Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Took a stab at porting over the old shell based diffserv code
Didn't quite finish by any respect. But I'm thinking that fw rules, classification, nat, and AQM all have to be in the same langauge with the same assumptions throughout.
- Loading branch information
Dave Taht
committed
Dec 28, 2011
1 parent
e2c09b1
commit 5c41f94
Showing
12 changed files
with
1,620 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,142 @@ | ||
# Diffserv Configuration File | ||
|
||
WIRELESS_DEVS="wlan0" | ||
WIRED_DEVS="se+ ge+" | ||
|
||
DEBUG_LOG=/dev/null | ||
PRIOIP= | ||
PRIOIPV6= | ||
|
||
# IP addresses of the VoIP phones, | ||
# if none, set VOIPIPS="" | ||
|
||
VOIPIPS="" | ||
VOIP6IPS="" | ||
NTPIPS="" | ||
|
||
ROBUST_STATS=0 | ||
|
||
# FIXME: Handle Vlans | ||
# FIXME: Handle new naming scheme | ||
# FIXME: Figure out link rate somehow for wired, at least | ||
# X11? | ||
|
||
# The really depressing part about trying to do classification | ||
# is the sheer number of ports in use. | ||
# http://www.networksorcery.com/enp/protocol/ip/ports06000.htm | ||
# In looking at that it gave me an idea in that we could just have | ||
# a linear 48k table to map port numbers to dscp | ||
# matches would be --lowest-match (for a single lookup) | ||
# --best-match (for a dual lookup) | ||
|
||
|
||
|
||
# This is the relevant table from the RFC | ||
# |===============+=========+=============+==========================| | ||
# |Network Control| CS6 | 110000 | Network routing | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Telephony | EF | 101110 | IP Telephony bearer | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Signaling | CS5 | 101000 | IP Telephony signaling | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Multimedia |AF41,AF42|100010,100100| H.323/V2 video | | ||
# | Conferencing | AF43 | 100110 | conferencing (adaptive) | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Real-Time | CS4 | 100000 | Video conferencing and | | ||
# | Interactive | | | Interactive gaming | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Multimedia |AF31,AF32|011010,011100| Streaming video and | | ||
# | Streaming | AF33 | 011110 | audio on demand | | ||
# |---------------+---------+-------------+--------------------------| | ||
# |Broadcast Video| CS3 | 011000 |Broadcast TV & live events| | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Low-Latency |AF21,AF22|010010,010100|Client/server transactions| | ||
# | Data | AF23 | 010110 | Web-based ordering | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | OAM | CS2 | 010000 | OAM&P | | ||
# |---------------+---------+-------------+--------------------------| | ||
# |High-Throughput|AF11,AF12|001010,001100| Store and forward | | ||
# | Data | AF13 | 001110 | applications | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Standard | DF (CS0)| 000000 | Undifferentiated | | ||
# | | | | applications | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Low-Priority | CS1 | 001000 | Any flow that has no BW | | ||
# | Data | | | assurance | | ||
# ------------------------------------------------------------------ | ||
|
