Permalink
Browse files

Moved existing diffserv work out of Cruft

  • Loading branch information...
1 parent 03aeb94 commit 4be2d7049084beae5e9ebc184158f80e99839166 Dave Taht committed Jun 11, 2011
Showing with 573 additions and 0 deletions.
  1. 0 README
  2. +53 −0 README.org
  3. +53 −0 codepoint_stats.sh
  4. +84 −0 diffserv.cfg
  5. +24 −0 diffserv_0802.11
  6. +185 −0 diffserv_internal.sh
  7. +36 −0 diffserv_qdisc
  8. +98 −0 diffserv_to_wireless.sh
  9. +40 −0 dscp.sql
View
0 README
No changes.
View
@@ -0,0 +1,53 @@
+* Definitive Packet Classifier
+
+This is an attempt to fully implement rfc 4594, along with some proposed extensions,
+at the edge router on the home gateway. The results should be suitable also for
+hotels, convention centers and small businesses.
+
+It could be further extended by supplying tables to end machines, to classify
+their behavior at the switch, rather than router level.
+
+It is being tested within the auspices of the 'uberwrt' series of projects.
+
+* Requirements
+** Be both ipv6 and ipv4 enabled.
+** Handle packet encapsulation (VPN) traffic correctly
+* Components
+** Debloating Techniques
+*** Minimize multicast
+*** Short queue lengths
+*** Use web proxies by default (wpad and dhcp supplied)
+*** ECN Enabled
+*** Optimizations for
+
+** Classifier
+*** Shall include comprehensive port to dscp database.
+*** Shall also include anti-worm filtering
+** Bandwidth Shaper(s) and policer(s)
+The bandwidth shapers should be as simple as possible, but no simpler.
+
+Example logic would include the number and type of machines in a household,
+the kinds of traffic the user expects, etc.
+
+*** It would be good to allow for bandwidth sharing.
+*** Should penalize
+
+** DSCP statistics
+Complete DSCP statistics will be kept.
+
+** Wired and Wireless awareness
+*** 802.11e converter
+Wherever possible, packets will be transformed into their proper 802.11e classes.
+*** 802.11d converter
+Wherever possible, packets will be transformed into their proper 802.11d classes.
+* Futures
+** Simple lookup tables for DSCP <-> Port mappings
+** Simple lookup tables for threats
+** Support for multiple switch types and vlan prioritizations
+
+* Tasks Ahead
+** TODO Write Good classifier
+** Analyze existing realistic traffic
+** Measure existing shapers
+** Implement ECN in existing shapers
+**
View
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Some new codepoints
+
+BOFH=04
+MICE=42
+LB=63
+
+# This attempts to keep track of DSCP classified packets in one chain.
+# This should really be sorted by frequency and done more cleverly but for now...
+# -j RETURN might make more sense
+
+do_cp_stats() {
+ local iptables=$1
+ $iptables -t filter -F DSCP_END
+ $iptables -t filter -X DSCP_END
+ $iptables -t filter -N DSCP_END
+
+ $iptables -t filter -F DSCP_STATS
+ $iptables -t filter -X DSCP_STATS
+ $iptables -t filter -N DSCP_STATS
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class BE -m comment --comment 'BE' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class EF -m comment --comment 'EF' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF11 -m comment --comment 'AF11' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF12 -m comment --comment 'AF12' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF13 -m comment --comment 'AF13' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF21 -m comment --comment 'AF21' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF22 -m comment --comment 'AF22' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF23 -m comment --comment 'AF23' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF31 -m comment --comment 'AF31' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF32 -m comment --comment 'AF32' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF33 -m comment --comment 'AF33' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF41 -m comment --comment 'AF41' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF42 -m comment --comment 'AF42' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class AF43 -m comment --comment 'AF43' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class CS7 -m