Dateianhang 'D__fli4l_DAU2001rc.qos.txt'
Herunterladen 1 #----------------------------------------------------------------------------
2 # /etc/rc.d/rc.qos - configuration of OPT_QOS Version 0.4s
3 #
4 # Creation: 02.05.2001 he
5 # Last Update: 08.12.2002 he
6 #
7 # Angepasst von Lutz Lisseck für QOS auf FLI-Dienste (IP 1.1.1.1 einsetzen)
8 # Last Update: 16.03.2004 ll
9 #----------------------------------------------------------------------------
10
11 if [ "$QOS_DO_DEBUG" = yes ]
12 then
13 set -x
14 fi
15
16 /usr/local/bin/colecho "enabling Quality of Service ..." gn
17
18
19 TC=/sbin/tc
20 IC=/sbin/ipchains
21
22 DYNCHAIN=/var/run/dynchain.qos
23
24 /sbin/insmod sch_htb.o
25 /sbin/insmod sch_sfq.o
26 /sbin/insmod sch_prio.o
27 /sbin/insmod cls_u32.o
28 /sbin/insmod cls_fw.o
29
30
31 ## --- global settings --- ##
32
33 burst="2k"
34 mtu="1500b"
35 perturb="10"
36
37
38 ## --- initialize vars --- ##
39
40 idx_down=1
41 idx_up=1
42
43
44 ## --- inbound traffic --- ##
45
46 if [ "$QOS_INTERNET_DEFAULT_DOWN" != "0" ]
47 then
48 QOS_INTERNET_DEFAULT_DOWN=`/usr/bin/expr $QOS_INTERNET_DEFAULT_DOWN + 2`
49 else
50 QOS_INTERNET_DEFAULT_DOWN="1"
51 fi
52
53 ## HTB für Inbound-Device aktivieren:
54 $TC qdisc add dev $QOS_LOCALNET_DEV root handle 10: htb default $QOS_INTERNET_DEFAULT_DOWN r2q 2
55
56 ## Klasse für die den beschränkten Internet Traffic (Traffic, nicht aus dem maskierte LAN kommt) einrichten.
57 $TC class add dev $QOS_LOCALNET_DEV parent 10: classid 10:1 htb rate $QOS_INTERNET_BAND_DOWN \
58 burst $burst
59
60 ## Klasse für den unbeschränkten LAN-Traffic einrichten.
61 $TC class add dev $QOS_LOCALNET_DEV parent 10: classid 10:2 htb rate $QOS_LOCALNET_BAND
62 $TC qdisc add dev $QOS_LOCALNET_DEV parent 10:2 sfq quantum $mtu perturb $perturb
63
64 ## Filter einrichten, der Den gesamten Traffic, der aus dem maskierten LAN kommt auch in die LAN-Traffic Klasse steckt.
65 for j in $MASQ_NETWORK
66 do
67 $TC filter add dev $QOS_LOCALNET_DEV parent 10: protocol ip prio $idx_down u32 match ip src $j flowid 10:2
68 idx_down=`/usr/bin/expr $idx_down + 1`
69 done
70
71
72
73 ## --- outbound traffic --- ##
74
75 QOS_INTERNET_DEFAULT_UP=`/usr/bin/expr $QOS_INTERNET_DEFAULT_UP + 1`
76
77 ## HTB für Outbound-Device aktivieren:
78 $TC qdisc add dev $QOS_INTERNET_DEV root handle 20: htb default $QOS_INTERNET_DEFAULT_UP r2q 1
79
80 ## Standardklasse einrichten:
81 $TC class add dev $QOS_INTERNET_DEV parent 20: classid 20:1 htb rate $QOS_INTERNET_BAND_UP burst $burst
82
83
84 ## --- SYN-Flood Protection --- ##
85
86 #$IC -N qosin
87 #$IC -I input -i $QOS_LOCALNET_DEV -j qosin
88
89 #$TC qdisc add dev $QOS_INTERNET_DEV handle 30: ingress
90
91 #$IC -A qosin -i $QOS_LOCALNET_DEV -p tcp --syn -m 2000
92
93 #$TC filter add dev $QOS_INTERNET_DEV parent 30:0 protocol ip prio 100 handle 2000 fw \
94 # police rate 2kbit burst 40 mtu 9k drop flowid :1
95
96 #$IC -A qosin -j RETURN
97
98
99 ## --- Klassen einrichten --- ##
100
101 idx=1
102
103 while [ "$idx" -le "$QOS_CLASS_N" ]
104 do
105 eval parent='$QOS_CLASS_'$idx'_PARENT'
106 eval maxband='$QOS_CLASS_'$idx'_MAXBANDWIDTH'
107 eval minband='$QOS_CLASS_'$idx'_MINBANDWIDTH'
108 eval direction='$QOS_CLASS_'$idx'_DIRECTION'
109 eval prio='$QOS_CLASS_'$idx'_PRIO'
110
111 if [ "$prio" = "" ]
112 then
113 prio=""
