³o¨â¤Ñ¬ã¨s¤F¤@¤UQOS¸}¥»(©ñ¦b°ª¯Å³]¸m>¦Û©w¸q³]¸m>¸}¥»> ¦b¨¾¤õ墙规则 (Emong's Qos) ûD动¦Z执¦æ)

¦n¹³­nÃö³¬Hwnat¤~¦³¥Î...(?)

ºô¸ô§ä¨ìªº¸}¥»...§Úµy·L¹ï§Ú®aªºÀW¼eÀu¤Æ(¤]¤£ª¾¹D¦³¨S¦³®Ä)....¼Æ­È¬OKB¤£¬Okb(¬Û®t¤K­¿¥H¤Q­¿¤è«K­pºâ)¡A°²¦p³]©w4000´N¬O4000KB¬ù4MB/s....¬Û·í©ó40Mªººô³t¡C

³o¸ÌÁÙ¦³±Ðµ{...
http://www.right.com.cn/forum/thread-151128-1-1.html



#!/bin/sh
#copyright by Emong's Qos update hiboy
/etc/storage/crontabs_script.sh &
export PATH='/etc/storage/bin:/tmp/script:/etc/storage/script:/opt/usr/sbin:/opt/usr/bin:/opt/sbin:/opt/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin'
export LD_LIBRARY_PATH=/lib:/opt/lib
# qos ¥\¯à 0关闭¡F1ûD动
qoss=1
# 当¦b线终ºÝ≤2¥x时¨ú®ø­­³t.(¸ô¥ÑºÝ1+电脑ºÝ1=2¥x)
qosb=2
# Àq认为20M
DOWN=4000
UP=1500
[ "$qoss" = "1" ] && logger -t "¡iQOS¡j" "³Ì¤j¤U载 $DOWN KB/S,³Ì¤j¤W传 $UP KB/S"
# IP­­³t设¸m
# ¥¼设¸mªºIP带宽ú£¥b,¦pûD¥Îadbyby,¦]7620ªºCPU²~颈,宽带®p­È50M
# ª`·N参数¤§间¦³ªÅ®æ
# ¥i选项¡G删°£«e­±ªº#¥i¥Í®Ä
# [KB/S]IP¦a§} ³Ì¤j¤U载 ¤U载«O证 ³Ì¤j¤W传 ¤W传«O证
cat > "/tmp/qos_ip_limit_DOMAIN.txt" <<-\EOF
#192.168.123.115 2560 100 200 20
192.168.123.2-192.168.123.244 2000 300 600 150



EOF
# 连±µ数­­¨î
#¦pªG开ûD该¥\¯à¦Z,¥´开¤U载软¥ó¥i¯à会导­PQQµ¥²á¤Ñ软¥ó±¼线.(¦]为连±µ数¶q会³Q¥e¥ú)
# IP¦a§} TCP连±µ数 UDP连±µ数
cat > "/tmp/qos_connlmt_DOMAIN.txt" <<-\EOF
#192.168.123.10 100 100
192.168.123.20-192.168.123.25 100 100


EOF
# ºÝ¤fɬ¥ý
# 请¤Å²K¥[¤U载应¥ÎªººÝ¤f80¡B8080µ¥µ¥.¥Ñ¤_没¦³³Q¬y¶q±±¨î©M处²zɬ¥ý级,¤U载应¥Î会¥e¥Î¤j¶q资·½导­PÊI络¥d
# 协议 ºÝ¤f
cat > "/tmp/qos_port_first_DOMAIN.txt" <<-\EOF
UDP 53
TCP 22
TCP 23
#TCP 443
TCP 1723
#TCP 3389
TCP 3724,1119,1120
TCP 28012,10008,13006,2349,7101:7103
UDP 2349,12000:12175



EOF

load_var() {
WAN_IF="imq1"
LAN_IF="imq0"
WAN_IFT=$(nvram get wan0_ifname_t)
IPM="iptables -t mangle"
lan_ip="`nvram get lan_ipaddr`/24"

}

load_modules(){
[ ! -f /tmp/qos-emong-modules ] && {
modprobe act_connmark #¯Ê,补621-sched_act_connmark.patch@597
for module in imq ipt_IMQ ipt_web xt_length xt_hashlimit cls_fw sch_htb sch_sfq sch_red xt_length xt_IMQ ipt_ipp2p xt_dscp xt_DSCP cls_u32 sch_hfsc sch_prio ipt_multiport ipt_CONNMARK ipt_length ipt_hashlimit xt_connlimit xt_connbytes ipt_connlimit em_u32 sch_ingress act_mirred
do
modprobe $module
done
modprobe imq numdevs=1
echo >/tmp/qos-emong-modules
}
}

