Visualiser une révision
nicolas : révision n°1 (02 mars 2011 00:50:03)
Script mettant en œuvre de la QoS. Le flux réseau obtient par défaut la priorité la plus basse. Ensuite on élève la priorité (4 disponibles en tout) de certains flux en fonction du port ou de l’adresse IP. Vous pouvez adapter simplement le script en modifiant les 4 variables définie au début : DEV l’interface réseau, IFB l’interface créée par la commande `modprobe ifb` (ne devrait pas changer), DOWNLINK le débit descendant, et UPLINK l’ascendant, en kilo-octets par secondes : attention à prendre moins que la bande passante réellement disponible, environ 90 % devrait être un bon compromis. Vous pouvez aussi commenter les lignes qui sont en-dessous des `echo`, qui commencent par `tc filter`, pour désactiver un filtre.
```bash
#!/bin/sh
DEV=eth0
IFB=ifb0
DOWNLINK=750
UPLINK=75
if [ $# -ne 1 ]; then
echo "Usage: network-priority.sh (start|stop)"
exit 1
fi
case "$1" in
start)
echo "Upload"
tc qdisc add dev $DEV root handle 1:0 htb default 1
# limiter la bande-passante
tc class add dev $DEV parent 1:0 classid 1:1 htb \
rate ${UPLINK}kbps
tc qdisc add dev $DEV parent 1:1 handle 2:0 prio \
bands 4 priomap 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
echo " Default (lowest) priority"
tc qdisc add dev $DEV parent 2:4 handle 14:0 prio
tc qdisc add dev $DEV parent 14:1 sfq perturb 10
tc qdisc add dev $DEV parent 14:2 sfq perturb 10
tc qdisc add dev $DEV parent 14:3 sfq perturb 10
echo " Highest priority"
# pour différencier session interactive ou non
tc qdisc add dev $DEV parent 2:1 handle 10:0 prio
# répartir équitablement
tc qdisc add dev $DEV parent 10:1 handle 11:0 sfq \
perturb 10
tc qdisc add dev $DEV parent 10:2 handle 12:0 sfq \
perturb 10
tc qdisc add dev $DEV parent 10:3 handle 13:0 sfq \
perturb 10
echo " SSH (server)"
tc filter add dev $DEV parent 2:0 protocol ip prio 1 \
u32 match ip sport 22 0xffff flowid 2:1
tc filter add dev $DEV parent 2:0 protocol ipv6 prio 2 \
u32 match ip6 sport 22 0xffff flowid 2:1
echo " High priority"
tc qdisc add dev $DEV parent 2:2 handle 20:0 sfq \
perturb 10
echo " *box (192.168.0.254)"
tc filter add dev $DEV parent 2:0 protocol ip prio 3 \
u32 match ip dst 192.168.0.254 flowid 2:2
echo " MPD (server)"
tc filter add dev $DEV parent 2:0 protocol ip prio 4 \
u32 match ip sport 8000 0xffff flowid 2:2
echo " Normal priority"
tc qdisc add dev $DEV parent 2:3 handle 30:0 sfq \
perturb 10
echo " HTTP (client)"
tc filter add dev $DEV parent 2:0 protocol ip prio 5 \
u32 match ip dport 80 0xffff flowid 2:3
tc filter add dev $DEV parent 2:0 protocol ipv6 prio 6 \
u32 match ip6 dport 80 0xffff flowid 2:3
echo " HTTPS (client)"
tc filter add dev $DEV parent 2:0 protocol ip prio 7 \
u32 match ip dport 443 0xffff flowid 2:3
tc filter add dev $DEV parent 2:0 protocol ipv6 prio 8 \
u32 match ip6 dport 443 0xffff flowid 2:3
echo " FTP (client)"
tc filter add dev $DEV parent 2:0 protocol ip prio 9 \
u32 match ip dport 21 0xffff flowid 2:3
tc filter add dev $DEV parent 2:0 protocol ipv6 prio 10 \
u32 match ip6 dport 21 0xffff flowid 2:3
echo "Download"
modprobe ifb
ip link set dev $IFB up
tc qdisc add dev $DEV ingress
tc filter add dev $DEV parent ffff: protocol ipv6 \
u32 match ip6 dst ::/128 action mirred egress redirect dev $IFB
tc filter add dev $DEV parent ffff: protocol ip \
u32 match ip dst 0/0 action mirred egress redirect dev $IFB
tc qdisc add dev $IFB root handle 1:0 htb default 1
tc class add dev $IFB parent 1:0 classid 1:1 htb \
rate ${DOWNLINK}kbps
tc qdisc add dev $IFB parent 1:1 handle 2:0 prio \
bands 4 priomap 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3
echo " Default (lowest) priority"
tc qdisc add dev $IFB parent 2:4 handle 14:0 prio
tc qdisc add dev $IFB parent 14:1 sfq perturb 10
tc qdisc add dev $IFB parent 14:2 sfq perturb 10
tc qdisc add dev $IFB parent 14:3 sfq perturb 10
echo " Highest priority"
# différencier session intéractive (automatique)
tc qdisc add dev $IFB parent 2:1 handle 10:0 prio
# répartir équitablement
tc qdisc add dev $IFB parent 10:1 handle 11:0 sfq \
perturb 10
tc qdisc add dev $IFB parent 10:2 handle 12:0 sfq \
perturb 10
tc qdisc add dev $IFB parent 10:3 handle 13:0 sfq \
perturb 10
echo " SSH (server)"
tc filter add dev $IFB parent 2:0 protocol ip prio 1 \
u32 match ip dport 22 0xffff flowid 2:1
tc filter add dev $IFB parent 2:0 protocol ipv6 prio 2 \
u32 match ip6 dport 22 0xffff flowid 2:1
echo " High priority"
tc qdisc add dev $IFB parent 2:2 handle 20:0 sfq \
perturb 10
echo " *box (192.168.0.254)"
tc filter add dev $IFB parent 2:0 protocol ip prio 3 \
u32 match ip src 192.168.0.254 flowid 2:2
echo " MPD (server)"
tc filter add dev $IFB parent 2:0 protocol ip prio 4 \
u32 match ip dport 8000 0xffff flowid 2:2
echo " Normal priority"
tc qdisc add dev $IFB parent 2:3 handle 30:0 sfq \
perturb 10
echo " HTTP (client)"
tc filter add dev $IFB parent 2:0 protocol ip prio 5 \
u32 match ip sport 80 0xffff flowid 2:3
tc filter add dev $IFB parent 2:0 protocol ipv6 prio 6 \
u32 match ip6 sport 80 0xffff flowid 2:3
echo " HTTPS (client)"
tc filter add dev $IFB parent 2:0 protocol ip prio 7 \
u32 match ip sport 443 0xffff flowid 2:3
tc filter add dev $IFB parent 2:0 protocol ipv6 prio 8 \
u32 match ip6 sport 443 0xffff flowid 2:3
echo " FTP (client)"
tc filter add dev $IFB parent 2:0 protocol ip prio 9 \
u32 match ip sport 21 0xffff flowid 2:3
tc filter add dev $IFB parent 2:0 protocol ipv6 prio 10 \
u32 match ip6 sport 21 0xffff flowid 2:3
;;
stop)
tc qdisc del dev $DEV root
tc qdisc del dev $DEV ingress
tc qdisc del dev $IFB root
rmmod ifb
;;
*)
echo "Usage: network-priority.sh (start|stop)"
exit 1
;;
esac
exit 0
```