Warning
If you know english better than me, fix errors and send them to me. Maybe in the future, when I am rich, I will invest in my education, but not now.
Versions:
In the beginning I'd like to say that this software is in beta version so it means that shaperd is insufficiently tested and, in some cases, can make problems. Probably it will be upgraded more times.
After appearing a new user in network and beginning data transfer from internet (local transfer don't allocate bandwidth), shaperd is testing user's connections and compare it with list of exceptions (/etc/shaper/ignore file). If daemon can't find connection in exception list then allocate bandwidth for this user. Size of bandwidth result from simple dividing maximum incoming speed of link by number of currently working users.
After specify time (default: 10 seconds) - shaperd checks utilization of user's allocated bandwidth. If user utilized less than 50% of allocated bandwidth, daemon reduce allocation about 25%. If user utilized more than 75% then shaperd increase bandwidth about minimum guaranteed bandwidth (e.g. 8000 bit/s that is 1 KB/s). If user utilized bandwidth between 50% and 75% then allocation is unchanged. Rule is to allocate bandwidth in sequence for: "new" users, low allocation users and rest of unused bandwidth is assigned to high allocated users. I hope it's clear :)
Also daemon controls outgoing traffic bandwidth. Upload (outgoing - to internet) speed depends from sum of total user's download allocations and is possible to present it by simple formula:
speed_upload = speed_max - speed_downloadwhen:
Still exists insoluble problem in 2.4.x kernels, which cause that some old masqueraded connections are hanging on by 5 days. As a solution shaperd ignore connections with last activity time bigger than 300 seconds.
Autor of this software will not respond for any damages, destructions or errors, caused by this software, description and anything else. Everythink you do - you do It on your own responsibility.
This software is tested on systems based on 2.4.8, 2.4.12, 2.4.18 kernels, ipchains and iptables firewalls (I'm using Linux Mandrake 8.1 for developing).
tc -d qdiscIf you'll get nothing as a result then your kernel support QoS (CBQ).
mainip=212.17.14.118 internet_iface=ppp0 high_start_speed=1 even_division=0 check_always=1 squid_support=0 lospeed=8000 hispeed=100000 internet_iface_speed=70000 speed_ext=bit debug=0 delay=10 write_delay=0 local_int=eth0;10485760;192.168.0.0/16;192.168.1.0/24;1Principies:
mainip=212.17.14.118 internet_iface=ppp0 high_start_speed=1 even_division=0 check_always=1 squid_support=0 lospeed=16 hispeed=900 internet_iface_speed=400 speed_ext=Kbit debug=0 delay=10 write_delay=0 local_int=eth0;10240;192.168.0.0/16;192.168.1.0/24;1 local_int=eth1;102400;192.168.0.0/16;192.168.2.0/24;2
mainip=212.17.14.118 internet_iface=ppp0 high_start_speed=1 even_division=0 check_always=1 squid_support=0 lospeed=8000 hispeed=100000 internet_iface_speed=70000 speed_ext=bit debug=0 delay=10 write_delay=0 local_int=eth0;10485760;192.168.0.0/16;192.168.1.0/24;1 local_int=eth1;104857600;192.168.0.0/16;192.168.2.0/24;2 local_int=ppp1;786432;192.168.3.1/32;192.168.3.0/24;3
mainip=`ifconfig ppp0 | grep "inet addr" | cut -d ':' -f2 | cut -d ' ' -f1`;shaperd -mainip=$mainipwhere ppp0 is a name of internet interface.
gcc /usr/src/shaperd/shaperd.c -o /sbin/shaperd
192.168.1.2=eth0 192.168.1.3=eth0 192.168.1.4=eth0 8000 16000 192.168.1.5=eth0 192.168.2.2=eth1 192.168.2.3=eth1 192.168.2.4=eth1 192.168.2.5=eth1I introduced possibility of placing of individual limits for individual IP numbers additionally. In above been mentioned example for IP number 192.168.1.4. I put following forks: 8000 (1KB of - guaranteed minimum) and 16000 (2KB - maximum assigned speed). Remember, that value this such myself are passed in unit of speed how put unit in file shaper.cfg in parameter speed_ext. In case of lack of registrations shaperd accepts values written in file shaper.cfg for every number.
