jablonka.czprosek.czf

qos

Subversion Repositories:
[/] [trunk/] [qos] - Rev 45 Go to most recent revision

Compare with Previous - Blame - Download


#!/bin/sh
#
# CZFree.Net RFC-QoS script
#
# date:         30/06/2008
# authors:      Rakerihoo, Fyzik, Libor, Dzus, Bonez, Simandl, Danny, Sinda
# references:   http://www.lartc.org/
#               http://luxik.cdi.cz/~devik/qos/htb/
#               http://connected.prosek.czf/forum/showthread.php?s=&threadid=9
#               http://www.simandl.cz/stranky/linux/qos/soubory/qos_base
# version:      2.1.6
# ps ver :      0.1.9
#
# Changelog
#
# 26/02/09 [sinda] podpora pro Vonage voip, UDP vse z 69.59.241/24
# 11/02/09 [simandl] za provoz na 802.cz povazovano vse v subnetu 212.71.146.128/26
# 10/02/09 [simandl] doplnena podpora pro Cisco VPN
# 09/02/09 [sinda] doplnena podpora pro Call of Duty 4 (na PS3) - UDP: 3074, 3075, 3080
# 02/02/09 [sinda] doplnena podpora pro nntps a vnc do tridy 40 (data transfer)
# 25/01/09 [simandl] doplnena podpora pro svn port 3690
# 14/01/09 [sinda] doplnena podpora pro hru "Sniper Elite" porty UDP 21540 a 54468
# 13/01/09 [sinda] doplnena podpora pro RTP dle ip operatora systinet.com a rozsireni portu OpenVPN o 1194/UDP
# 07/01/09 [simandl] doplnena podpora pro hru "World Of Warcraft" porty 6112 a 6881-6999
# 23/12/08 [simandl] podpora pro ventrilo
# 04/12/08 [sinda] doplnena podpora pro RTP dle ip operatoru fayn.cz, mujtelefon.cz, netphone.cz, aps.sbohempevnalinko.cz, fax.sipcz.net
# 01/12/08 [sinda] File download over http do class airfree (TERASPACE-GMBH, yandex.ru, ...)
# 04/11/08 [simandl] podpora pro hry "Battlefield" a "Call of Duty"
# 13/10/08 [simandl] podpora pro hru "Warhammer Online"
# 28/09/08 [simandl] doplneni chybejicich autoru a zmena v references 10.24.1.2 na connected.prosek.czf
# 05/08/08 [simandl] podpora pro Americas Army
# 30/06/08 [simandl] podpora pro L2TP port 1701 UDP
# 09/03/08 [simandl] podpora pro noncontrib
# 01/12/07 [simandl] doplnena podpora pro hru "World Of Warcraft" 8085 3724
# 09/08/07 [sinda]   doplnena podpora pro hru "Counter-Strike Source" UDP 270xx
# 26/07/07 [sinda]   doplnena podpora pro RTP ha-vel.cz a 802.cz dle ip adresy rtp serveru operatora
# 31/08/06 [simandl] doplnena podpora pro definici rychlosti a delitelu pro kazdy iface zvlast v souboru iface_conf
# 14/07/06 [sinda]   doplneny porty pro hru Quake 3 arena
# 17/01/06 [simandl] doplneny TOSy pro ha-vel a hlas.802.cz do VoIP tridy 50
# 12/12/05 [simandl] preskupeny protokoly trid - 40 mail&data 50 voip 60 web&squid - tak aby byly rovnomerne vyuzite
# 23/11/05 [simandl] doplneny porty pro Lineage2 a Teamspeak
# 22/11/05 [danny] DSCP/ToS filtry pro SIP/RTP (VoIP), maximum reliability [DEV]
# 20/11/05 [simandl] doplnen port pro RTP
# 14/11/05 [simandl] doplneny porty pro SIP a gnomemeeting
# 08/11/05 [simandl] doplneny porty pro H.323
# 19/08/05 [simandl] doplneny porty pro hru DarkEden
# 30/10/04 [dzus]  oprava parseru MTU, vylepseni kontroly konfig. souboru
# 27/10/04 [bonez] OpenVPN pridano do data transfer class
# 05/06/04 [dzus]  do interactive class pridan BZFlag, uprava parseru konfig souboru
# 18/02/04 [dzus]  SCP zarazeno do download class (rozliseno podle TOS maximize throughput)
# 04/01/04 [dzus]  podpora pro Jedi Knight, oprava prio u filtru, oprava filtru na FTP, zruseni PPTP class
# 20/11/03 [dzus]  zrusena H323 class, pridan filtr na TCP ACK, nastaveni quantum podle MTU
# 28/09/03 [dzus]  oprava bugu ve filtrech (bez prio to nechodi dobre)
# 27/09/03 [dzus]  konfigurace interfacu se nacita z ext souboru, pridan TOS minimize delay filtr
# 20/09/03 [dzus]  vyhazeni marku z IPtables, nyni pouze filtry v tc
# 01/09/03 [dzus]  vynechani internetoveho rozhrani z konfigurace
# 07/08/03 [fyzik] preference Inetoveho traffiku
# 31/07/03 [fyzik] podpora pro HL@tchor, airfree, fixes
# 05/05/03 [fyzik] podpora pro IRC, PPTP, H323, LDAP, DC, NTP
# 04/05/03 [fyzik] napsal uvod
# 01/05/03 [fyzik] non-CZF-RFC, inspirovan Liborovym Heaven QoS 
# 00/03/03 [Rakerihoo] napsal RFC-QoS :)
# 
# ToDo
# * zkusit a otestovat podtridy CZF-transfer, CZF-klient, CZF-shared a markovanat podle MAC 
# * pridat podporu ostatnich interaktivnich games