114 else
115 prio='prio '$prio
116 fi
117
118 if [ "$maxband" != "" ]
119 then
120 maxband='ceil '$maxband
121 else
122 maxband=""
123 fi
124
125 if [ "$direction" = "down" ]
126 then
127
128 class=`/usr/bin/expr $idx + 2`
129 eval class='10:'$class
130
131 if [ "$parent" = "0" ]
132 then
133 parent="10:1"
134 else
135 parent=`/usr/bin/expr $parent + 2`
136 eval parent='10:'$parent
137 fi
138
139 $TC class add dev $QOS_LOCALNET_DEV parent $parent classid $class htb \
140 rate $minband $maxband burst $burst $prio
141 $TC qdisc add dev $QOS_LOCALNET_DEV parent $class sfq quantum $mtu perturb $perturb
142 fi
143
144 if [ "$direction" = "up" ]
145 then
146
147 class=`/usr/bin/expr $idx + 1`
148 eval class='20:'$class
149
150 if [ "$parent" = "0" ]
151 then
152 parent="20:1"
153 else
154 parent=`/usr/bin/expr $parent + 1`
155 eval parent='20:'$parent
156 fi
157
158 $TC class add dev $QOS_INTERNET_DEV parent $parent classid $class htb \
159 rate $minband $maxband burst $burst $prio
160 $TC qdisc add dev $QOS_INTERNET_DEV parent $class sfq quantum $mtu perturb $perturb
161 fi
162 idx=`/usr/bin/expr $idx + 1`
163 done
164
165
166 ## --- Filterregeln einrichten --- ###
167
168 $IC -N qosout
169 # $IC -I input -i $QOS_LOCALNET_DEV -j qosout
170 $IC -I input -i ! $QOS_INTERNET_DEV -j qosout
171
172 idx=1
173
174 while [ "$idx" -le "$QOS_FILTER_N" ]
175 do
176 eval class='$QOS_FILTER_'$idx'_CLASS'
177 eval ip='$QOS_FILTER_'$idx'_IP'
178 eval port='$QOS_FILTER_'$idx'_PORT'
179 eval type='$QOS_FILTER_'$idx'_TYPE'
180 eval option='$QOS_FILTER_'$idx'_OPTION'
181
182 eval class_direction='$QOS_CLASS_'$class'_DIRECTION'
183
184 u32_param=""
185
186 if [ "$class_direction" = "down" ]
187 then
188
189 class=`/usr/bin/expr $class + 2`
190 eval class='10:'$class
191 parent="10:0"
192
193 if [ "$ip" != "" ]
194 then
195 u32_param="match ip dst $ip "
196 fi
197
198 if [ "$port" != "" ]
199 then
200 if [ "$type" = "client" ]
201 then
202 u32_param="$u32_param match ip sport $port 0xffff "
203 fi
204 if [ "$type" = "server" ]
205 then
206 u32_param="$u32_param match ip dport $port 0xffff "
207 fi
208 fi
209
210 if [ "$option" = "ACK" ]
211 then
212 $TC filter add dev $QOS_LOCALNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
213 match ip protocol 6 0xff \
214 match u8 0x05 0x0f at 0 \
215 match u16 0x0000 0xffc0 at 2 \
216 match u8 0x10 0xff at 33 \
217 flowid $class
218 idx_down=`/usr/bin/expr $idx_down + 1`
219 $TC filter add dev $QOS_LOCALNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
220 match ip protocol 6 0xff \
221 match u8 0x10 0x10 at nexthdr+13 \
222 match u16 0x0034 0xffff at 2 \
223 flowid $class
224 idx_down=`/usr/bin/expr $idx_down + 1`
225 $TC filter add dev $QOS_LOCALNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
226 match ip protocol 6 0xff match \
227 u8 0x10 0x10 at nexthdr+13 \
228 match u16 0x0028 0xffff at 2 \
229 flowid $class
230 elif [ "$option" = "ICMP" ]
231 then
232 $TC filter add dev $QOS_LOCALNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
233 match ip protocol 1 0xff \
234 flowid $class
235 elif [ "$option" = "TOSMD" ]
236 then
237 $TC filter add dev $QOS_LOCALNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
238 match ip tos 0x10 0xff \
239 flowid $class
240 elif [ "$option" = "TOSMT" ]
241 then
