Freesco, NND, CDN, EOS

. /etc/rc.conf
. /etc/rc.d/functions
. /etc/rchtb/htb.conf

if [ $SFQ = SFQ ];then
SFQ_WAN="sfq perturb 10" # SFQ
SFQ_LAN=$SFQ_WAN
else
SFQ_WAN="esfq perturb 10 hash dst" #ESFQ
SFQ_LAN="esfq perturb 10 hash src" #ESFQ
fi
STARTMRK=2 # Startowy MARK
h=tc
#h=echo
i=/usr/sbin/iptables
#i=echo
grupa=0
WANINT=imq0 # iterfejs wirtualny internetu nie zmieniac!
LANINT=imq1 # interfejs wirtualny Lanu nie zmieniac!
stop()
{
$i -F -t mangle
$i -X -t mangle
$h qdisc del root dev $WANINT 2> /dev/null
$h qdisc del root dev $LANINT 2> /dev/null
/sbin/ifconfig imq0 down &>/dev/null
/sbin/ifconfig imq1 down &>/dev/null
/sbin/rmmod imq &>/dev/null
}

start()
{
stop # dla bezpieczeństwa
/sbin/modprobe imq numdevs=2 &>/dev/null
/sbin/ifconfig imq0 up &>/dev/null
/sbin/ifconfig imq1 up &>/dev/null
for ETH in $LANINTERFACE; do
$i -t mangle -A PREROUTING -i $ETH -d ! `ifconfig $ETH|awk 'gsub("addr:","") {print $2}'` -j IMQ --todev 0
$i -t mangle -A POSTROUTING -o $ETH -j IMQ --todev 1
done
$i -t mangle -A OUTPUT -o $WANINTERFACE -j IMQ --todev 0

if [ $wieczor -le $noc ];then
war="-a"
else
war="-o"
fi
godz=`date +%H%M`
dzien=`date +%w`
if [ $godz -ge $rano -a $godz -lt $wieczor ];then
pora=1 # dzien"
if [ $dzien = "0" -o $dzien = "6" ];then
pora=2 # sobota/niedziela
fi
elif [ $godz -ge $wieczor $war $godz -lt $noc ];then
pora=2 # wieczor"
else
pora=3 # noc"
fi
if [ $1 ];then
if [ $1 = "panic" ];then
pora=4 # Zjadla nas panika
fi
fi

# obliczenia
WANDOWN=$[$WANDOWN*98/100]
WANUP=$[$WANUP*98/100]
LANSPD=$[$LANSPD*95/100]
LOCAL=$[$LANSPD-$WANDOWN]
ACKSPD=$[$WANDOWN/20]
CNT=0
for ii in `sed 's/^[ \t]*//' /etc/rchtb/htb.hosts |grep ^[0123456789G] |awk '{print $1}'`;do
if [ $ii = GRUP ]; then
grupa=1
else
if [ $ii = GRUP_END ]; then
grupa=0
else
if [ $grupa = 0 ]; then
CNT=$[$CNT+1]
else
if [ $grupa = 1 ]; then
CNT=$[$CNT+1]
grupa=2
fi
fi
fi
fi
done
grupa=0
if [ $CNT = 0 ]; then
CNT=1
fi
USERDOWN=$[$WANDOWN/$CNT]
USERUP=$[$WANUP-$ACKSPD-$ICMPSPD-$SERVSPD]
USERUP=$[$USERUP/$CNT]
if [ $USERDOWN \< 1 ];then
USERDOWN=1
fi
if [ $USERUP \< 1 ];then
USERUP=1
fi
# INTERFEJS LANINT (ruch przychodz±cy)
$h qdisc add dev $LANINT root handle 1:0 htb default 3 r2q 8

# Główna klasa dla LANINT
$h class add dev $LANINT parent 1:0 classid 1:1 htb rate ${LANSPD}kbit ceil ${LANSPD}kbit

# Podział na pasmo dla ł±cza internetowego i resztę
$h class add dev $LANINT parent 1:1 classid 1:2 htb rate ${WANDOWN}kbit ceil ${WANDOWN}kbit
$h class add dev $LANINT parent 1:1 classid 1:3 htb rate ${LOCAL}kbit ceil ${LOCAL}kbit prio 5
$h qdisc add dev $LANINT parent 1:3 $SFQ_LAN

# pasmo priorytetowe dla ICMP, TOS 0x10 (min. delay) oraz wybranego portu 22
$h class add dev $LANINT parent 1:2 classid 1:4 htb rate ${USERDOWN}kbit ceil ${WANDOWN}kbit prio 1 quantum 1500
$h qdisc add dev $LANINT parent 1:4 $SFQ_LAN
$h filter add dev $LANINT protocol ip prio 2 parent 1:0 u32 match ip sport $PRIOPORT 0xffff flowid 1:4
# $h filter add dev $LANINT protocol ip prio 2 parent 1:0 u32 match ip tos 0x10 0xff flowid 1:4
$h filter add dev $LANINT protocol ip prio 2 parent 1:0 u32 match ip protocol 1 0xff flowid 1:4

