Openwrt配置QOS流量带宽限制

针对特定服务做优先级设定，提高带宽使用质量，也可针对特定IP进行限速。

#加载模块：insmod xt_IPIDinsmod cls_u32insmod cls_fwinsmod sch_htbinsmod sch_sfqinsmod sch_prio

#启用IMQ虚拟网卡ip link set imq0 upip link set imq1 up

#删除旧队列tc qdisc del dev imq0 roottc qdisc del dev imq1 root

#上传设置

#增加根队列，未标记数据默认走26tc qdisc add dev imq0 root handle 1: htb default 26

#增加总流量规则tc class add dev imq0 parent 1: classid 1:1 htb rate 350kbit

#增加子类tc class add dev imq0 parent 1:1 classid 1:20 htb rate 80kbit ceil 250kbit prio 0tc class add dev imq0 parent 1:1 classid 1:21 htb rate 80kbit ceil 250kbit prio 1tc class add dev imq0 parent 1:1 classid 1:22 htb rate 80kbit ceil 250kbit prio 2tc class add dev imq0 parent 1:1 classid 1:23 htb rate 80kbit ceil 250kbit prio 3tc class add dev imq0 parent 1:1 classid 1:24 htb rate 80kbit ceil 250kbit prio 4tc class add dev imq0 parent 1:1 classid 1:25 htb rate 50kbit ceil 250kbit prio 5tc class add dev imq0 parent 1:1 classid 1:26 htb rate 50kbit ceil 150kbit prio 6tc class add dev imq0 parent 1:1 classid 1:27 htb rate 50kbit ceil 100kbit prio 7

#为子类添加SFQ公平队列,每10秒重置tc qdisc add dev imq0 parent 1:20 handle 20: sfq perturb 10tc qdisc add dev imq0 parent 1:21 handle 21: sfq perturb 10tc qdisc add dev imq0 parent 1:22 handle 22: sfq perturb 10tc qdisc add dev imq0 parent 1:23 handle 23: sfq perturb 10tc qdisc add dev imq0 parent 1:24 handle 24: sfq perturb 10tc qdisc add dev imq0 parent 1:25 handle 25: sfq perturb 10tc qdisc add dev imq0 parent 1:26 handle 26: sfq perturb 10tc qdisc add dev imq0 parent 1:27 handle 27: sfq perturb 10

#添加过滤规则配合Iptables Mark标记

#tc filter add dev imq0 parent 1:0 protocol ip u32 match ip sport 22 0xffff flowid 1:10

#使用U32标记数据，下面使用Iptables mark，容易。tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 25 fw flowid 1:25tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 26 fw flowid 1:26tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 27 fw flowid 1:27

#上传数据转入特定链iptables -t mangle -N MYSHAPER-OUTiptables -t mangle -A POSTROUTING -o pppoe-wan -j MYSHAPER-OUTiptables -t mangle -A MYSHAPER-OUT -j IMQ –todev 0

#为特定数据打上标记配合之前过滤规则

#iptables -t mangle -I MYSHAPER-OUT -s 192.168.1.16 -j MARK –set-mark 27 #限制特定IP上传速度

#iptables -t mangle -I MYSHAPER-OUT -s 192.168.1.16 -j RETURNiptables -t mangle -A MYSHAPER-OUT -p tcp –tcp-flags SYN,RST,ACK SYN -j MARK –set-mark 20 #提高HTTP连接速度iptables -t mangle -A MYSHAPER-OUT -p tcp –tcp-flags SYN,RST,ACK SYN -j RETURNiptables -t mangle -A MYSHAPER-OUT -p udp –dport 53 -j MARK –set-mark 20 #DNS查询iptables -t mangle -A MYSHAPER-OUT -p udp –dport 53 -j RETURNiptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK –set-mark 21 #ICMP数据iptables -t mangle -A MYSHAPER-OUT -p icmp -j RETURNiptables -t mangle -A MYSHAPER-OUT -p tcp -m length –length :64 -j MARK –set-mark 21 #小数据包iptables -t mangle -A MYSHAPER-OUT -p tcp -m length –length :64 -j RETURNiptables -t mangle -A MYSHAPER-OUT -p tcp –dport 22 -j MARK –set-mark 22 #SSH连接iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 22 -j RETURNiptables -t mangle -A MYSHAPER-OUT -p udp –dport 1194 -j MARK –set-mark 22 #VPN连接iptables -t mangle -A MYSHAPER-OUT -p udp –dport 1194 -j RETURNiptables -t mangle -A MYSHAPER-OUT -p tcp –dport 80 -j MARK –set-mark 23 #HTTP连接iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 80 -j RETURNiptables -t mangle -A MYSHAPER-OUT -p tcp –dport 443 -j MARK –set-mark 24 #HTTPS连接iptables -t mangle -A MYSHAPER-OUT -p tcp –dport 443 -j RETURN