### Configuration START

IFACECONFFILE='/etc/qos/iface_conf'
IPADDRFILE="/etc/qos/ip_adresy"

#default speeds and dividers
DNONCZFSPD='64'
DNONCONTRIBSPD='64'
DAIRFREESPD='2048'
DSSHDIV='2'
DPINGDIV='2'
DINTERACTDIV='2'
DVOIPDIV='2'
DWWWDIV='2'
DXFERDIV='4'
DDFLTDIV='8'

### Configuration STOP

if [ ! -f $IFACECONFFILE ]
then
    echo "Interface configuration file doesn't exist - program terminated" 1>&2
    exit 1
fi

IFACECONF=`grep -v '^[[:space:]]*#' $IFACECONFFILE`
IFACECONF=`echo $IFACECONF | sed -e 's/[[:space:]]*}[[:space:]]*/}\\\n/g'`
FACES=`echo -e $IFACECONF | sed -e 's/^[[:space:]]*interface[[:space:]]\+\([[:alnum:]]\+\).*/\1/;t;d'`

echo "Applying CZF-QOS rules"

echo "-Set global variables"
IPTABLES="`which iptables`"
TC="`which tc`"
IP="`which ip`"
IPT_RESTORE="`which iptables-restore`"

STOCHASIS="sfq perturb 10"

QUANTUMOFFS="500"

#$IPT_RESTORE < /etc/network/iptables

echo "-Remove Qdisc root classes"
for FACE in ${FACES} ; do
        $TC qdisc del dev ${FACE} root &>/dev/null
#echo $FACE
done

## qoseni podle IP - priklad
if [ -f $IPADDRFILE ]
then
    NONCZF="`sed -e 's/^[[:space:]]*\([[:digit:].,/]\+\)[[:space:]].*NONCZF[[:space:]]*\+/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`"
    NONCZF="$NONCZF `sed -e 's/^.*[[:space:]]\+NONCZF[[:space:]]\+\([[:digit:].,/]\+\)[[:space:]]*/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`"
    NONCONTRIB="`sed -e 's/^[[:space:]]*\([[:digit:].,/]\+\)[[:space:]].*NONCONTRIB[[:space:]]*\+/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`"
    NONCONTRIB="$NONCONTRIB `sed -e 's/^.*[[:space:]]\+NONCONTRIB[[:space:]]\+\([[:digit:].,/]\+\)[[:space:]]*/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`"
    AIRFREE="`sed -e 's/^[[:space:]]*\([[:digit:].,/]\+\)[[:space:]].*AIRFREE[[:space:]]*\+/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`"
    AIRFREE="$AIRFREE `sed -e 's/^.*[[:space:]]\+AIRFREE[[:space:]]\+\([[:digit:].,/]\+\)[[:space:]]*/\1/;t repl;d;: repl;y/,/ /' $IPADDRFILE`"
fi

set_qos_classes () {
        echo "-Initializing QoS_base rules on interface $FACE (speed $SPEED)"