# transfer serwer->LAN
$h filter add dev $LANINT protocol ip prio 1 parent 1:0 handle 1 fw flowid 1:3

# squid transparent proxy

# W konfiguracji squida dopisz
# #Ustawienia Tos
# zph_tos_local 8
# zph_tos_peer 0
# zph_tos_parent off

if [ $SQUID_PORT ]; then
# Jesli squid nie jest transparentntny lub krztaltowanie nie jest na interfejsie imq
#$h filter add dev $LANINT protocol ip prio 2 parent 1:0 u32 match ip sport 80 0xffff match ip tos 0x08 0xff flowid 1:3
# Dla squida transparentnego i na interfejsie imq
$h filter add dev $LANINT protocol ip prio 2 parent 1:0 u32 match ip sport $SQUID_PORT 0xffff match ip tos 0x08 0xff flowid 1:3
$i -t mangle -A OUTPUT -p tcp --sport ! $SQUID_PORT -j MARK --set-mark 1
$i -t mangle -A OUTPUT -p udp -j MARK --set-mark 1
else
$i -t mangle -A OUTPUT -j MARK --set-mark 1
fi

# INTERFEJS (ruch wychodz±cy)
$h qdisc add dev $WANINT root handle 2:0 htb default 11 r2q 3

# główna klasa
$h class add dev $WANINT parent 2:0 classid 2:1 htb rate ${WANUP}kbit ceil ${WANUP}kbit

# klasa priorytetowa ACK
$h class add dev $WANINT parent 2:1 classid 2:2 htb rate ${ACKSPD}kbit ceil ${WANUP}kbit prio 1 quantum 1500
$h qdisc add dev $WANINT parent 2:2 $SFQ_WAN
$h filter add dev $WANINT parent 2:0 protocol ip prio 1 u32 match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 2:2 # ACK

# klasa priorytetowa TOS 0x10 oraz ICMP i DNS
$h class add dev $WANINT parent 2:1 classid 2:4 htb rate ${ICMPSPD}kbit ceil ${WANUP}kbit prio 2 quantum 1500
$h qdisc add dev $WANINT parent 2:4 $SFQ_WAN
# Priorytet dla TOS
# $h filter add dev $WANINT parent 2:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 2:4 # TOS
$h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport $PRIOPORT 0xffff flowid 2:4 # port 22
$h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip sport $PRIOPORT 0xffff flowid 2:4 # port 22
$h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 53 0xffff flowid 2:4 # port 53
# Priorytet dla www
# $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 80 0xffff flowid 2:4
# $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 443 0xffff flowid 2:4
$h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip protocol 1 0xff flowid 2:4 # ICMP

# ruch dla gosci
$h class add dev $WANINT parent 2:1 classid 2:3 htb rate ${SERVSPD}kbit ceil ${WANUP}kbit prio 5 quantum 1500
$h qdisc add dev $WANINT parent 2:3 $SFQ_WAN
$h filter add dev $WANINT parent 2:0 protocol ip prio 6 handle 1 fw flowid 2:3

# $i -t mangle -A OUTPUT -o $WANINT -j MARK --set-mark 1

# Userzy
CNT=1
MARK=$[$STARTMRK+2]
sed 's/^[ \t]*//' /etc/rchtb/htb.hosts|grep ^[0123456789G] | while read IP USERDOWN[1] USERUP[1] USERDOWN[2] USERUP[2] USERDOWN[3] USERUP[3] USERDOWN[4] USERUP[4] REM; do
# echo $IP ${USERDOWN[1]} ${USERUP[1]} ${USERDOWN[2]} ${USERUP[2]} ${USERDOWN[3]} ${USERUP[3]} $REM
if [ $IP = GRUP ]; then
grupa=1
else
if [ $IP = GRUP_END ]; then
grupa=0
MARK=$[$MARK+1]
CNT=$[$CNT+1]
else
if [ $grupa != 2 ]; then
USERDOWN0=$USERDOWN
USERUP0=$USERUP
if [ $USERDOWN -gt ${USERDOWN[$pora]} ]; then
USERDOWN0=${USERDOWN[$pora]}
fi
if [ $USERUP -gt ${USERUP[$pora]} ]; then
USERUP0=${USERUP[$pora]}
fi
if [ $WANDOWN -lt ${USERDOWN[$pora]} ]; then
USERDOWN[$pora]=$WANDOWN
fi
if [ $WANUP -lt ${USERUP[$pora]} ]; then
USERUP[$pora]=$WANUP
fi
$h class add dev $LANINT parent 1:2 classid 1:$[10+$CNT] htb rate ${USERDOWN0}kbit ceil ${USERDOWN[$pora]}kbit prio 3 quantum 1500
$h qdisc add dev $LANINT parent 1:$[10+$CNT] $SFQ_LAN
$h filter add dev $LANINT protocol ip prio 5 parent 1:0 u32 match ip dst $IP flowid 1:$[10+$CNT]
$i -t mangle -A PREROUTING -s $IP -j MARK --set-mark $MARK
$h class add dev $WANINT parent 2:1 classid 2:$[10+$CNT] htb rate ${USERUP0}kbit ceil ${USERUP[$pora]}kbit prio 4 quantum 1500
$h qdisc add dev $WANINT parent 2:$[10+$CNT] $SFQ_WAN
$h filter add dev $WANINT parent 2:0 protocol ip prio 5 handle $MARK fw flowid 2:$[10+$CNT]
# MARK=$[$MARK+1]
# CNT=$[$CNT+1]
if [ $grupa = 1 ]; then
grupa=2
else
MARK=$[$MARK+1]
CNT=$[$CNT+1]
fi
else
$h filter add dev $LANINT protocol ip prio 5 parent 1:0 u32 match ip dst $IP flowid 1:$[10+$CNT]
$i -t mangle -A PREROUTING -s $IP -j MARK --set-mark $MARK
fi
fi
fi
done

