#!/bin/bash
IPT="/sbin/iptables"
TC="/sbin/tc"
IP="/bin/ip"
DEV_IN="eth0"
RATE_IN="2750" # 90% от гарантированной провайдером
RATE_LOCAL="1gbit"
IP_LOCAL="192.168.0.254"
$TC qdisc del dev $DEV_IN root >/dev/null 2>&1
$TC qdisc del dev $DEV_IN ingress >/dev/null 2>&1
$IP link set dev $DEV_IN qlen 32
$TC qdisc add dev $DEV_IN root handle 1: htb r2q 3
# Нетранзитный трафик
$TC class add dev $DEV_IN parent 1: classid 1:1 htb rate $RATE_LOCAL quantum 60000 prio 99
$TC qdisc add dev $DEV_IN parent 1:1 pfifo
$TC filter add dev $DEV_IN parent 1: prio 1 protocol ip u32 match ip src $IP_LOCAL1 flowid 1:1
# Транзитный трафик
$TC class add dev $DEV_IN parent 1: classid 1:2 htb rate ${RATE_IN}kbit prio 2
# high-prio
$TC class add dev $DEV_IN parent 1:2 classid 1:5 htb rate $[95*$RATE_IN/100]kbit ceil ${RATE_IN}kbit prio 5
$TC class add dev $DEV_IN parent 1:5 classid 1:10 htb rate $[5*$RATE_IN/100]kbit ceil ${RATE_IN}kbit prio 10
$TC class add dev $DEV_IN parent 1:5 classid 1:20 htb rate $[10*$RATE_IN/100]kbit ceil ${RATE_IN}kbit prio 20
$TC class add dev $DEV_IN parent 1:5 classid 1:30 htb rate $[10*$RATE_IN/100]kbit ceil ${RATE_IN}kbit prio 30
$TC class add dev $DEV_IN parent 1:5 classid 1:40 htb rate $[45*$RATE_IN/100]kbit ceil ${RATE_IN}kbit prio 40
$TC class add dev $DEV_IN parent 1:5 classid 1:50 htb rate $[25*$RATE_IN/100]kbit ceil ${RATE_IN}kbit prio 50
$TC qdisc add dev $DEV_IN parent 1:10 handle 10: sfq perturb 10
$TC qdisc add dev $DEV_IN parent 1:20 handle 20: sfq perturb 10
$TC qdisc add dev $DEV_IN parent 1:30 handle 30: sfq perturb 10
$TC qdisc add dev $DEV_IN parent 1:40 handle 40: sfq perturb 10
$TC qdisc add dev $DEV_IN parent 1:50 handle 50: sfq perturb 10
$TC filter add dev $DEV_IN parent 10: prio 10 protocol ip handle 10 flow hash keys dst divisor 512
$TC filter add dev $DEV_IN parent 20: prio 20 protocol ip handle 20 flow hash keys dst divisor 512
$TC filter add dev $DEV_IN parent 30: prio 30 protocol ip handle 30 flow hash keys dst divisor 512
$TC filter add dev $DEV_IN parent 40: prio 40 protocol ip handle 40 flow hash keys dst divisor 512
$TC filter add dev $DEV_IN parent 50: prio 50 protocol ip handle 50 flow hash keys dst divisor 512
# low-prio
$TC class add dev $DEV_IN parent 1:2 classid 1:90 htb rate $[5*$RATE_IN/100]kbit ceil ${RATE_IN}kbit quantum 10 prio 90
$TC qdisc add dev $DEV_IN parent 1:90 handle 90: sfq perturb 30
$TC filter add dev $DEV_IN parent 90: prio 90 protocol ip handle 90 flow hash keys dst divisor 512
$IPT -t mangle -D POSTROUTING -o $DEV_IN -j SHAPER-IN >/dev/null 2>&1
$IPT -t mangle -F SHAPER-IN >/dev/null 2>&1
$IPT -t mangle -X SHAPER-IN >/dev/null 2>&1
$IPT -t mangle -N SHAPER-IN
$IPT -t mangle -I POSTROUTING -o $DEV_IN -j SHAPER-IN
# icmp, dns
$IPT -t mangle -A SHAPER-IN -p icmp -j CLASSIFY --set-class 1:10
$IPT -t mangle -A SHAPER-IN -p icmp -j RETURN
$IPT -t mangle -A SHAPER-IN -p udp --sport 53 -j CLASSIFY --set-class 1:10
$IPT -t mangle -A SHAPER-IN -p udp --sport 53 -j RETURN
# icecast
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 7000,8000 -j CLASSIFY --set-class 1:20
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 7000,8000 -j RETURN
# ssh, rdp
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 22,11122,3389 -j CLASSIFY --set-class 1:30
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 22,11122,3389 -j RETURN
# imap, imaps, pop3, pop3s
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 143,993,110,995 -j CLASSIFY --set-class 1:40
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 143,993,110,995 -j RETURN
# http, https; ftp(20,21) < 512KB
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 80,8080,443,20,21 -m connbytes --connbytes :524288 \n
--connbytes-dir both --connbytes-mode bytes -j CLASSIFY --set-class 1:40
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 80,8080,443,20,21 -m connbytes --connbytes :524288 \n
--connbytes-dir both --connbytes-mode bytes -j RETURN
# http, https; ftp(20,21)
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 80,8080,443,20,21,1935 -j CLASSIFY --set-class 1:50
$IPT -t mangle -A SHAPER-IN -p tcp -m multiport --sports 80,8080,443,20,21,1935 -j RETURN
# low priority
$IPT -t mangle -A SHAPER-IN -j CLASSIFY --set-class 1:90
НО в выводе # tc -s class show dev eth0 у классов абсолютно другие prio (выделил звёздочками), а у некоторых вообще отсутствуют:
class htb 1:10 parent 1:5 leaf 10: ***prio 7*** rate 137000bit ceil 2750Kbit burst 1599b cburst 1599b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 1459843 ctokens: 72718
class htb 1:1 root leaf 8014: ***prio 7*** rate 1000Mbit ceil 1000Mbit burst 1375b cburst 1375b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 187 ctokens: 187
class htb 1:2 root rate 2750Kbit ceil 2750Kbit burst 1599b cburst 1599b
Sent 618 bytes 5 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 68000 ctokens: 68000
class htb 1:20 parent 1:5 leaf 20: ***prio 7*** rate 275000bit ceil 2750Kbit burst 1599b cburst 1599b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 727265 ctokens: 72718
class htb 1:30 parent 1:5 leaf 30: ***prio 7*** rate 275000bit ceil 2750Kbit burst 1599b cburst 1599b
Sent 618 bytes 5 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 5 borrowed: 0 giants: 0
tokens: 680000 ctokens: 68000
class htb 1:40 parent 1:5 leaf 40: ***prio 7*** rate 1237Kbit ceil 2750Kbit burst 1599b cburst 1599b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 161671 ctokens: 72718
class htb 1:50 parent 1:5 leaf 50: ***prio 7*** rate 687000bit ceil 2750Kbit burst 1599b cburst 1599b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 291109 ctokens: 72718
class htb 1:5 parent 1:2 rate 2612Kbit ceil 2750Kbit burst 1599b cburst 1599b
Sent 618 bytes 5 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 71594 ctokens: 68000
class htb 1:90 parent 1:2 leaf 90: ***prio 7*** rate 137000bit ceil 2750Kbit burst 1599b cburst 1599b
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 1459843 ctokens: 72718
на чьей стороне правда?