242 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
243 match ip tos 0x08 0xff \
244 flowid $class
245 elif [ "$option" = "TOSMR" ]
246 then
247 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
248 match ip tos 0x04 0xff \
249 flowid $class
250 elif [ "$option" = "TOSMC" ]
251 then
252 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
253 match ip tos 0x02 0xff \
254 flowid $class
255 else
256 $TC filter add dev $QOS_LOCALNET_DEV parent $parent protocol ip prio $idx_down u32 $u32_param \
257 flowid $class
258 fi
259 idx_down=`/usr/bin/expr $idx_down + 1`
260 fi
261
262 if [ "$class_direction" = "up" ]
263 then
264
265 class=`/usr/bin/expr $class + 1`
266 eval class='20:'$class
267 parent="20:0"
268
269 if [ "$ip" != "" ]
270 then
271
272 # Wenn die spezielle IP hier steht, IPCHAINS anders aufbauen
273 if [ "$ip" = "1.1.1.1" ]
274 then
275 u32_param="--src \$inetip "
276
277 if [ "$port" != "" ]
278 then
279 if [ "$type" = "client" ]
280 then
281 u32_param="$u32_param --dport $port "
282 elif [ "$type" = "server" ]
283 then
284 u32_param="$u32_param --sport $port "
285 fi
286 fi
287
288 if [ "$option" = "ICMP" ]
289 then
290 echo "# Chain nur ICMP" >> $DYNCHAIN
291 echo "\$IC -A qinetout -p icmp $u32_param -m $idx_up -j RETURN" >> $DYNCHAIN
292 echo "" >> $DYNCHAIN
293 elif [ "$port" != "" ]
294 then
295 echo "# Chain mit Ports ($type)" >> $DYNCHAIN
296 echo "\$IC -A qinetout -p tcp $u32_param -m $idx_up -j RETURN" >> $DYNCHAIN
297 echo "\$IC -A qinetout -p udp $u32_param -m $idx_up -j RETURN" >> $DYNCHAIN
298 echo "\$IC -A qinetout -p icmp $u32_param -m $idx_up -j RETURN" >> $DYNCHAIN
299 echo "" >> $DYNCHAIN
300 else
301 echo "# Chain nur mit IP" >> $DYNCHAIN
302 echo "\$IC -A qinetout $u32_param -m $idx_up -j RETURN" >> $DYNCHAIN
303 echo "" >> $DYNCHAIN
304 fi
305
306 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up \
307 handle $idx_up fw flowid $class
308
309 else
310 u32_param="--src $ip "
311
312 if [ "$port" != "" ]
313 then
314 if [ "$type" = "client" ]
315 then
316 u32_param="$u32_param --dport $port "
317 elif [ "$type" = "server" ]
318 then
319 u32_param="$u32_param --sport $port "
320 fi
321 fi
322
323 if [ "$option" = "ICMP" ]
324 then
325 $IC -A qosout -p icmp $u32_param -m $idx_up -j RETURN
326 elif [ "$port" != "" ]
327 then
328 $IC -A qosout -p tcp $u32_param -m $idx_up -j RETURN
329 $IC -A qosout -p udp $u32_param -m $idx_up -j RETURN
330 $IC -A qosout -p icmp $u32_param -m $idx_up -j RETURN
331 else
332 $IC -A qosout $u32_param -m $idx_up -j RETURN
333 fi
334
335 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up \
336 handle $idx_up fw flowid $class
337
338 fi
339
340
341 else
342
343 if [ "$port" != "" ]
344 then
345 if [ "$type" = "client" ]
346 then
347 u32_param="match ip dport $port 0xffff "
348 elif [ "$type" = "server" ]
349 then
350 u32_param="match ip sport $port 0xffff "
351 fi
352 fi
353
354 if [ "$option" = "ACK" ]
355 then
356 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
357 match ip protocol 6 0xff \
358 match u8 0x05 0x0f at 0 \
359 match u16 0x0000 0xffc0 at 2 \
360 match u8 0x10 0xff at 33 \
361 flowid $class
362 idx_down=`/usr/bin/expr $idx_up + 1`
363 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
364 match ip protocol 6 0xff \
365 match u8 0x10 0x10 at nexthdr+13 \
