sure we'd all rather make changes to the web interface once we've got the percentages for the classes spread out as needed. Currently it appears that the QoS screen as-is goes practically unused because there is no easy way to modify the default classes in dd-wrt, most people even assume that the QoS screen doesn't even work at all.
These are the restrictions I eventually aim to achieve:
This way everything can be on all the time, and bandwidth will never get pulled from a low priority to be handed over to a higher one, it is simply always available because restrictions stay on all the time to prevent too much data usage of any specific class without ever cutting them off completely, nor speeding them up nor down and each will always stay at a static speed limit no matter how much traffic is on the network based solely off of port usage so I can quickly connect and disconnect as many devices as needed without having to hard code in macs and ips every time I switch out equipment/devices, which I do daily.