/sbin/shaperd -hispeed=100000 -lospeed=8000It is passed speed well no declared and real, which it pretends to get itself downloading something through longer time through this link in direction from internet to net. In opposite case division of virtual speed is without sense. Link HIS does not work at declared 115kbit only 96kbit (into one side) so inscription of larger value causes, that someone getting in net allotment of speeds, which never no thigh to reach itself him. Someone always will be cheated.
modprobe sch_cbq modprobe sch_tbf modprobe cls_u32
/sbin/shaperd shownat
192.168.1.2 40000 192.168.1.9 58000or if speed_ext is set as Kbit:
192.168.1.2 40 Kbit 192.168.1.9 58 Kbit
tc -s qdiscResults of his working can look so:
qdisc tbf d09f: dev eth0 rate 5430bps burst 10Kb lat 1.2s Sent 108930 bytes 73 pkts (dropped 0, overlimits 0) qdisc tbf d09e: dev eth0 rate 5430bps burst 10Kb lat 1.2s Sent 126618 bytes 89 pkts (dropped 0, overlimits 0) qdisc tbf d09d: dev eth0 rate 1638bps burst 10Kb lat 3.8s Sent 54699 bytes 65 pkts (dropped 0, overlimits 321) backlog 6110b 5p qdisc tbf d09c: dev eth0 rate 10Mbit burst 10Kb lat 4.8ms Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc tbf d09b: dev eth0 rate 10Mbit burst 10Kb lat 4.8ms Sent 5690 bytes 53 pkts (dropped 0, overlimits 0) qdisc cbq 10: dev eth0 rate 10Mbit (bounded,isolated) prio no-transmit Sent 310829 bytes 302 pkts (dropped 0, overlimits 1555) backlog 5p borrowed 0 overactions 0 avgidle 624 undertime 0Look on line from rate different from 10Mbit (or different in case of local link about different maximum speeds). In this of case of three first class illustrate transfers of three different computers in local net. Check, whether registered size of sent datas Sent are. If so this it means, that CBQ work correctly and cuts transfer.
<p><a href="http://sp9wun.republika.pl/"> <img src="http://sp9wun.republika.pl/linux/pics/shaper.png" border="0" width="89" height="32" alt="Powered by Shaper CBQ"></a></p>
Problems
To avoid itself problems, which they can result in track of normal exploitation of shaperd you have to warn some rules
ipchains -L output -ntable shaper should be on the top position
Chain output (policy ACCEPT): target prot opt source destination ports shaper all ------ 0.0.0.0/0 0.0.0.0/0 n/a ppp-out all ------ 0.0.0.0/0 0.0.0.0/0 n/a eth-out all ------ 0.0.0.0/0 0.0.0.0/0 n/a
ipchains -L shaper -nIn this table should be rules for every IP numbers from file /etc/shaper/iplist Example:
Chain shaper (1 references): target prot opt source destination ports RETURN tcp ------ !192.168.1.1 192.168.1.2 * -> * RETURN tcp ------ !192.168.1.1 192.168.1.3 * -> * RETURN tcp ------ !192.168.1.1 192.168.1.4 * -> * RETURN tcp ------ !192.168.1.1 192.168.1.5 * -> * RETURN tcp ------ !192.168.1.1 192.168.1.6 * -> * RETURN tcp ------ !192.168.1.1 192.168.1.7 * -> * RETURN tcp ------ !192.168.1.1 192.168.1.8 * -> *
watch ipchains -vxL shaper -nIt will permit onto observation, do rules count quantity downloaded datas for individual IP numbers. Generally - if some number at present something download from internet, his rule has to count. If it does not make this - restart shaper.
iptables -L FORWARD -n --line-numbers | grep shapertable shaper should to have No 1 position:
1 shaper all -- 0.0.0.0/0 0.0.0.0/0
iptables -L shaper -nIn this table should be rules for every IP numbers from file /etc/shaper/iplist Example:
Chain shaper (1 references) target prot opt source destination RETURN all -- !192.168.0.0/16 192.168.1.2 RETURN all -- !192.168.0.0/16 192.168.1.3 RETURN all -- !192.168.0.0/16 192.168.1.4 RETURN all -- !192.168.0.0/16 192.168.1.5 RETURN all -- !192.168.0.0/16 192.168.1.6 RETURN all -- !192.168.0.0/16 192.168.1.7 RETURN all -- !192.168.0.0/16 192.168.1.8 RETURN all -- !192.168.0.0/16 192.168.1.9 RETURN all -- !192.168.0.0/16 192.168.1.10
watch iptables -vxL shaper -nIt will permit onto observation, do rules count quantity downloaded datas for individual IP numbers. Generally - if some number at present something download from internet, his rule has to count. If it does not make this - restart shaper.
Back | Linux |