linux360

[wolffy]

Mipclasses se foloseste pentru a marca pechetele
http://metropolitana.ineton.ro/

Dupa dezarhivare si instalare ( make & make install ):

Creem un fisier in care vom pune liniile de comanda pentru marcarea pachetelor , de ex in /etc/htb/marcare
1. Marcare pachete

Cod: Selectaţi tot

#!/bin/bash
ext_if=eth0
int_if=eth

iptables -t mangle -N mark_horiz_src
iptables -t mangle -N mark_horiz_dst

iptables -t mangle -A PREROUTING -i $ext_if -j mark_horiz_src
iptables -t mangle -A PREROUTING -i $int_if -j mark_horiz_dst
iptables -t mangle -A OUTPUT -o $ext_if -j mark_horiz_dst

metro=/var/local/metro
mipclasses -s mark_horiz_src -d mark_horiz_dst -m 3 < $metro | iptables-restore -n

eth0 = Interfata ce face legatura cu providerul
/var/local/metro = fisierul unde se gasesc clasele de adrese ip ce sunt considerate de catre provider metropolitan. Pachetele ce au ca sursa sau destinatie acele clase vor fi marcate cu 3.

Pentru a verifica ca marcarea s-a efectuat cu succes putem folosi comanda iptables -t manle -L mark_horiz_src -n -v , si urmarim sa vedem trafic pe clasele respective.

2. Limite Download

Cod: Selectaţi tot

#!/bin/bash
DEV=eth1
TC=/sbin/tc
U32="filter add dev $DEV protocol ip parent 1:0 prio 1 u32"

$TC qdisc del dev $DEV ingress
$TC qdisc del dev $DEV root


$TC qdisc add dev $DEV handle ffff: ingress;  >/dev/null 2>&1
$TC qdisc add dev $DEV root handle 1: htb default 3

$TC class add dev $DEV parent 1: classid 1:1 htb rate 100mbit ceil 100mbit burst 64k quantum 1536
#############################################################################################################

###########################
# Definire limite globale #
###########################

#metropolitan
$TC class add dev $DEV parent 1:1 classid 1:2 htb rate 80mbit ceil 100mbit burst 64k prio 3 quantum 1536
$TC qdisc add dev $DEV parent 1:2 handle 2: sfq

#extern
$TC class add dev $DEV parent 1:1 classid 1:3 htb rate 10mbit ceil 15mbit burst 64k prio 1 quantum 1536
$TC qdisc add dev $DEV parent 1:3 handle 3 sfq


#############################
### Definire limite clienti #
#############################

#Client
#limita client metropolitan
$TC class add dev $DEV parent 1:2 classid 1:0x21 htb rate 1mbit ceil 50mbit burst 16k prio 1 quantum 1536
$TC ${U32} match ip dst 94.50.2.10/32 match mark 3 0xffff  flowid 1:0x21

#limita client extern
$TC class add dev $DEV parent 1:3 classid 1:0x22 htb rate 32kbit ceil 1mbit burst 10k prio 2 quantum 1536
$TC ${U32} match ip dst 94.50.2.10/32 flowid 1:0x22

3. Limite Upload

Cod: Selectaţi tot

#!/bin/bash
/sbin/tc qdisc del dev eth0 root
/sbin/tc qdisc del dev eth0 ingress
echo "Stergere clasa upload"
/sbin/tc qdisc add dev eth0 handle ffff: ingress; >/dev/null 2>&1
/sbin/tc qdisc add dev eth0 root handle 1: htb default 3 r2q 10
/sbin/tc class add dev eth0 parent 1:0 classid 1:1 htb rate 100mbit ceil 100mbit prio 0 quantum 1536
echo "Adaugare clasa upload"

###########################
# Definire limite globale #
###########################

#metropolitan
/sbin/tc class add dev eth0 parent 1:1 classid 1:2 htb rate 80mbit ceil 95mbit prio 4 quantum 1536
/sbin/tc qdisc add dev eth0 parent 1:2 handle 2: sfq
#international
/sbin/tc class add dev eth0 parent 1:1 classid 1:3 htb rate 10mbit ceil 15mbit prio 0 quantum 1536
/sbin/tc qdisc add dev eth0 parent 1:3 handle 3: sfq

#############################
### Definire limite clienti #
#############################

/sbin/tc class add dev eth0 parent 1:2 classid 1:101 htb rate 1mbit ceil 50mbit prio 1 quantum 1536
/sbin/tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 94.50.2.10 match mark 3 0xffff flowid 1:101

/sbin/tc class add dev eth0 parent 1:3 classid 1:100 htb rate 512kbit ceil 5mbit prio 0 quantum 1536
/sbin/tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src 94.50.2.10 flowid 1:100

Pentru a monitoriza traficul , putem folosi mrtg pentru grafice iar datele le putem extrage din htb in felul urmator:

Trafic Global Metropolitan:

Cod: Selectaţi tot

/sbin/tc -s -d class show dev eth1 |grep "htb 1:2 parent" -A2 | awk ' NR==2 { print $2}'
/sbin/tc -s -d class show dev eth0 |grep "htb 1:2 parent" -A2 | awk ' NR==2 { print $2}'

Trafic Global Extern:

Cod: Selectaţi tot

/sbin/tc -s -d class show dev eth1 |grep "htb 1:3 parent" -A2 | awk ' NR==2 { print $2}'
/sbin/tc -s -d class show dev eth0 |grep "htb 1:3 parent" -A2 | awk ' NR==2 { print $2}'

Dupa cum se vede extragem datele din clasa 1:2 ce reprezinta clasa globala pentru metropolitan si 1:3 pentru extern.

Pentru monitorizarea traficului efectuat de client , se executa comenzile de mai sus pentru clasa din htb din care face parte clientul
In exemplu meu:

Cod: Selectaţi tot

# Extern
/sbin/tc -s -d class show dev eth1 |grep "htb 1:0x22 parent" -A2 | awk ' NR==2 { print $2}'
/sbin/tc -s -d class show dev eth0 |grep "htb 1:100 parent" -A2 | awk ' NR==2 { print $2}'

Cod: Selectaţi tot

# Metropolitan
/sbin/tc -s -d class show dev eth1 |grep "htb 1:0x21 parent" -A2 | awk ' NR==2 { print $2}'
/sbin/tc -s -d class show dev eth0 |grep "htb 1:101 parent" -A2 | awk ' NR==2 { print $2}'


[if85myh]

Pentru bpg+realms pot fi adaptate scripturile tale?