366 match u16 0x0034 0xffff at 2 \
367 flowid $class
368 idx_down=`/usr/bin/expr $idx_up + 1`
369 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
370 match ip protocol 6 0xff match \
371 u8 0x10 0x10 at nexthdr+13 \
372 match u16 0x0028 0xffff at 2 \
373 flowid $class
374 elif [ "$option" = "ICMP" ]
375 then
376 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
377 match ip protocol 1 0xFF \
378 flowid $class
379 elif [ "$option" = "TOSMD" ]
380 then
381 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
382 match ip tos 0x10 0xff \
383 flowid $class
384 elif [ "$option" = "TOSMT" ]
385 then
386 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
387 match ip tos 0x08 0xff \
388 flowid $class
389 elif [ "$option" = "TOSMR" ]
390 then
391 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
392 match ip tos 0x04 0xff \
393 flowid $class
394 elif [ "$option" = "TOSMC" ]
395 then
396 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
397 match ip tos 0x02 0xff \
398 flowid $class
399 else
400 $TC filter add dev $QOS_INTERNET_DEV parent $parent protocol ip prio $idx_up u32 $u32_param \
401 flowid $class
402 fi
403 fi
404 idx_up=`/usr/bin/expr $idx_up + 1`
405 fi
406
407 idx=`/usr/bin/expr $idx + 1`
408 done
409
410 $IC -A qosout -j RETURN
411
412 ## -- Dynamische IPCHAINS einrichten, falls nötig -- ##
413 if [ -f $DYNCHAIN ]
414 then
415 /usr/local/bin/colecho "... activating dynamic QoS ..." br b br
416
417 # Neue qinetout-Chain aufbauen
418 $IC -N qinetout
419
420 ( echo "#!/bin/sh"
421 echo "# ip-up.dynqos (automatisch erzeugt von rc.qos)"
422 echo ""
423 echo "# Wait for end of boot"
424 echo "while [ ! -f /var/run/boot_finished ]"
425 echo "do"
426 echo " echo \"Waiting for boot sequence to end...\""
427 echo " sleep 10"
428 echo "done"
429 echo ""
430 echo "inetip=\$local"
431 echo "IC=/sbin/ipchains"
432 echo ""
433 echo "# --- Alte qinetout-Chains löschen ---"
434 echo "\$IC -D output -i $QOS_INTERNET_DEV -j qinetout"
435 echo "\$IC -F qinetout"
436 echo ""
437 echo "# --- Dynamische Filterregeln einbauen ---"
438 ) > /etc/ppp/ip-up.dynqos
439
440 cat $DYNCHAIN >> /etc/ppp/ip-up.dynqos
441
442 ( echo ""
443 echo "# --- Internetverkehr durch die qinetout-Chain leiten ---"
444 echo "\$IC -A qinetout -j RETURN"
445 echo "\$IC -I output -i $QOS_INTERNET_DEV -j qinetout"
446 echo ""
447 echo "# That's it ;-)"
448 ) >> /etc/ppp/ip-up.dynqos
449
450 ( echo "#!/bin/sh"
451 echo "# ip-down.dynqos (automatisch erzeugt von rc.qos)"
452 echo ""
453 echo "IC=/sbin/ipchains"
454 echo ""
455 echo "# --- Alte qinetout-Chains löschen ---"
456 echo "\$IC -D output -i $QOS_INTERNET_DEV -j qinetout"
457 echo "\$IC -F qinetout"
458 echo ""
459 ) > /etc/ppp/ip-down.dynqos
460
461 /bin/chmod +x /etc/ppp/ip-up.dynqos
462 /bin/chmod +x /etc/ppp/ip-down.dynqos
463
464
465
466 fi
467
468
469
470 set +x
471
472 /usr/local/bin/colecho "... finished" gn
Gespeicherte Dateianhänge
Um Dateianhänge in eine Seite einzufügen sollte unbedingt eine Angabe wie attachment:dateiname benutzt werden, wie sie auch in der folgenden Liste der Dateien erscheint. Es sollte niemals die URL des Verweises ("laden") kopiert werden, da sich diese jederzeit ändern kann und damit der Verweis auf die Datei brechen würde.Sie dürfen keine Anhänge an diese Seite anhängen!