||
|
||
|
||
# Traffic classes: | ||
# 1:20 Pentultimate Priority (ntp) | ||
# 1:25 Link Local Packets (1 hop) | ||
# 1:30 Interactive (SSH, DNS, Quake) | ||
# 1:35 Multicast packets (X hops) | ||
# 1:40 (ACK) | ||
# 1:50 Low latency (VoIP) | ||
# 1:60 Browsing (HTTP, HTTPs) | ||
# 1:70 Default | ||
# 1:80 Bulk Services (smtp, rsync) | ||
# 1:90 Unclassifiable | ||
# 1:95 Low priority (p2p, pop3, etc) | ||
|
||
|
||
CLASSES="C_ULT C_LNK C_INT C_MCS C_ACK C_TLK C_BRW C_DEF C_BLK C_UNC C_P2P" | ||
CLASSID=":20 :25 :30 :35 :40 :50 :60 :70 :80 :90 :95" | ||
|
||
# Interactive classs: SSH Terminal, DNS and gaming (Quake) | ||
INTERACTIVEPORTS="22,222" | ||
GAMINGPORTS="3389,5900,5688" | ||
|
||
# People that use proxies can be shaped better, and 443 is important | ||
# include spdy, too | ||
|
||
PROXYPORTS="8123,3128,8118,1080,443,6127" | ||
|
||
# rdate? | ||
NTPPORTS=123 | ||
RTPPORTS="5004:5005" | ||
# ichat? skype? | ||
# VoIP telephony | ||
SIGNALPORTS="5060:5062" | ||
VOIPPORTS="5062:5100,10000:11000,5000:5059,8000:8016,5004,1720,1731,4569" | ||
VPNPORTS="1194,500,4500" | ||
CHATPORTS="6667,7000,194,5190,5222,5269" | ||
# WWW | ||
BROWSINGPORTS="80,81,8080" | ||
#FIXME: icecast, look at some radio stations. Soma uses: | ||
A_STREAMINGPORTS="8600,8048,9010,8884,8384,8010,9000" | ||
#FIXME: netflix, etc | ||
V_STREAMINGPORTS="554" | ||
|
||
ZEBRAPORTS="2600:2608" | ||
MONITORPORTS="161:162,199,5777" | ||
# Routing | ||
ROUTINGPORTS="179,$ZEBRAPORTS" | ||
# Yes, let's track git and cvs | ||
SCMPORTS="371,2401,3690,9418" | ||
MAILPORTS="143,220,993,587,465" | ||
# Rsync, SMTP | ||
BULKPORTS="25,873,20:21,109:110,119,631,4559" | ||
# Traditional filesharing has it's place | ||
FILEPORTS="137:139,369:370,445,2049,7000:7009" | ||
# The lowest priority traffic: eDonkey, Bittorrent, etc. | ||
P2PPORTS="110,143,445,4662:4664,6881:6999,540,1214,4031,6346:6347" | ||
XWINPORTS="177,6000:6010,7100" | ||
DBPORTS="1433:1434,3050,3306,5432:5433,5984" | ||
BACKUPPORTS="9101:9103,10080,13720:13721,13782:13783,2988:2989,10081:10083" | ||
TESTPORTS="5001:5002" | ||
|
||
# Classify these | ||
# talk, ntalk 517, 518 | ||
# nntps 563 | ||
# ldaps 636 | ||
# webster 765 | ||
# Radius 1812:1813 | ||
# l2p | ||
# dict 2628 | ||
# Distcc 3632 | ||
# Daap 3689 | ||
# mdns 5353 | ||
# RTP? | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/bin/sh | ||
#Debug code in place | ||
. ./codepoints.sh | ||
. ./functions.sh | ||
. ./ame.conf | ||
. ./user.conf | ||
|
||
DEBUG_LOG=/tmp/ame.$$ | ||
dscp_stats=1 | ||
ecn_stats=1 | ||
icmp6_stats=1 | ||
p80_stats=1 | ||
|
||
case $1 in | ||
up) start ;; | ||
down) stop ;; | ||
restart) restart ;; | ||
status) status ;; | ||
help) help;; | ||
esac |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
# freq from-net to-net from-portrange to-portrange proto tag MODE type FLAG prio classes-from classes-to "COMMENT" | ||
|
