You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

tc.sh 2.5KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. # Copyright (c) 2017 The Starwels developers
  2. # Distributed under the MIT software license, see the accompanying
  3. # file COPYING or http://www.opensource.org/licenses/mit-license.php.
  4. #network interface on which to limit traffic
  5. IF="eth0"
  6. #limit of the network interface in question
  7. LINKCEIL="1gbit"
  8. #limit outbound Starwels protocol traffic to this rate
  9. LIMIT="160kbit"
  10. #defines the IPv4 address space for which you wish to disable rate limiting
  11. LOCALNET_V4="192.168.0.0/16"
  12. #defines the IPv6 address space for which you wish to disable rate limiting
  13. LOCALNET_V6="fe80::/10"
  14. #delete existing rules
  15. tc qdisc del dev ${IF} root
  16. #add root class
  17. tc qdisc add dev ${IF} root handle 1: htb default 10
  18. #add parent class
  19. tc class add dev ${IF} parent 1: classid 1:1 htb rate ${LINKCEIL} ceil ${LINKCEIL}
  20. #add our two classes. one unlimited, another limited
  21. tc class add dev ${IF} parent 1:1 classid 1:10 htb rate ${LINKCEIL} ceil ${LINKCEIL} prio 0
  22. tc class add dev ${IF} parent 1:1 classid 1:11 htb rate ${LIMIT} ceil ${LIMIT} prio 1
  23. #add handles to our classes so packets marked with <x> go into the class with "... handle <x> fw ..."
  24. tc filter add dev ${IF} parent 1: protocol ip prio 1 handle 1 fw classid 1:10
  25. tc filter add dev ${IF} parent 1: protocol ip prio 2 handle 2 fw classid 1:11
  26. if [ ! -z "${LOCALNET_V6}" ] ; then
  27. # v6 cannot have the same priority value as v4
  28. tc filter add dev ${IF} parent 1: protocol ipv6 prio 3 handle 1 fw classid 1:10
  29. tc filter add dev ${IF} parent 1: protocol ipv6 prio 4 handle 2 fw classid 1:11
  30. fi
  31. #delete any existing rules
  32. #disable for now
  33. #ret=0
  34. #while [ $ret -eq 0 ]; do
  35. # iptables -t mangle -D OUTPUT 1
  36. # ret=$?
  37. #done
  38. #limit outgoing traffic to and from port 8343. but not when dealing with a host on the local network
  39. # (defined by $LOCALNET_V4 and $LOCALNET_V6)
  40. # --set-mark marks packages matching these criteria with the number "2" (v4)
  41. # --set-mark marks packages matching these criteria with the number "4" (v6)
  42. # these packets are filtered by the tc filter with "handle 2"
  43. # this filter sends the packages into the 1:11 class, and this class is limited to ${LIMIT}
  44. iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 8343 ! -d ${LOCALNET_V4} -j MARK --set-mark 0x2
  45. iptables -t mangle -A OUTPUT -p tcp -m tcp --sport 8343 ! -d ${LOCALNET_V4} -j MARK --set-mark 0x2
  46. if [ ! -z "${LOCALNET_V6}" ] ; then
  47. ip6tables -t mangle -A OUTPUT -p tcp -m tcp --dport 8343 ! -d ${LOCALNET_V6} -j MARK --set-mark 0x4
  48. ip6tables -t mangle -A OUTPUT -p tcp -m tcp --sport 8343 ! -d ${LOCALNET_V6} -j MARK --set-mark 0x4
  49. fi