1dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#! /bin/sh -x
2dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
3dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# sample script on using the ingress capabilities
4dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# This script fwmark tags(IPchains) based on metering on the ingress 
5dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# interface the result is used for fast classification and re-marking
6dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# on the egress interface
7dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# This is an example of a color blind mode marker with no PIR configured
8dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# based on draft-wahjak-mcm-00.txt (section 3.1)
9dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
10dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#path to various utilities;
11dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#change to reflect yours.
12dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
13dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatIPROUTE=/root/DS-6-beta/iproute2-990530-dsing
14dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatTC=$IPROUTE/tc/tc
15dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatIP=$IPROUTE/ip/ip
16dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatIPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains
17dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatINDEV=eth2
18dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatEGDEV="dev eth1"
19dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatCIR1=1500kbit
20dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatCIR2=1000kbit
21dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
22dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#The CBS is about 60 MTU sized packets
23dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatCBS1=90k
24dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San MehatCBS2=90k
25dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
26dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatmeter1="police rate $CIR1 burst $CBS1 "
27dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatmeter2="police rate $CIR1 burst $CBS2 "
28dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatmeter3="police rate $CIR2 burst $CBS1 "
29dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatmeter4="police rate $CIR2 burst $CBS2 "
30dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatmeter5="police rate $CIR2 burst $CBS2 "
31dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
32dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# tag the rest of incoming packets from subnet 10.2.0.0/24 to fw value 1
33dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# tag all incoming packets from any other subnet to fw tag 2
34dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat############################################################ 
35dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$IPCHAINS -A input -i $INDEV -s 0/0 -m 2
36dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$IPCHAINS -A input -i $INDEV -s 10.2.0.0/24 -m 1
37dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
38dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat############################################################ 
39dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# install the ingress qdisc on the ingress interface
40dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC qdisc add dev $INDEV handle ffff: ingress
41dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
42dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat############################################################ 
43dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
44dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# All packets are marked with a tcindex value which is used on the egress
45dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# tcindex 1 maps to AF41, 2->AF42, 3->AF43, 4->BE
46dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
47dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat############################################################ 
48dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# 
49dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# anything with fw tag of 1 is passed on with a tcindex value 1
50dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#if it doesnt exceed its allocated rate (CIR/CBS)
51dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# 
52dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter add dev $INDEV parent ffff: protocol ip prio 4 handle 1 fw \
53dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$meter1 \
54dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatcontinue flowid 4:1
55dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
56dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# if it exceeds the above but not the extra rate/burst below, it gets a 
57dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#tcindex value  of 2
58dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
59dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter add dev $INDEV parent ffff: protocol ip prio 5 handle 1 fw \
60dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$meter2 \
61dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatcontinue flowid 4:2
62dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
63dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# if it exceeds the above but not the rule below, it gets a tcindex value
64dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# of 3
65dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
66dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 1 fw \
67dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$meter3 \
68dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatdrop flowid 4:3
69dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
70dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# Anything else (not from the subnet 10.2.0.24/24) gets discarded if it 
71dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# exceeds 1Mbps and by default goes to BE if it doesnt
72dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
73dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter add dev $INDEV parent ffff: protocol ip prio 6 handle 2 fw \
74dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$meter5 \
75dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatdrop flowid 4:4
76dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
77dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
78dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat######################## Egress side ########################
79dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
80dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
81dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# attach a dsmarker
82dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
83dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC qdisc add $EGDEV handle 1:0 root dsmark indices 64
84dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
85dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# values of the DSCP to change depending on the class
86dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#note that the ECN bits are masked out
87dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
88dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#AF41 (0x88 is 0x22 shifted to the right by two bits)
89dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
90dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC class change $EGDEV classid 1:1 dsmark mask 0x3 \
91dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat       value 0x88
92dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#AF42
93dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC class change $EGDEV classid 1:2 dsmark mask 0x3 \
94dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat       value 0x90
95dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#AF43
96dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC class change $EGDEV classid 1:3 dsmark mask 0x3 \
97dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat       value 0x98
98dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#BE
99dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC class change $EGDEV classid 1:4 dsmark mask 0x3 \
100dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat       value 0x0
101dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
102dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
103dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# The class mapping (using tcindex; could easily have
104dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat# replaced it with the fw classifier instead)
105dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
106dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
107dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat          handle 1 tcindex classid 1:1
108dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
109dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat          handle 2 tcindex  classid 1:2
110dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
111dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat          handle 3 tcindex  classid 1:3
112dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter add $EGDEV parent 1:0 protocol ip prio 1 \
113dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat          handle 4 tcindex  classid 1:4
114dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
115dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
116dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
117dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatecho "---- qdisc parameters Ingress  ----------"
118dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC qdisc ls dev $INDEV
119dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatecho "---- Class parameters Ingress  ----------"
120dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC class ls dev $INDEV
121dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatecho "---- filter parameters Ingress ----------"
122dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter ls dev $INDEV parent ffff:
123dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat
124dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatecho "---- qdisc parameters Egress  ----------"
125dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC qdisc ls $EGDEV
126dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatecho "---- Class parameters Egress  ----------"
127dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC class ls $EGDEV
128dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatecho "---- filter parameters Egress ----------"
129dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat$TC filter ls $EGDEV parent 1:0
130dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#
131dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#deleting the ingress qdisc
132dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#$TC qdisc del $INDEV ingress
133