        $TC qdisc add dev ${FACE} root handle 1: htb default 300 r2q 2
        $TC class add dev ${FACE} parent 1:  classid 1:1   htb rate $((${SPEED}/2))kbit ceil ${SPEED}kbit burst 15k quantum ${QUANTUM}
        $TC class add dev ${FACE} parent 1:1 classid 1:5   htb rate 64kbit ceil $((${SPEED}/${SSHDIV}))kbit burst 5k prio 1                             # SSH class
        $TC class add dev ${FACE} parent 1:1 classid 1:10  htb rate 192kbit ceil $((${SPEED}/${INTERACTDIV}))kbit burst 5k prio 1               # interactive class
        $TC class add dev ${FACE} parent 1:1 classid 1:20  htb rate 32kbit ceil $((${SPEED}/${PINGDIV}))kbit burst 5k prio 0
        $TC class add dev ${FACE} parent 1:1 classid 1:30  htb rate 32kbit ceil 128kbit burst 5k prio 0                         # routing class
        $TC class add dev ${FACE} parent 1:1 classid 1:40  htb rate 32kbit ceil $((${SPEED}/${XFERDIV}))kbit burst 5k prio 4    # email & data transfer class
        $TC class add dev ${FACE} parent 1:1 classid 1:50  htb rate 192kbit ceil $((${SPEED}/${VOIPDIV}))kbit burst 5k prio 0   # voip class
        $TC class add dev ${FACE} parent 1:1 classid 1:60  htb rate 32kbit ceil $((${SPEED}/${WWWDIV}))kbit burst 8k prio 3     # web & squid class
        $TC class add dev ${FACE} parent 1:1 classid 1:300 htb rate 32kbit ceil $((${SPEED}/${DFLTDIV}))kbit burst 1k prio 5    # default trafic class
        $TC class add dev ${FACE} parent 1:1 classid 1:666 htb rate 32kbit ceil ${NONCZFSPD}kbit burst 1k prio 5                # unsupported trafic class
        $TC class add dev ${FACE} parent 1:1 classid 1:667 htb rate 32kbit ceil ${AIRFREESPD}kbit burst 1k prio 4               # local wireless free band
        $TC class add dev ${FACE} parent 1:1 classid 1:668 htb rate 32kbit ceil ${NONCONTRIBSPD}kbit burst 1k prio 5            # non contributors trafic class
#       $TC class add dev ${FACE} parent 1:1 classid 1:999 htb rate 32kbit ceil $((${SPEED}/2))kbit burst 8k prio 4             # Inet traffic class

        $TC qdisc add dev ${FACE} parent 1:5 handle 5: $STOCHASIS       # SSH sub-classes
        $TC qdisc add dev ${FACE} parent 1:10 handle 10: $STOCHASIS     # interactive sub-classes
        $TC qdisc add dev ${FACE} parent 1:20 handle 20: $STOCHASIS     # ping sub-classes
        $TC qdisc add dev ${FACE} parent 1:30 handle 30: $STOCHASIS     # routing sub-classes
        $TC qdisc add dev ${FACE} parent 1:40 handle 40: $STOCHASIS     # email & data transfer sub-classes
        $TC qdisc add dev ${FACE} parent 1:50 handle 50: $STOCHASIS     # voip sub-classes
        $TC qdisc add dev ${FACE} parent 1:60 handle 60: $STOCHASIS     # web & squid sub-classes
        $TC qdisc add dev ${FACE} parent 1:300 handle 300: $STOCHASIS   # default class
        $TC qdisc add dev ${FACE} parent 1:666 handle 666: $STOCHASIS   # unsupported
        $TC qdisc add dev ${FACE} parent 1:667 handle 667: $STOCHASIS   # local wireless
        $TC qdisc add dev ${FACE} parent 1:668 handle 668: $STOCHASIS   # non contributor class
#       $TC qdisc add dev ${FACE} parent 1:999 handle 999: $STOCHASIS   # Inet traffic