#上传设置完成

#下载设置

#增加根队列，未标记数据默认走24tc qdisc add dev imq1 handle 1: root htb default 24tc class add dev imq1 parent 1: classid 1:1 htb rate 3500kbit

#添加子类tc class add dev imq1 parent 1:1 classid 1:20 htb rate 1000kbit ceil 1500kbit prio 0tc class add dev imq1 parent 1:1 classid 1:21 htb rate 1500kbit ceil 2500kbit prio 1tc class add dev imq1 parent 1:1 classid 1:22 htb rate 2000kbit ceil 3500kbit prio 2tc class add dev imq1 parent 1:1 classid 1:23 htb rate 1000kbit ceil 1500kbit prio 3tc class add dev imq1 parent 1:1 classid 1:24 htb rate 1000kbit ceil 1500kbit prio 4

#为子类添加SFQ公平队列tc qdisc add dev imq1 parent 1:20 handle 20: sfq perturb 10tc qdisc add dev imq1 parent 1:21 handle 21: sfq perturb 10tc qdisc add dev imq1 parent 1:22 handle 22: sfq perturb 10tc qdisc add dev imq1 parent 1:23 handle 23: sfq perturb 10tc qdisc add dev imq1 parent 1:24 handle 24: sfq perturb 10

#过滤规则tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 20 fw flowid 1:20tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 21 fw flowid 1:21tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 22 fw flowid 1:22tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 23 fw flowid 1:23tc filter add dev imq1 parent 1:0 prio 0 protocol ip handle 24 fw flowid 1:24

#下载数据转入特定链iptables -t mangle -N MYSHAPER-INiptables -t mangle -A PREROUTING -i pppoe-wan -j MYSHAPER-INiptables -t mangle -A MYSHAPER-IN -j IMQ –todev 1

#分类标记数据

#iptables -t mangle -A MYSHAPER-IN -d 192.168.1.16 -j MARK –set-mark 23 #限制特定IP下载速度

#iptables -t mangle -A MYSHAPER-IN -d 192.168.1.16 -j RETURNiptables -t mangle -A MYSHAPER-IN -p tcp -m length –length :64 -j MARK –set-mark 20 #小数据优先iptables -t mangle -A MYSHAPER-IN -p tcp -m length –length :64 -j RETURNiptables -t mangle -A MYSHAPER-IN -p icmp -j MARK –set-mark 20 #ICMP数据iptables -t mangle -A MYSHAPER-IN -p icmp -j RETURNiptables -t mangle -A MYSHAPER-IN -p tcp –sport 22 -j MARK –set-mark 21 #SSH连接iptables -t mangle -A MYSHAPER-IN -p tcp –sport 22 -j RETURNiptables -t mangle -A MYSHAPER-IN -p udp –sport 1194 -j MARK –set-mark 21 #VPN连接iptables -t mangle -A MYSHAPER-IN -p udp –sport 1194 -j RETURNiptables -t mangle -A MYSHAPER-IN -p tcp –sport 443 -j MARK –set-mark 22 #HTTPS连接iptables -t mangle -A MYSHAPER-IN -p tcp –sport 443 -j RETURNiptables -t mangle -A MYSHAPER-IN -p tcp –sport 80 -j MARK –set-mark 22 #HTTP连接iptables -t mangle -A MYSHAPER-IN -p tcp –sport 80 -j RETURNiptables -t mangle -A MYSHAPER-IN -p tcp –sport 0:1024 -j MARK –set-mark 23 #系统服务端口连接iptables -t mangle -A MYSHAPER-IN -p tcp –sport 0:1024 -j RETURN

#下载设置完成