qos_stop() {
tc qdisc del dev $WAN_IF root
tc qdisc del dev $LAN_IF root

$IPM -F
$IPM -X UP
$IPM -X DOWN
$IPM -X IP_DOWN
$IPM -X IP_UP
}

qos_start(){

ip link set imq0 up
ip link set imq1 up
tc qdisc add dev $WAN_IF root handle 1: htb
tc qdisc add dev $LAN_IF root handle 1: htb
tc class add dev $WAN_IF parent 1: classid 1:2 htb rate $((UP))kbps
tc class add dev $LAN_IF parent 1: classid 1:2 htb rate $((DOWN))kbps

tc class add dev $WAN_IF parent 1: classid 1:1 htb rate $((UP*95/100))kbps
tc class add dev $WAN_IF parent 1:1 classid 1:11 htb rate $((UP*5/10))kbps prio 1
tc class add dev $WAN_IF parent 1:1 classid 1:12 htb rate $((UP*5/10))kbps ceil $((UP*9/10))kbps prio 2
tc class add dev $WAN_IF parent 1:12 classid 1:121 htb rate $((UP*4/10))kbps ceil $((UP*8/10))kbps prio 1
tc class add dev $WAN_IF parent 1:12 classid 1:122 htb rate $((UP*1/10))kbps ceil $((UP*4/10))kbps prio 2
tc class add dev $WAN_IF parent 1:12 classid 1:123 htb rate $((UP*4/10))kbps ceil $((UP*6/10))kbps prio 3
tc qdisc add dev $WAN_IF parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $WAN_IF parent 1:121 handle 121: sfq perturb 10
tc qdisc add dev $WAN_IF parent 1:122 handle 122: sfq perturb 10
tc qdisc add dev $WAN_IF parent 1:123 handle 123: sfq perturb 10
tc filter add dev $WAN_IF parent 1: handle 0x10/0xfff0 fw classid 1:11
tc filter add dev $WAN_IF parent 1: handle 0x20/0xfff0 fw classid 1:121
tc filter add dev $WAN_IF parent 1: handle 0x30/0xfff0 fw classid 1:122
tc filter add dev $WAN_IF parent 1: handle 0x40/0xfff0 fw classid 1:123

tc class add dev $LAN_IF parent 1: classid 1:1 htb rate $((DOWN*95/100))kbps
tc class add dev $LAN_IF parent 1:1 classid 1:11 htb rate $((DOWN*5/10))kbps prio 1
tc class add dev $LAN_IF parent 1:1 classid 1:12 htb rate $((DOWN*5/10))kbps ceil $((DOWN*9/10))kbps prio 2
tc class add dev $LAN_IF parent 1:12 classid 1:121 htb rate $((DOWN*4/10))kbps ceil $((DOWN*8/10))kbps prio 1
tc class add dev $LAN_IF parent 1:12 classid 1:122 htb rate $((DOWN*1/10))kbps ceil $((DOWN*4/10))kbps prio 10
tc class add dev $LAN_IF parent 1:12 classid 1:123 htb rate $((DOWN*4/10))kbps ceil $((DOWN*6/10))kbps prio 3
tc qdisc add dev $LAN_IF parent 1:11 handle 11: sfq perturb 10
tc qdisc add dev $LAN_IF parent 1:121 handle 121: sfq perturb 10
tc qdisc add dev $LAN_IF parent 1:122 handle 122: sfq perturb 10
tc qdisc add dev $LAN_IF parent 1:123 handle 123: sfq perturb 10
tc filter add dev $LAN_IF parent 1: handle 0x10/0xfff0 fw classid 1:11
tc filter add dev $LAN_IF parent 1: handle 0x20/0xfff0 fw classid 1:121
tc filter add dev $LAN_IF parent 1: handle 0x30/0xfff0 fw classid 1:122
tc filter add dev $LAN_IF parent 1: handle 0x40/0xfff0 fw classid 1:123

$IPM -N UP
$IPM -N DOWN
$IPM -N IP_UP
$IPM -N IP_DOWN
$IPM -I POSTROUTING -o br0 -j DOWN
$IPM -I PREROUTING -i br0 -j UP
$IPM -A DOWN -j IMQ --todev 0
$IPM -A UP -j IMQ --todev 1
#$IPM -I DOWN -s $lan_ip -j RETURN
$IPM -I DOWN -p tcp -m multiport --dports 22,53,445,139 -j RETURN
$IPM -I DOWN -p icmp -j RETURN
#$IPM -A DOWN -m length --length :100 -j RETURN
$IPM -A DOWN -j MARK --set-mark=0x41
$IPM -A DOWN -m length --length 1024:1500 -j MARK --set-mark=0x31
$IPM -A DOWN -p tcp -m multiport --dports 21,80,443,3389,8118 -j MARK --set-mark=0x21
$IPM -A DOWN -m length --length :768 -j MARK --set-mark=0x11