comment --comment 'CS7' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class CS6 -m comment --comment 'CS6' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class CS5 -m comment --comment 'CS5' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class CS4 -m comment --comment 'CS4' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class CS3 -m comment --comment 'CS3' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class CS2 -m comment --comment 'CS2' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp-class CS1 -m comment --comment 'CS1' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp $BOFH -m comment --comment 'BOFH' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp $MICE -m comment --comment 'MICE' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m dscp --dscp $LB -m comment --comment 'LB' -g DSCP_END
+ $iptables -t filter -A DSCP_STATS -m comment --comment 'Unmatched' -j LOG
+
+}
+
+do_cp_stats iptables
+do_cp_stats ip6tables
+
+
View
@@ -0,0 +1,84 @@
+ # Traffic classes:
+ # 1:20 Pentultimate Priority (ntp)
+ # 1:25 Link Local Packets (1 hop)
+ # 1:30 Interactive (SSH, DNS, Quake)
+ # 1:35 Multicast packets (X hops)
+ # 1:40 (ACK)
+ # 1:50 Low latency (VoIP)
+ # 1:60 Browsing (HTTP, HTTPs)
+ # 1:70 Default
+ # 1:80 Bulk Services (smtp, rsync)
+ # 1:90 Unclassifiable
+ # 1:95 Low priority (p2p, pop3, etc)
+
+
+CLASSES="C_ULT C_LNK C_INT C_MCS C_ACK C_TLK C_BRW C_DEF C_BLK C_UNC C_P2P"
+CLASSID=":20 :25 :30 :35 :40 :50 :60 :70 :80 :90 :95"
+
+PRIOIP=
+PRIOIPV6=
+
+# IP addresses of the VoIP phones,
+# if none, set VOIPIPS=""
+VOIPIPS=""
+VOIP6IPS=""
+NTPIPS=
+
+# X11?
+
+# The really depressing part about trying to do classification
+# is the sheer number of ports in use.
+# http://www.networksorcery.com/enp/protocol/ip/ports06000.htm
+# In looking at that it gave me an idea in that we could just have
+# a linear 48k table to map port numbers to dscp
+# matches would be --lowest-match (for a single lookup)
+# --best-match (for a dual lookup)
+
+# Interactive classs: SSH Terminal, DNS and gaming (Quake)
+INTERACTIVEPORTS="22,222"
+GAMINGPORTS="3389,5900,5688"
+
+# People that use proxies can be shaped better, and 443 is important
+# include spdy, too
+
+PROXYPORTS="8123,3128,8118,1080,443,6127"
+
+RTPPORTS="5004:5005"
+# ichat? skype?
+# VoIP telephony
+SIGNALPORTS="5060:5062"
+VOIPPORTS="5062:5100,10000:11000,5000:5059,8000:8016,5004,1720,1731,4569"
+VPNPORTS="1194,500,4500"
+CHATPORTS="6667,7000,194,5190,5222,5269"
+# WWW
+BROWSINGPORTS="80,81,8080"
+STREAMINGPORTS="554"
+ZEBRAPORTS="2600:2608"
+MONITORPORTS="161:162,199,5777"
+# Routing
+ROUTINGPORTS="179,$ZEBRAPORTS"
+# Rsync, SMTP
+SCMPORTS="371,2401,3690,9418"
+MAILPORTS="143,220,993,587,465"
+BULKPORTS="25,873,20:21,109:110,119,631,4559"
+FILEPORTS="137:139,369:370,445,2049,7000:7009"
+# The lowest priority traffic: eDonkey, Bittorrent, etc.
+P2PPORTS="110,143,445,4662:4664,6881:6999,540,1214,4031,6346:6347"
+
+XWINPORTS="177,6000:6010,7100"
+DBPORTS="1433:1434,3050,3306,5432:5433,5984"
+BACKUPPORTS="9101:9103,10080,13720:13721,13782:13783,2988:2989,10081:10083"
+
+TESTPORTS="5001:5002"
+
+# talk, ntalk 517, 518
+# nntps 563
+# ldaps 636
+# webster 765
+# Radius 1812:1813
+# l2p
+# dict 2628
+# Distcc 3632
+# Daap 3689
+# mdns 5353
+# RTP?
View
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# NoAck
+
+# In QoS mode, service class for frames to send can have two values: QosAck and QosNoAck. Frames with QosNoAck are not acknowledged. This avoids retransmission of highly time-critical data.
+
+# http://en.wikipedia.org/wiki/IEEE_802.11e-2005
+# Background (AC_BK) 31 1023 7 0
+# Best Effort (AC_BE) 31 1023 3 0
+# Video (AC_VI) 15 31 2 3.008ms
+# Voice (AC_VO) 7 15 2 1.504ms
+# Legacy DCF 15 1023 2 0
+
+# http://en.wikipedia.org/wiki/IEEE_802.1Q
+# PCP code points mac header in the vlan frame
+# 1 0 (lowest) Background
+# 0 1 Best Effort
+# 2 2 Excellent Effort
+# 3 3 Critical Applications
+# 4 4 Video, < 100 ms latency
+# 5 5 Voice, < 10 ms latency
+# 6 6 Internetwork Control
+# 7 7 (highest) Network Control
+
Oops, something went wrong.

0 comments on commit 4be2d70

Please sign in to comment.