# Pasmo dla p2p
$h class add dev $LANINT parent 1:2 classid 1:5 htb rate ${USERDOWN}kbit ceil ${P2PDOWN}kbit prio 4 quantum 1500
$h qdisc add dev $LANINT parent 1:5 $SFQ_LAN
$h class add dev $WANINT parent 2:1 classid 2:5 htb rate ${USERUP}kbit ceil ${P2PUP}kbit prio 6 quantum 1500
$h qdisc add dev $WANINT parent 2:5 $SFQ_WAN
if [ $pora != 3 -a $P2P_ON = 1 ];then
# w tymm miejscu mozna znakowac w dowolny sposob pakiety p2p na mark 2
$i -t mangle -A PREROUTING -i $LANINT -p tcp --dport 1024:6110 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $WANINT -p tcp --sport 1024:6110 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $LANINT -p tcp --dport 6113:6664 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $WANINT -p tcp --sport 6113:6664 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $LANINT -p tcp --dport 6670:8073 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $WANINT -p tcp --sport 6670:8073 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $LANINT -p tcp --dport 8075:8499 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $WANINT -p tcp --sport 8075:8499 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $LANINT -p tcp --dport 8501:65535 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $WANINT -p tcp --sport 8501:65535 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $LANINT -p udp --dport 1024:65535 -j MARK --set-mark 2
$i -t mangle -A PREROUTING -i $WANINT -p udp --sport 1024:65535 -j MARK --set-mark 2
$h filter add dev $LANINT parent 1:0 protocol ip prio 4 handle 2 fw flowid 1:5
$h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 2 fw flowid 2:5
fi

# -----------------------------8><------------------------------
# Pasmo dla gier, zaplotkuj lub wykasuj jesli nie uzywasz
#$h class add dev $LANINT parent 1:2 classid 1:6 htb rate 40kbit ceil 200kbit prio 2 quantum 1500
#$h qdisc add dev $LANINT parent 1:6 $SFQ_WAN
#$h class add dev $WANINT parent 2:1 classid 2:6 htb rate 40kbit ceil 200kbit prio 3 quantum 1500
#$h qdisc add dev $WANINT parent 2:6 $SFQ_WAN
#$i -t mangle -A PREROUTING -p tcp -m multiport --port 80,443 -j MARK --set-mark 3
#$h filter add dev $LANINT parent 1:0 protocol ip prio 3 handle 3 fw flowid 1:6
#$h filter add dev $WANINT parent 2:0 protocol ip prio 3 handle 3 fw flowid 2:6
# -----------------------------><8-------------------------------

# reszta
$h filter add dev $WANINT parent 2:0 protocol ip prio 9 u32 match ip dst 0/0 flowid 2:3
}

case "$1" in
'start')
stat_busy "Uruchamiam kolejkowanie rchtb"
ck_daemon rchtb && start $2
if [ $? == 0 ]; then
add_daemon rchtb
stat_done
else
stat_fail
fi
;;
'stop')
stat_busy "Zatrzymuję kolejkowanie rchtb"
ck_daemon rchtb
if [ $? == 1 ]; then
stop
rm_daemon rchtb
stat_done
else
stat_fail
fi
;;
'restart')
$0 stop
sleep 3
$0 start $2
;;
'status')
echo "Klasy na interfejsie $LANINT"
echo "================================"
tc class show dev $LANINT | grep root
tc class show dev $LANINT | grep -v root | sort | nl
echo "Klasy na interfejsie $WANINT"
echo "==================================="
tc class show dev $WANINT | grep root
tc class show dev $WANINT | grep -v root | sort | nl
;;
*)
echo $"Użycie: $0 {start [panic]|stop|restart [panic]|status}"
;;
esac