$IPM -A DOWN -j IP_DOWN

#$IPM -I UP -d $lan_ip -j RETURN
$IPM -I UP -p tcp -m multiport --sports 22,53,445,139 -j RETURN
$IPM -I UP -p icmp -j RETURN
#$IPM -A UP -m length --length :80 -j RETURN
$IPM -A UP -j MARK --set-mark=0x41
$IPM -A UP -m length --length 1024:1500 -j MARK --set-mark=0x31
$IPM -A UP -p tcp -m multiport --sports 21,80,443,3389,8118 -j MARK --set-mark=0x21
$IPM -A UP -m length --length :512 -j MARK --set-mark=0x11

$IPM -A UP -j IP_UP

}

connlmt() {
$IPM -A FORWARD -p tcp -d $1 -m connlimit --connlimit-above $2 -j DROP
$IPM -A FORWARD -p udp -d $1 -m connlimit --connlimit-above $3 -j DROP

}

ip_limit() {
conns=$6
[ $((conns)) -lt "6" ] && logger -t "¡iQOS¡j" "­­³t设¸m[KB/S]IP1, ³Ì¤j¤U载2, ¤U载«O证3, ³Ì¤j¤W传4, ¤W传«O证5"
[ $((conns)) -ge "6" ] && logger -t "¡iQOS¡j" "连±µ数­­¨îIP1 TCP2, UDP3"
n=$(echo $1|cut -d '-' -f1|cut -d '.' -f4)
m=$(echo $1|cut -d '-' -f2|cut -d '.' -f4)
NET=$(echo $1|cut -d '.' -f1-3)
while [ $n -le $m ]
do
ip=$n
if [ $((conns)) -lt "6" ] ; then
[ ${#ip} -lt 3 ] && ip=0$ip
[ ${#ip} -lt 3 ] && ip=0$ip
var=1

tc class add dev $WAN_IF parent 1:2 classid 1var$ip htb rate $5kbps ceil $4kbps
tc qdisc add dev $WAN_IF parent 1var$ip handle $var$ip sfq perturb 10
tc filter add dev $WAN_IF parent 1: handle 0x$var$ip fw flowid 1var$ip

tc class add dev $LAN_IF parent 1:2 classid 1var$ip htb rate $3kbps ceil $2kbps
tc qdisc add dev $LAN_IF parent 1var$ip handle $var$ip sfq perturb 10
tc filter add dev $LAN_IF parent 1: handle 0x$var$ip fw flowid 1var$ip

$IPM -A IP_DOWN -d $NET.$n -j MARK --set-mark 0x$var$ip
$IPM -A IP_UP -s $NET.$n -j MARK --set-mark 0x$var$ip
else
connlmt $NET.$n $2 $3
fi
n=$((n+1))
done

}

port_first() {
logger -t "¡iQOS¡j" "ºÝ¤fɬ¥ý1, $2"
$IPM -I DOWN -p $1 -m multiport --dports $2 -j RETURN
$IPM -I UP -p $1 -m multiport --sports $2 -j RETURN

}

if [ "$qoss" = "1" ] && [ -f "/lib/modules/$(uname -r)/kernel/net/netfilter/xt_IMQ.ko" ] ; then
if [ $(cat /tmp/qos_state) -eq 1 ] ; then
logger -t "¡iQOS¡j" "¥¿¦b运¦æ"
exit
else
echo 1 >/tmp/qos_state
fi
logger -t "¡iQOS¡j" "ûD动 QOS ¦¨¥\"
echo 1 >/tmp/qoss_state
load_var
load_modules
qos_stop
qos_start
while read line
do
c_line=`echo $line |grep -v "#"`
if [ ! -z "$c_line" ] ; then
ip_limit $line
fi
done < /tmp/qos_ip_limit_DOMAIN.txt

while read line
do
c_line=`echo $line |grep -v "#"`
if [ ! -z "$c_line" ] ; then
line="$line 4 5 6"
ip_limit $line
fi
done < /tmp/qos_connlmt_DOMAIN.txt

while read line
do
c_line=`echo $line |grep -v "#"`
if [ ! -z "$c_line" ] ; then
port_first $line
fi
done < /tmp/qos_port_first_DOMAIN.txt
if [ ! -f /tmp/qos_scheduler.lock ] ; then
/tmp/qos_scheduler.sh $qosb &
fi
echo 0 >/tmp/qos_state
else
logger -t "¡iQOS¡j" "QOS 没¦³开ûD©Î闪¦s¤£¨¬¯Ê¼Ò块"
echo 0 >/tmp/qoss_state
ip link set imq0 down
ip link set imq1 down
fi

logger -t "¡i¨¾¤õ墙规则¡j" "脚¥»§¹¦¨"