||
1 0 0 0 81 tcp ROUTER ADMIN USE 0 0 0 0 CS1 BE AF33 AF32 "Router admin port" | ||
9 0 0 0 80,8080 tcp WEB NORMAL USE 0 0 0 0 CS1 BE AF33 AF32 "The port 80 rathole" | ||
8 0 0 0 433 tcp SWEB NORMAL USE 0 0 0 0 CS1 BE AF32 AF31 "https" | ||
6 0 0 0 8123,3128,8118,1080,6127 tcp 0 0 0 0 CS1 BE AF31 AF32 "Proxy Ports" | ||
7 0 0 0 22,222 tcp ADMIN BIMODAL USE 0 0 0 0 CS1 IT CS1 IT "ssh" | ||
5 0 0 0 8600,8048,9010,8884,8384,8010,9000 tcp ASTREAMING NORMAL USE 0 0 CS1 BE AF42 AF43 "Audio Streaming" | ||
1 0 0 0 2600:2608 tcp ADMIN NORMAL IGN 0 0 CS1 BE CS1 BE "ZEBRA" | ||
4 0 0 0 6667,7000,194,5190,5222,5269 CHAT BIMODAL USE 0 0 CS1 IT CS1 IT "Chat" | ||
# NOT DONE YET | ||
4 0 0 0 371,2401,3690,9418 "SCM" | ||
3 0 0 0 143,220,993,587,465 "BULK" | ||
2 0 0 0 25,873,20:21,109,110,119,631,4559 "Bulk ports" | ||
1 0 0 0 177,6000:6010,7100 "Xwindows" | ||
4 0 0 0 1433:1434,3050,3306,5432,5433,5984 "Databases" | ||
1 0 0 0 9101:9103,10080,13720:13721,13782:13783,2988:2989,10081:10083 "Backup tools" | ||
|
||
# UDP stuff | ||
|
||
4 0 0 0 1194 0 udp VPN KEEP KEEP KEEP KEEP KEEP | ||
5 0 0 0 3389,5900,5688 0 udp Gaming ANT KEEP KEEP KEEP KEEP # | ||
7 0 0 0 123 0 udp BE:EF EF:EF NORMAL ANT # | ||
8 0 0 0 67,68 0 udp BE:EF EF:EF NORMAL ANT # DHCP | ||
6 0 0 0 5004,5005 0 udp CS1:EF AF43:AF42 NORMAL NORMAL # RTP | ||
9 0 0 0 5060:5062 0 udp CS1:EF AF43:AF42 NORMAL NORMAL # VOIP Signalling | ||
7 0 0 0 5063:5100,10000:11000,5000:5059,8000:8016,1720,1731,4569 0 udp # VOIP | ||
8 0 0 0 500,4500 0 udp KEEP KEEP KEEP KEEP | ||
|
||
0 0 0 0 6667,7000,194,5190,5222,5269 0 # chat | ||
0 0 0 0 560 0 # good ole ntalk I think | ||
0 0 0 0 554 0 VSTREAMING | ||
0 0 0 0 161,162,199,5777 0 # Monitoring | ||
0 0 0 0 179 0 # BGP Routing | ||
0 0 0 0 137:139,369:370,445,2049,7000:7009 0 # Traditional filesharing | ||
0 0 0 0 110,143,445,4662:4664,6881:6999,540,1214,4031,6346:6347 0 # PTP filesharing | ||
0 0 0 0 5001:5002 0 # Bandwidth tests | ||
|
||
# ICMP | ||
|
||
# ICMP6 | ||
|
||
# Classify these | ||
# talk, ntalk 517, 518 | ||
# nntps 563 | ||
# ldaps 636 | ||
# webster 765 | ||
# Radius 1812:1813 | ||
# l2p | ||
# dict 2628 | ||
# Distcc 3632 | ||
# Daap 3689 | ||
# mdns 5353 | ||
# RTP? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,91 @@ | ||
# Codepoint variable reference | ||
|
||
# Standard codepoints in decimal | ||
|
||
BE=0 | ||
AF11=10 | ||
AF12=12 | ||
AF13=14 | ||
AF21=18 | ||
AF22=20 | ||
AF23=22 | ||
AF31=26 | ||
AF32=28 | ||
AF33=30 | ||
AF41=34 | ||
AF42=36 | ||
AF43=38 | ||
EF=46 | ||
|
||
CS1=8 | ||
CS2=16 | ||
CS3=24 | ||
CS4=32 | ||
CS5=40 | ||
CS6=48 | ||
CS7=56 | ||
|
||
# Some new (proposed) codepoints | ||
|
||
BOFH=4 | ||
ANT=42 | ||
LB=63 | ||
P2P=9 | ||
|
||
# Some legacy codepoints | ||
# FIXME, do common tos bits and cisco | ||
# FIXME, get CS fixed | ||
|
||
KNOWN_CODEPOINTS="0 4 9 10 12 14 18 20 22 26 28 30 34 36 38 42 46 63 8 16 24 32 40 48 56" | ||
UNKNOWN_CODEPOINTS="" | ||
|
||
