#!/bin/bash # AstShape # Based off of WonderShaper (HTB) # Enhanced by Kristian Kielhofner # Make sure that all of your VoIP devices set tos on RTP to 0xb8 # iax.conf: tos=0xb8 sip.conf: tos=0x68 tos_rtp=0xb8 # Modified by Jonn Taylor to improve fax over IP # This script MUST be used with my bridge script DOWNLINK=10200 UPLINK=780 DEV=eth1 #VOIP priority ports VOIPPORTS="4569" #INT priority ports INTPORTS="5060 5061 5062 5063" #low priority OUTGOING traffic - you can leave this blank if you want #low priority source netmasks NOPRIOHOSTSRC= #low priority destination netmasks NOPRIOHOSTDST= #low priority source ports NOPRIOPORTSRC="25 22 110 143 443 943 9010 10000" #low priority destination ports NOPRIOPORTDST="25 22 110 143 443 943 9010 10000" if [ "$1" = "status" ] then tc -s qdisc ls dev $DEV tc -s class ls dev $DEV exit fi # clean existing down- and uplink qdiscs, hide errors tc qdisc del dev $DEV root 2> /dev/null > /dev/null tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null if [ "$1" = "stop" ] then exit fi ###### uplink #install root HTB, point default traffic to 1:30 tc qdisc add dev $DEV root handle 1: htb default 30 #shape everything at $UPLINK speed to prevent queing tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit burst 6k #voip class 1:10 - "the crown prince of bandwidth" tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}kbit burst 6k prio 1 #high prio class 1:20 tc class add dev $DEV parent 1:1 classid 1:20 htb rate ${UPLINK}kbit burst 6k prio 2 #default class 1:30 tc class add dev $DEV parent 1:1 classid 1:30 htb rate $[9*$UPLINK/10]kbit burst 6k prio 3 #bulk class 1:40 tc class add dev $DEV parent 1:1 classid 1:40 htb rate $[8*$UPLINK/10]kbit burst 6k prio 4 #all get Stochastic Fairness tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 10 tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10 tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10 tc qdisc add dev $DEV parent 1:40 handle 40: sfq perturb 10 #Voip TOS in 1:10 tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip tos 0x68 0xff flowid 1:10 tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip tos 0xb8 0xff flowid 1:10 #Ports as defined above for a in $VOIPPORTS do tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 match ip dport $a 0xffff flowid 1:10 tc filter add dev $DEV parent 1:0 protocol ip prio 11 u32 match ip sport $a 0xffff flowid 1:10 done #TOS Minimum Delay (ssh, NOT scp) in 1:20 tc filter add dev $DEV parent 1:0 protocol ip prio 20 u32 match ip tos 0x10 0xff flowid 1:20 #DNS in interactive class 1:20 tc filter add dev $DEV parent 1:0 protocol ip prio 21 u32 match ip sport 53 0xffff flowid 1:20 tc filter add dev $DEV parent 1:0 protocol ip prio 22 u32 match ip dport 53 0xffff flowid 1:20 #only give TCP ACK's higher priority if this connection is asymmetrical if [ ! $DOWNLINK = $UPLINK ] then #give TCP ACK's higher priority in 1:20 tc filter add dev $DEV parent 1: protocol ip prio 23 u32 \ match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 \ match u16 0x0000 0xffc0 at 2 \ match u8 0x10 0xff at 33 \ flowid 1:20 fi #Ports as defined above for a in $INTPORTS do tc filter add dev $DEV parent 1:0 protocol ip prio 24 u32 match ip dport $a 0xffff flowid 1:20 tc filter add dev $DEV parent 1:0 protocol ip prio 24 u32 match ip sport $a 0xffff flowid 1:20 done #ICMP (ip protocol 1) in the interactive class 1:20 tc filter add dev $DEV parent 1: protocol ip prio 25 u32 match ip protocol 1 0xff flowid 1:20 #the slowest of the slow for a in $NOPRIOPORTDST do tc filter add dev $DEV parent 1: protocol ip prio 40 u32 match ip dport $a 0xffff flowid 1:40 done for a in $NOPRIOPORTSRC do tc filter add dev $DEV parent 1: protocol ip prio 40 u32 match ip sport $a 0xffff flowid 1:40 done for a in $NOPRIOHOSTSRC do tc filter add dev $DEV parent 1: protocol ip prio 40 u32 match ip src $a flowid 1:40 done for a in $NOPRIOHOSTDST do tc filter add dev $DEV parent 1: protocol ip prio 40 u32 match ip dst $a flowid 1:40 done #rest is 'non-interactive' ie 'bulk' and ends up in 1:30 tc filter add dev $DEV parent 1: protocol ip prio 30 u32 match ip dst 0.0.0.0/0 flowid 1:30 ########## downlink ############# # slow downloads down to somewhat less than the real speed to prevent # queuing at our ISP. Tune to see how high you can set it. # ISPs tend to have *huge* queues to make sure big downloads are fast # # attach ingress policer: tc qdisc add dev $DEV handle ffff: ingress # filter *everything* to it (0.0.0.0/0), drop everything that's # coming in too fast: tc filter add dev $DEV parent ffff: protocol ip prio 100 u32 match ip src \ 0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1