        ## SSH class
        # SSH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 3 u32 match ip sport 22 0xffff match ip protocol 0x6 0xff flowid 1:5
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 3 u32 match ip dport 22 0xffff match ip protocol 0x6 0xff flowid 1:5

        ## Interactive class
        # NTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 123 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 123 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 123 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 123 0xffff match ip protocol 0x11 0xff flowid 1:10
        # DNS
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 53 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 53 0xffff match ip protocol 0x6 0xff flowid 1:10
        # IRC
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 194 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 194 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 6667 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 6667 0xffff match ip protocol 0x6 0xff flowid 1:10
        # LDAP, LDAPs
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 389 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 389 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 636 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 636 0xffff match ip protocol 0x6 0xff flowid 1:10
        # GAMES
        # Sniper Elite
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 21540 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 21540 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 54468 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 54468 0xffff match ip protocol 0x11 0xff flowid 1:10
        # World Of Warcraft
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 8085 0xffff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 8085 0xffff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3724 0xffff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3724 0xffff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 6112 0xffff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 6112 0xffff flowid 1:10
        #6881..6999 is covered by (6880..6911 + 6912..6975 + 6976..7007)
#       $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 6880 0xffe0 flowid 1:10
#       $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 6880 0xffe0 flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 6912 0xffc0 flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 6912 0xffc0 flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 6976 0xffe0 flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 6976 0xffe0 flowid 1:10
        # vietcong
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5425 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5425 0xffff match ip protocol 0x11 0xff flowid 1:10
        # LINEAGE2
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 2106 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 2106 0xffff match ip protocol 0x11 0xff flowid 1:10
        # Half-life
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27015 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27015 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27016 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27016 0xfffe match ip protocol 0x11 0xff flowid 1:10
        # UT2003, UT2004
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 7777 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 7777 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 7778 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 7778 0xffff match ip protocol 0x11 0xff flowid 1:10
        # BZFlag
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5154 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5154 0xffff match ip protocol 0x11 0xff flowid 1:10
        # JEDI KNIGHT
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28060 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28060 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28062 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28062 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28070 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28070 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28072 0xfff8 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28072 0xfff8 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28080 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28080 0xfffe match ip protocol 0x11 0xff flowid 1:10
        # Dark Eden
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 9997 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 9997 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 9998 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 9998 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 9858 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 9858 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 9650 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 9650 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 4056 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 4056 0xfffe match ip protocol 0x11 0xff flowid 1:10
        # Quake 3 arena
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27960 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27960 0xfffe match ip protocol 0x11 0xff flowid 1:10
        # Counter-Strike Source
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27000 0xfff8 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27008 0xffc0 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27072 0xfff0 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27088 0xfff8 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27096 0xfffc match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27000 0xfff8 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27008 0xffc0 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27072 0xfff0 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27088 0xfff8 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27096 0xfffc match ip protocol 0x11 0xff flowid 1:10
        # H323
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 389 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 389 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 522 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 522 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1503 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1503 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1720 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1720 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1731 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1731 0xffff match ip protocol 0x11 0xff flowid 1:10
        # Lineage2
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 7777 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 7777 0xffff match ip protocol 0x6 0xff flowid 1:10
        # Teamspeak
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 8767 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 8767 0xffff match ip protocol 0x11 0xff flowid 1:10
        # L2TP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1701 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1701 0xffff match ip protocol 0x11 0xff flowid 1:10
        # Americas Army
        #UDP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1716 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1716 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1718 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1718 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 8777 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 8777 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 27900 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 27900 0xffff match ip protocol 0x11 0xff flowid 1:10
        #TCP
        #14200
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 14200 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 14200 0xffff match ip protocol 0x6 0xff flowid 1:10
        #20024 .. 20031
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 20024 0xfff8 match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 20024 0xfff8 match ip protocol 0x6 0xff flowid 1:10
        #20032 .. 20047
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 20032 0xfff0 match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 20032 0xfff0 match ip protocol 0x6 0xff flowid 1:10
        #20048
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 20048 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 20048 0xffff match ip protocol 0x6 0xff flowid 1:10
        # Warhammer Online
        #TCP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1380 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1380 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 10622 0xffff match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 10622 0xffff match ip protocol 0x6 0xff flowid 1:10
        #UDP 33100-33500 (32768-33791)
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 33100 0xfc00 match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 33100 0xfc00 match ip protocol 0x11 0xff flowid 1:10
        #Battlefield 2
        #TCP 16567, 16667
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 16567 0xfc00 match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 16567 0xfc00 match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 16667 0xfc00 match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 16667 0xfc00 match ip protocol 0x6 0xff flowid 1:10
        #Call of Duty 4
        #port 28960 TCP a UDP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 28960 0xffff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 28960 0xffff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3074 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3074 0xfffe match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3080 0xffff match ip protocol 0x11 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3080 0xffff match ip protocol 0x11 0xff flowid 1:10