for i in `seq 1 63` | ||
do | ||
FOUND=0 | ||
for j in $KNOWN_CODEPOINTS | ||
do | ||
if [ "$i" = "$j" ] | ||
then | ||
FOUND=1 | ||
fi | ||
done | ||
if [ $FOUND = 0 ] | ||
then | ||
UNKNOWN_CODEPOINTS="$UNKNOWN_CODEPOINTS $i" | ||
fi | ||
done | ||
|
||
# This is the relevant table from the RFC | ||
# |===============+=========+=============+==========================| | ||
# |Network Control| CS6 | 110000 | Network routing | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Telephony | EF | 101110 | IP Telephony bearer | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Signaling | CS5 | 101000 | IP Telephony signaling | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Multimedia |AF41,AF42|100010,100100| H.323/V2 video | | ||
# | Conferencing | AF43 | 100110 | conferencing (adaptive) | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Real-Time | CS4 | 100000 | Video conferencing and | | ||
# | Interactive | | | Interactive gaming | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Multimedia |AF31,AF32|011010,011100| Streaming video and | | ||
# | Streaming | AF33 | 011110 | audio on demand | | ||
# |---------------+---------+-------------+--------------------------| | ||
# |Broadcast Video| CS3 | 011000 |Broadcast TV & live events| | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Low-Latency |AF21,AF22|010010,010100|Client/server transactions| | ||
# | Data | AF23 | 010110 | Web-based ordering | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | OAM | CS2 | 010000 | OAM&P | | ||
# |---------------+---------+-------------+--------------------------| | ||
# |High-Throughput|AF11,AF12|001010,001100| Store and forward | | ||
# | Data | AF13 | 001110 | applications | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Standard | DF (CS0)| 000000 | Undifferentiated | | ||
# | | | | applications | | ||
# |---------------+---------+-------------+--------------------------| | ||
# | Low-Priority | CS1 | 001000 | Any flow that has no BW | | ||
# | Data | | | assurance | | ||
# ------------------------------------------------------------------ | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
#!/bin/sh | ||
# Babel and possibly other protocols can mess between DHCP replies when | ||
# moving between networks | ||
# This keeps this from happening | ||
# hopefully. God help you if you aren't using a /24 netmask | ||
|
||
# more than once I've thought that putting babel in it's own table made sense | ||
# And dhcp. | ||
|
||
dhcp=400 | ||
|
||
iptables -t mangle -A OUTPUT -p udp -m multiport --port 67:68 -j MARK --set-mark $dhcp | ||
|
||
ip -o addr | grep 'inet ' | awk '{print $2 " " $4}' | while read DEV ipaddr | ||
do | ||
net=`echo $ipaddr | cut -f2 -d/` | ||
[ "$net" = 24 ] && { | ||
ip=`echo $ipaddr | cut -f1-3 -d.` | ||
ip route del $ip/27 dev $DEV table $dhcp | ||
ip route add $ip/27 dev $DEV table $dhcp | ||
} | ||
done | ||
|
||
ip rule del prio $dhcp | ||
ip rule add fwmark $dhcp table $dhcp prio $dhcp | ||
|
Oops, something went wrong.