Re: Question about wondershaper
--- Andre Majorel <aym-naibed@teaser.fr> wrote:
> On 2004-11-28 19:15 +0000, Jean-Michel Hiver wrote:
>
> > I'm toying around with wondershaper but can't get it to work very
> well.
> >
> > I am on a fairly crappy ISDN connection (64 kbps up, 64kbps down) -
> top
> > download @ about 7.7 ko/sec. I run it on a debian box with a 2.6
> kernel
> > which acts as gateway / nat server.
> >
> > Whenever there is a download on my home network, pings to say,
> > google.com skyrocket to 6000+ms as opposed to 300-400ms (I live in
> > Reunion and I am on a fairly crappy ISDN connection=> high ping
> anyways).
> >
> > I have tried various parameters (wondershaper 64 64, wondershaper 60
> 60,
> > wondershaper 56 56, etc) and it doesn't seem to do much at all.
> >
> > Only when I put ridiculous values (such as wondershaper 8 8) I get a
> > "decent" ping, but then of course the download goes right down to 2
> ko/sec.
> >
> > Any ideas?
>
> I can't help you with wondershaper specifically, but I use a
> similar script, based on myshaper, which is itself based on
> wondershaper. My experience is that, from behind an ADSL modem
> running in bridge mode, you have to cap the upload rate to 90 kbps
> (for a 128 kbps connection) or 180 kbps (for a 256 kbps
> connection). I.e. for the upload throttle to be effective, it has
> to be about 70% of the nominal upload bandwidth.
>
> If you go above that, it may work most of the time, but you will
> still have latency spikes under certain circumstances.
>
> The "interesting" part of my script follows :
>
> ----------------------------------------------------------------
> #
> # cmd_reset - reset everything to a known state
> #
> cmd_reset ()
> {
> (
> set +e # Errors occur the first time
> tc qdisc del dev $DEV root
> tc qdisc del dev imq0 root
> iptables -t mangle -D POSTROUTING -o $DEV -j MYSHAPER-OUT
> iptables -t mangle -F MYSHAPER-OUT
> iptables -t mangle -X MYSHAPER-OUT
> iptables -t mangle -D PREROUTING -i $DEV -j MYSHAPER-IN
> iptables -t mangle -F MYSHAPER-IN
> iptables -t mangle -X MYSHAPER-IN
> ip link set imq0 down
> rmmod imq
> true
> )
> }
>
This has allways been a week spot. Every time you add/change something
you needto update both places I.E. reset and startout.
I have elimenated this with a shell script(attached).
>
> #
> # cmd_startout - outbound Shaping (limits total bandwidth to RATEUP)
> #
> cmd_startout ()
> {
> # set queue size to give latency of about 2 seconds on low-prio
> packets
> ip link set dev $DEV qlen 30
>
> # changes mtu on the outbound device. Lowering the mtu will result
> # in lower latency but will also cause slightly lower throughput due
> # to IP and TCP protocol overhead.
> #ip link set dev $DEV mtu 1000
>
> # add HTB root qdisc
> tc qdisc add dev $DEV root handle 1: htb default 26
>
> # add main rate limit classes
> tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit
>
> # add leaf classes
> (
> cmd2 ()
> {
> if expr "$2" : '[0-9]\+%$' >/dev/null
> then
> rate=$[RATEUP * ${2%\%}00 / 10000]
> if [ $rate = 0 ]
> then
> rate=1
> fi
> else
> rate="$2"
> fi
> tc class add dev $DEV parent 1:1 classid 1:2$1 htb \
> rate "${rate}kbit" \
> ceil ${RATEUP}kbit \
> prio $1
> }
>
> # Usage: cmd2 prio guaranteed-bandwidth-percentage%
>
> cmd2 0 5% # 20 - Ping (ICMP)
> cmd2 1 18% # 21 - UDP + small SSH/Telnet packets
> cmd2 2 50% # 22 - big SSH/Telnet packets
> cmd2 3 15% # 23 - small packets
> cmd2 4 10% # 24 - interactive services for small documents (HTTP)
> cmd2 5 1% # 25 - interactive services for bulk data (FTP)
> cmd2 6 1% # 26 - lowest priority, the equivalent of nice -20.
> # Used for non-interactive background services such
> # as $P2P_PROTOCOL.
> )
>
> # attach qdisc to leaf classes
> #
> # here we at SFQ to each priority class. SFQ insures that within each
> # class connections will be treated (almost) fairly.
> tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
> tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10
> tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10
> tc qdisc add dev $DEV parent 1:23 handle 23: sfq perturb 10
> tc qdisc add dev $DEV parent 1:24 handle 24: sfq perturb 10
> tc qdisc add dev $DEV parent 1:25 handle 25: sfq perturb 10
> tc qdisc add dev $DEV parent 1:26 handle 26: sfq perturb 10
>
> # filter traffic into classes by fwmark
> #
> # here we direct traffic into priority class according to the fwmark
> set
> # on the packet (we set fwmark with iptables later). Note that above
> # we've set the default priority class to 1:26 so unmarked packets (or
> # packets marked with unfamiliar IDs) will be defaulted to the lowest
> # priority class.
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw
> flowid 1:20
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw
> flowid 1:21
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw
> flowid 1:22
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 23 fw
> flowid 1:23
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 24 fw
> flowid 1:24
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 25 fw
> flowid 1:25
> tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 26 fw
> flowid 1:26
>
> # add MYSHAPER-OUT chain to the mangle table in iptables
> #
> # this sets up the table we'll use to filter and mark packets.
> iptables -t mangle -N MYSHAPER-OUT
> iptables -t mangle -I POSTROUTING -o $DEV -j MYSHAPER-OUT
>
> # add fwmark entries to classify different types of traffic
> #
> # Set fwmark from 20-26 according to desired class. 20 is highest
> prio.
> (
> cmd2 ()
> {
> mark="$1"
> shift
> iptables -t mangle -A MYSHAPER-OUT $* -j MARK --set-mark "$mark"
> }
>
> cmd2 23 -p tcp --sport 0:1023 # Default for low port traffic
> cmd2 23 -p tcp --dport 0:1023 # ""
> cmd2 26 -p tcp --dport 20 # ftp-data port, low prio
> cmd2 20 -p icmp # ICMP (ping) - high prio, impress
> # friends
> cmd2 21 -p udp # DNS name resolution (small packets)
>
> # SSH is split between two classes. This is so that transfering bulk
> # data over SSH doesn't prevent you from using interative SSH.
> cmd2 22 -p tcp --dport ssh
> cmd2 22 -p tcp --sport ssh
> cmd2 21 -p tcp --dport ssh -m length --length :999
> cmd2 21 -p tcp --sport ssh -m length --length :999
>
> cmd2 22 -p tcp --dport telnet
> cmd2 22 -p tcp --sport telnet
> cmd2 21 -p tcp --dport telnet -m length --length :999
> cmd2 21 -p tcp --sport telnet -m length --length :999
>
> cmd2 24 -p tcp --sport http # Local web server
> cmd2 25 -p tcp --sport 20 # Local FTP server
> cmd2 26 -p tcp --sport $P2P_PORT # Local $P2P_PROTOCOL server
> cmd2 26 -p tcp --dport $P2P_PORT # Remote $P2P_PROTOCOL server
> # Was 21
> cmd2 23 -p tcp -m length --length :64 # small packets (probably just
> ACKs)
> cmd2 26 -m mark --mark 0 # redundant- mark any unmarked packets
> # as 26 (low prio)
> )
>
> echo "Outbound shaping added to $DEV. Rate: ${RATEUP}kbit/sec."
> }
> ----------------------------------------------------------------
>
> Note that one issue with this script is that it does not
> distinguish between uploads initiated by you, and uploads
> resulting from other machines on the net wanting to download from
> your machine. Because of this, uploading a file to an FTP server
> is slow.
>
> --
> André Majorel <URL:http://www.teaser.fr/~amajorel/>
> Do not use this account for regular correspondence.
> See the URL above for contact information.
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - Get yours free!
http://my.yahoo.com
#!/bin/sh
umask 027
touch "$2"
if ! [ -r "$1" -a -w "$2" ]
then echo 'Usage $0: up-script down-script <options for up script>'
cat <<EOF
This script is used to run an admin script, called up. Based on
the output of "/bin/sh -x", a down script is created, to be run
later by the same means as this script was called.
The term "admin script" referees to a script that the system admin
(or you!) created. The idea is that when you change the up script
the down script is updated by this script. So this script should be
the only script to actually run the up script, however the down
script is completely self contained and dose not depend on anything.
The down-script is marked executable, but removes this when run.
It is also important to note that the down-script should be run
directly, and not by this script.
EXAMPLE for /etc/network/interfaces:
up /etc/network/ifup-mkundo.sh\
/etc/network/nat.sh /etc/network/.nat-eth0.sh\
eth0 up
down /etc/network/.nat-eth0.sh
Also this script just did a "touch $2", a hack to test parameters.