        # TCP ACK packets smaller than 64 bytes
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 \
                   match ip protocol 6 0xff \
                   match u8 0x05 0x0f at 0 \
                   match u16 0x0000 0xffc0 at 2 \
                   match u8 0x10 0xff at 33 \
                   flowid 1:10

        ## Ping class
        # ICMP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip protocol 0x01 0xff flowid 1:20

        ## Routing class
        # BGP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 179 0xffff match ip protocol 0x6 0xff flowid 1:30
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 179 0xffff match ip protocol 0x6 0xff flowid 1:30
        # OSPF
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip protocol 0x59 0xff flowid 1:30

        ## Email & Data transfer class
        # FTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 20 0xfffe match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 20 0xfffe match ip protocol 0x6 0xff flowid 1:40
        # PPTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1723 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1723 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1723 0xffff match ip protocol 0x11 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1723 0xffff match ip protocol 0x11 0xff flowid 1:40
        # OpenVPN
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5000 0xffff match ip protocol 0x11 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5000 0xffff match ip protocol 0x11 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1194 0xffff match ip protocol 0x11 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1194 0xffff match ip protocol 0x11 0xff flowid 1:40
        # SCP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 22 0xffff match ip protocol 0x6 0xff match ip tos 0x08 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 22 0xffff match ip protocol 0x6 0xff match ip tos 0x08 0xff flowid 1:40
        # POP3
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 110 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 110 0xffff match ip protocol 0x6 0xff flowid 1:40
        # IMAP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 143 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 143 0xffff match ip protocol 0x6 0xff flowid 1:40
        # SMTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 25 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 25 0xffff match ip protocol 0x6 0xff flowid 1:40
        # POP3S
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 995 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 995 0xffff match ip protocol 0x6 0xff flowid 1:40
        # IMAPS
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 993 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 993 0xffff match ip protocol 0x6 0xff flowid 1:40
        # SSMTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 465 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 465 0xffff match ip protocol 0x6 0xff flowid 1:40
        # rsync 
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 673 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 673 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 673 0xffff match ip protocol 0x11 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 673 0xffff match ip protocol 0x11 0xff flowid 1:40
        # CVS
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 873 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 873 0xffff match ip protocol 0x6 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 873 0xffff match ip protocol 0x11 0xff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 873 0xffff match ip protocol 0x11 0xff flowid 1:40
        # SVN
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3690 0xffff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3690 0xffff flowid 1:40
        # NNTP over SSL
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 563 0xffff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 563 0xffff flowid 1:40
        # VNC
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5900 0xffff flowid 1:40
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5900 0xffff flowid 1:40

        ## VOIP class
        # SIP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5060 0xfffe match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5060 0xfffe match ip protocol 0x11 0xff flowid 1:50
        # RTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 8000 0xffff match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 8000 0xffff match ip protocol 0x11 0xff flowid 1:50
        # Skype typeofservice mark
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0x20 0xff flowid 1:50  #Skype? 
        # VoIP typeofservice mark
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0x68 0xff flowid 1:50  #SIP 
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0xb8 0xff flowid 1:50  #RTP 
        # VoIP typeofservice mark for RTP ha-vel.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0x16 0xff flowid 1:50  #RTP
        # TOS mimimize delay - VoIP typeofservice mark for RTP vox.802.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip tos 0x10 0xff flowid 1:50
        # VoIP IP addr for RTP ha-vel.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 217.66.161.0/28 flowid 1:50  #RTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 217.66.161.0/28 flowid 1:50  #RTP
        # VoIP IP addr for RTP 802.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 212.71.146.128/26 flowid 1:50  #RTP rtp.802.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 212.71.146.128/26 flowid 1:50  #RTP rtp.802.cz
        # VoIP IP addr for others RTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 62.168.42.145 flowid 1:50  #sip2.fayn.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 62.168.42.145 flowid 1:50  #sip2.fayn.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 82.208.46.240 flowid 1:50  #sip.mujtelefon.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 82.208.46.240 flowid 1:50  #sip.mujtelefon.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 212.20.119.40/29 flowid 1:50  #sip1.netphone.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 212.20.119.40/29 flowid 1:50  #sip1.netphone.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 81.91.216.18 flowid 1:50  #aps.sbohempevnalinko.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 81.91.216.18 flowid 1:50  #aps.sbohempevnalinko.cz
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 81.91.216.11 flowid 1:50  #fax.sipcz.net
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 81.91.216.11 flowid 1:50  #fax.sipcz.net
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 69.59.241.0/24 match ip protocol 0x11 0xff flowid 1:50 # Vonage
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 69.59.241.0/24 match ip protocol 0x11 0xff flowid 1:50 # Vonage
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 193.86.76.226 match ip protocol 0x11 0xff flowid 1:50 #ustredna.systinet.com
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 193.86.76.226 match ip protocol 0x11 0xff flowid 1:50 #ustredna.systinet.com
        # gnomemeeting
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 30000 0xfff8 match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 30000 0xfff8 match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 30008 0xfffe match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 30008 0xfffe match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 30010 0xffff match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 30010 0xffff match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5000 0xfff8 match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5000 0xfff8 match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5010 0xfffe match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5010 0xfffe match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 5012 0xfffe match ip protocol 0x11 0xff flowid 1:50
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 5012 0xfffe match ip protocol 0x11 0xff flowid 1:50
        #ventrilo 3784 .. 3791
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3784 0xfff8 match ip protocol 0x6 0xff flowid 1:10
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3784 0xfff8 match ip protocol 0x6 0xff flowid 1:10
                
        ## Web & Squid class
        # HTTP
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 80 0xffff match ip protocol 0x6 0xff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 80 0xffff match ip protocol 0x6 0xff flowid 1:60
        # HTTPS
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 443 0xffff match ip protocol 0x6 0xff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 443 0xffff match ip protocol 0x6 0xff flowid 1:60
        # WebCache
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 8080 0xffff match ip protocol 0x6 0xff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 8080 0xffff match ip protocol 0x6 0xff flowid 1:60
        # HTTP port
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3128 0xffff match ip protocol 0x6 0xff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3128 0xffff match ip protocol 0x6 0xff flowid 1:60
        # ICP port
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 3130 0xffff match ip protocol 0x6 0xff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 3130 0xffff match ip protocol 0x6 0xff flowid 1:60
        # VPN KB.CZ
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip src 194.228.113.135 match ip sport 4500 0xffff match ip protocol 0x11 0xff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dst 194.228.113.135 match ip dport 4500 0xffff match ip protocol 0x11 0xff flowid 1:60
        # Cisco VPN
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 500 0xffff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 500 0xffff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 4500 0xffff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 4500 0xffff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 10000 0xffff flowid 1:60
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 10000 0xffff flowid 1:60


        ## Unsupported class
        # Kazaa
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip sport 1214 0xffff match ip protocol 0x6 0xff flowid 1:666
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 2 u32 match ip dport 1214 0xffff match ip protocol 0x6 0xff flowid 1:666

        ## Airfree class
        # File download over http
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 62.67.46.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 62.67.50.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 62.140.31.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 64.211.146.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 80.152.62.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 80.231.24.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 80.231.41.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 80.239.137.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 80.239.236.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 82.129.39.0/24 flowid 1:667 # PA-TERASPACE-COGENT-1
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 195.122.131.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 195.122.149.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 195.122.151.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 195.122.152.0/23 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 195.219.1.0/24 flowid 1:667 # TERASPACE-GB
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 206.57.14.0/24 flowid 1:667 # TERAS
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 212.162.2.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 212.162.63.0/24 flowid 1:667 # TERASPACE-GMBH
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 77.88.62.0/24 flowid 1:667 # yandex.ru
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 83.229.252.0/23 flowid 1:667 # MCHOST-SYN-NET
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 85.17.172.0/24 flowid 1:667 # LEASEWEB (filefactory.com)
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 94.75.218.0/24 flowid 1:667 # LEASEWEB
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 78.140.128.0/18 flowid 1:667 # NL-WEBAZILLA
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 88.86.100.160/27 flowid 1:667 # uloz.to
        $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src 88.208.16.0/20 flowid 1:667 # HALDEX-NET (letitbit.net)

        # IP range of DHCP for airfree AP on this router
        for ipaddr in $AIRFREE
        do 
            $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src $ipaddr flowid 1:667
            $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip dst $ipaddr flowid 1:667
        done
        # non-CZF-RFC - violators of RFCs
        for ipaddr in $NONCZF
        do
            $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src $ipaddr flowid 1:666
            $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip dst $ipaddr flowid 1:666
        done
        # non-contributors
        for ipaddr in $NONCONTRIB
        do
            $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip src $ipaddr flowid 1:668
            $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 u32 match ip dst $ipaddr flowid 1:668
        done

        ## Internet class
        # IPtables rule
#       $IPTABLES -t mangle -A FORWARD -s ! 10.0.0.0/8 -o ${FACE} -j MARK  --set-mark 999
#       $IPTABLES -t mangle -A FORWARD -d ! 10.0.0.0/8 -o ${FACE} -j MARK  --set-mark 999
        # IPtables mark filter
#       $TC filter add dev ${FACE} parent 1:0 protocol ip prio 1 handle 999 fw flowid 1:999
}

for FACE in $FACES
do
    if [ -z "`$IP l | grep $FACE[:@]`" ]
    then
        echo "Interface $FACE doesn't exist"
        continue
    fi
    TYPE=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*type[[:space:]]\+\([[:alpha:]]\+\).*}.*/\1/"`
    if [ "$TYPE" != 'transit' ]
    then
        continue
    fi
    SPEED=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*speed[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    QUANTUM=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*quantum[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`

    if [ -z "$QUANTUM" ]
    then
        MTU=`$IP l | grep $FACE[:@] | sed -e "s/^.*mtu[[:space:]]\+\([[:digit:]]\+\).*/\1/"`
        QUANTUM=$(($QUANTUMOFFS+$MTU))
    fi

    NONCZFSPD=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*NONCZFSPD[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $NONCZFSPD ] ; then NONCZFSPD=$DNONCZFSPD ; fi

    AIRFREESPD=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*AIRFREESPD[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $AIRFREESPD ] ; then AIRFREESPD=$DAIRFREESPD ; fi

    NONCONTRIBSPD=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*NONCONTRIBSPD[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $NONCONTRIBSPD ] ; then NONCONTRIBSPD=$DNONCONTRIBSPD ; fi

    SSHDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*SSHDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $SSHDIV ] ; then SSHDIV=$DSSHDIV ; fi

    PINGDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*PINGDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $PINGDIV ] ; then PINGDIV=$DPINGDIV ; fi

    INTERACTDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*INTERACTDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $INTERACTDIV ] ; then INTERACTDIV=$DINTERACTDIV ; fi

    VOIPDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*VOIPDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $VOIPDIV ] ; then VOIPDIV=$DVOIPDIV ; fi

    WWWDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*WWWDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $WWWDIV ] ; then WWWDIV=$DWWWDIV ; fi

    XFERDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*XFERDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $XFERDIV ] ; then XFERDIV=$DXFERDIV ; fi

    DFLTDIV=`echo -e $IFACECONF | grep $FACE | sed -e "s/^.*{.*DFLTDIV[[:space:]]\+\([[:digit:]]\+\).*}.*/\1/;t;d"`
    if [ -z $DFLTDIV ] ; then DFLTDIV=$DDFLTDIV ; fi

#echo $SPEED $NONCZFSPD $AIRFREESPD $SSHDIV $PINGDIV $INTERACTDIV $VOIPDIV $WWWDIV $XFERDIV $DFLTDIV
    set_qos_classes
done

exit 0

Powered by WebSVN 2.2.1