EOF
exit 0
fi
upscript="$1"
downscript="$2"
shift 2
# stderr never gets EOF, use file.
/bin/bash -x -c ". $upscript $*" 2> $downscript
# lifo and act as a command int.
cat $downscript | grep -n '^++' | tr "%'\"" " " | sort -rn > ${downscript}.tmp
# This is not the only way to do it, but printing #!/bin/sh is trixy.
{
cat <<EOF
#!/bin/sh
EOF
cat ${downscript}.tmp; } |
sed -e 's/^[0-9][0-9]*:++* /echo /' |
# FIXME get arp -a input for arp -d reversal, or fix arp :).
# sed -e 's/^echo arp\(.*\)-d/echo arp\1-tmp/' |
sed -e 's/^echo arp -s \([.0-9][.0-9]* \?\).*/arp -d \1 2>\/dev\/null/' |
# sed -e 's/^arp\(.*\)-tmp/arp -s\1/' $downscript <-- What's this "$downscript"???
# set +x, escape from being monitored. DELETE.
sed -e 's/^echo set +x$//' |
# Other known unsuported things, some not so ok to ignore.
sed -e 's/^echo exit/\# exit/' \
-e 's/^echo echo/\# echo/' \
-e 's/^echo disown/\# disown/' \
-e 's/^echo export/\# export/' \
-e 's/^echo ifconfig/\# ifconfig/' \
-e 's/^echo test/\# test/' \
-e 's/^echo case/\# case/' \
-e 's/^echo \([^ =][^ =]*\)=\(.*\)/\# \1=\2/' \
-e 's/^echo cat/\# cat/' \
-e 's/^echo add_/\# add_/' \
-e 's/^echo sleep/\# sleep/' |
# tc filters get optimized, non reversible. I.E. crypt :)
sed -e 's/^echo tc filter add/# tc filter add/' |
# tc classes end when school gets out.
sed -e 's/^echo tc class add/# tc class add/' |
# if and fi are useless, ignore what's inside as an added feature.
# NOT TESTED!!
sed -e 's/^echo if/\if 0/' \
-e 's/^echo fi/\fi/' |
# System tools
sed -e 's/^echo daemon\(.*\)--stop\(.*\)/taemon\1\2/' \
-e 's/^echo daemon\(.*\)/daemon\1 --stop/' \
-e 's/^taemon\(.*\)/daemon\1/' |
# Network tools
sed -e 's/^echo iptables\(.*\)-D/iptables\1-tmp/' \
-e 's/^echo iptables\(.*\)-A/iptables\1-D/' \
-e 's/^iptables\(.*\)-tmp/iptables\1-A/' \
-e 's/^echo iptables\(.*\)-I \?\([a-zA-Z]* \?\)[0-9]*/iptables\1-D \2/' \
-e 's/^echo iptables\(.*\)-X/iptables\1-tmp/' \
-e 's/^echo iptables\(.*\)-N/iptables\1-X/' \
-e 's/^iptables\(.*\)-tmp/iptables\1-N/' |
sed -e 's/^echo route\(.*\)del/route\1tmp/' \
-e 's/^echo route\(.*\)add/route\1del/' \
-e 's/^route\(.*\)tmp/route\1add/' \
-e 's/^echo ip\(.*\)del/ip\1tmp/' \
-e 's/^echo ip\(.*\)add/ip\1del/' \
-e 's/^ip\(.*\)tmp/ip\1add/' |
# for tc filters we can still add, what others remove.
sed -e 's/^echo tc\(.*\)del/tc\1tmp/' \
-e 's/^echo tc\(.*\)add/tc\1del/' \
-e 's/^tc\(.*\)tmp/tc\1add/' |
# Network daemons, EVAL HACKS AHEAD.
sed -e 's/^echo farpd/# farpd/' |
sed -e 's/^echo fake remove\(.*\)/__TMPXYAD\1/' \
-e 's/^echo fake\(.*\)$/export HOME=\/root\
fake remove\1 >\/dev\/null <\/dev\/null 2>&1/' \
-e 's/^__TMPXYAD\(.*\)/export HOME=\/root\
fake\1 >\/dev\/null <\/dev\/null 2>&1 & disown/' |
cat > $downscript && rm ${downscript}.tmp
echo 'chmod a-x $0; true' >> $downscript
chmod ug+x $downscript
exit 0
Reply to: