# Marking rTorrent traffic alternatives? [NEVERMIND]

## dj_farid

I am trying to get bandwidth shaping working.

I basically just want torrent traffic to have the lowest priority from my router to the Internet.

My initial approach was to mark bittorrent packets with l7-protocol and iptables. Then to use tc to prioritize the traffic.

Then I ran into a problem with all my traffic going out. You can read about it in this thread: https://forums.gentoo.org/viewtopic-p-3661925.html#3661925

I don't know the cause of the problem. But maybe there is a more elegant solution than using l7 since I am in control of the whole network. I am the only user.

It does not seem to be possible to control the ports that rTorrent uses to send.

Are there any other way to mark packets from rTorrent for tc, than l7?Last edited by dj_farid on Tue Oct 24, 2006 5:09 pm; edited 1 time in total

----------

## ultraViolet

 *dj_farid wrote:*   

> I am trying to get bandwidth shaping working.
> 
> I basically just want torrent traffic to have the lowest priority from my router to the Internet.
> 
> My initial approach was to mark bittorrent packets with l7-protocol and iptables. Then to use tc to prioritize the traffic.
> ...

 

Hi,

At first, I think you could mark traffic with the user target, which would allow you to mark all packet coming from rtorrent (fast) without l7 (slow), because you are alone and knowing what apps you will use to download. Could you post your script please ?

I had a similar problem, but with many users, and without knowing who was doing what.

I have tried L7 which was giving good results with this script :

```
# Part 1 :

# Classing /identifying Packets with iptables

/etc/init.d/iptables stop

# Constants

echo Constants.

   LOCALNET="192.168.1.0/255.255.255.0"

   MARKPRIO1="1" # ICMP, SSH, ntp, Multiplayer Games...

   MARKPRIO2="2" # http, https...

   MARKPRIO3="3" # IMAP, secure IMAP, POP3, secure POP3, smtp...

   MARKPRIO4="4" # Gnump3d,h323, vnc and unidentified...

   MARKPRIO5="5" # ftp...

   MARKPRIO6="6" # P2P...

# Setting policy (unsecure settings, we are behind a dsl modem)

echo Setting Default Policies 

   iptables -P INPUT ACCEPT

   iptables -P OUTPUT ACCEPT

   iptables -P FORWARD ACCEPT

   iptables -t nat -P POSTROUTING ACCEPT

   iptables -t nat -P PREROUTING ACCEPT

# Flushing all tables

echo Flushing All Tables 

   iptables -t filter -F INPUT

   iptables -t filter -F OUTPUT

   iptables -t filter -F FORWARD

   iptables -t nat -F POSTROUTING

   iptables -t nat -F PREROUTING

   iptables -t nat -F OUTPUT

   iptables -t mangle -F PREROUTING

   iptables -t mangle -F INPUT

   iptables -t mangle -F FORWARD

   iptables -t mangle -F OUTPUT

   iptables -t mangle -F POSTROUTING

# NAT

echo NAT.

   iptables -t nat -A POSTROUTING -s $LOCALNET -j MASQUERADE

# Setting priority marks (cf. http://www.portforward.com/cports.htm for a list of ports used by apps, including games.)

echo Setting priority marks.

   # Priority 1

   echo Priority 1.

      # SSH (Secure Shell) Allow securised remote login to your linux box.

      echo ssh.

         iptables -t mangle -A POSTROUTING -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1

         iptables -t mangle -A POSTROUTING -p tcp --dport 22 -j RETURN

      # Games

      echo Call of Duty / United Offensive, Wolfenstein Enemy Territory / True Combat Elite

         iptables -t mangle -A POSTROUTING -p udp -m multiport --dports 20500,20510,20600,20610,28960,27950:27970 -j MARK --set-mark $MARKPRIO1

         iptables -t mangle -A POSTROUTING -p udp -m multiport --dports 20500,20510,20600,20610,28960,27950:27970 -j RETURN

         iptables -t mangle -A POSTROUTING -p tcp -m multiport --dports 27999,28960 -j MARK --set-mark $MARKPRIO1

         iptables -t mangle -A POSTROUTING -p tcp -m multiport --dports 27999,28960 -j RETURN

          iptables -t mangle -A POSTROUTING -d 62.208.181.222 -j MARK --set-mark $MARKPRIO1

          iptables -t mangle -A POSTROUTING -d 62.208.181.222 -j RETURN

      # ICMP (Internet Control Message Protocol) Allow a computer to be aware of network errors.

      echo icmp.

         iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark $MARKPRIO1

         iptables -t mangle -A POSTROUTING -p icmp -j RETURN

      # NTP (Network Time Protocol) Allow a computer to sync his clock with a Network Time Server.

      echo ntp.

         iptables -t mangle -A POSTROUTING -p udp --dport 123 -j MARK --set-mark $MARKPRIO1

         iptables -t mangle -A POSTROUTING -p udp --dport 123 -j RETURN

   # Priority 2

   echo Priority 2.

 

      # HTTP/HTTPS (Hypertext Transfer Protocol) Allow people to surf on the Web

      echo http/https.

         iptables -t mangle -A POSTROUTING -p tcp -m multiport --dports 80,443 -j MARK --set-mark $MARKPRIO2

         iptables -t mangle -A POSTROUTING -p tcp -m multiport --dports 80,443 -j RETURN

   # Priority 3

   echo Priority 3.

      # SMTP, IMAP, secured IMAP, POP3, secured POP3

      echo SMTP, IMAP, secured IMAP, POP3, secured POP3.

         iptables -t mangle -A POSTROUTING -p tcp -m multiport --dports 25,110,143,993,995 -j MARK --set-mark $MARKPRIO3

         iptables -t mangle -A POSTROUTING -p tcp -m multiport --dports 25,110,143,993,995 -j RETURN

   # Priority 4

   echo Priority 4.

      # GnuMP3d streaming (Replace the port by the one you are using).

      echo GnuMP3d.

         iptables -t mangle -A POSTROUTING -p tcp --dport 16561 -j MARK --set-mark $MARKPRIO4

         iptables -t mangle -A POSTROUTING -p tcp --dport 16561 -j RETURN

      # vnc

      echo vnc.

         iptables -t mangle -A POSTROUTING -p tcp --dport 5950:5952 -j MARK --set-mark $MARKPRIO4

         iptables -t mangle -A POSTROUTING -p tcp --dport 5950:5952 -j RETURN

   # Priority 5

   echo Priority 5.

      # ftp

      echo ftp.

         iptables -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j MARK --set-mark $MARKPRIO5

         iptables -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j RETURN

   # Priority 6

   echo Priority 6.

      # P2P packets identified by L7 filter

      echo P2P packets identified by L7 filter.

         iptables -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j MARK --set-mark $MARKPRIO6

         iptables -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j RETURN

         iptables -t mangle -A POSTROUTING -m layer7 --l7proto edonkey -j MARK --set-mark $MARKPRIO6

          iptables -t mangle -A POSTROUTING -m layer7 --l7proto edonkey -j RETURN

      

      # P2P packets identified by Ipp2p

      echo P2P packets identified by Ipp2p.

         iptables -t mangle -A POSTROUTING -m ipp2p --bit -j MARK --set-mark $MARKPRIO6

         iptables -t mangle -A POSTROUTING -m ipp2p --bit -j RETURN

   # Remaining packets are marked according to TOS

   echo Remaining packets are marked according to TOS.

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark $MARKPRIO1

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j RETURN

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark $MARKPRIO3

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j RETURN

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Maximize-Reliability -m mark --mark 0 -j MARK --set-mark $MARKPRIO3

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Maximize-Reliability -m mark --mark 0 -j RETURN

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Normal-Service -m mark --mark 0 -j MARK --set-mark $MARKPRIO2

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Normal-Service -m mark --mark 0 -j RETURN

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark $MARKPRIO3

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j RETURN

# Enable kernel forwarding

echo Enable kernel forwarding.

   echo 1 > /proc/sys/net/ipv4/ip_forward

/etc/init.d/iptables save

/etc/init.d/iptables start

# Part 2 :

# Sending packets with qdiscs

#Constants

echo Setting constants.

   # Rates

   echo Setting Garanteed Rates and Maximal Rate.

      UPRATE="750kbit" # ceil

      UPRATEP2P="300kbit"

      PRIORATE1="156kbit"

      PRIORATE2="156kbit"

      PRIORATE3="90kbit"

      PRIORATE4="95kbit"

      PRIORATE5="3kbit"

      PRIORATE6="1kbit"

   # Burst

   echo Setting Burst, then Ceil Burst.

      BURST1="5k"

      BURST2="3k"

      BURST3="2k"

      BURST4="3k"

      BURST5="0k"

      BURST6="0k"

      CBURST1="5k"

      CBURST2="5k"

      CBURST3="0k"

      CBURST4="0k"

      CBURST5="0k"

      CBURST6="0k"

# Erasing previous configuration

echo Erasing previous configuration.

   tc qdisc del dev eth0 root 2> /dev/null > /dev/null

# Set queue length to improve reactiveness.

echo Setting queue length.

   ifconfig eth0 txqueuelen 32 

# changes mtu on the outbound device.  Lowering the mtu will result in lower latency but will also cause slightly lower throughput due to IP and TCP protocol overhead.

echo Setting MTU.

#    ip link set dev eth0 mtu 1000

# Specify queue discipline

echo Specifying queue discipline.

   tc qdisc add dev eth0 root handle 1:0 htb default 14 r2q 1

# Set root class

echo Setting root class.

   tc class add dev eth0 parent 1:0 classid 1:1 htb rate $UPRATE burst 5k cburst 5k

# Specify sub classes

echo Setting qdiscs according to constants.

   tc class add dev eth0 parent 1:1 classid 1:11 htb rate $PRIORATE1 ceil $UPRATE burst $BURST1 cburst $CBURST1 prio 0

   tc class add dev eth0 parent 1:1 classid 1:12 htb rate $PRIORATE2 ceil $UPRATE burst $BURST2 cburst $CBURST2 prio 1

   tc class add dev eth0 parent 1:1 classid 1:13 htb rate $PRIORATE3 ceil $UPRATE burst $BURST3 cburst $CBURST3 prio 2

   tc class add dev eth0 parent 1:1 classid 1:14 htb rate $PRIORATE4 ceil $UPRATE burst $BURST4 cburst $CBURST4 prio 3

   tc class add dev eth0 parent 1:1 classid 1:15 htb rate $PRIORATE5 ceil $UPRATE burst $BURST5 cburst $CBURST5 prio 4

   tc class add dev eth0 parent 1:1 classid 1:16 htb rate $PRIORATE6 ceil $UPRATEP2P burst $BURST6 cburst $CBURST6 prio 5

# Add queuing disciplines

echo Addind sfq queueing disciplines.

   tc qdisc add dev eth0 parent 1:11 sfq perturb 10

   tc qdisc add dev eth0 parent 1:12 sfq perturb 10

   tc qdisc add dev eth0 parent 1:13 sfq perturb 10

   tc qdisc add dev eth0 parent 1:14 sfq perturb 10

   tc qdisc add dev eth0 parent 1:15 sfq perturb 10

   tc qdisc add dev eth0 parent 1:16 sfq perturb 10

# Filter packets

echo filtering packets depending on their marks.

   tc filter add dev eth0 parent 1:0 protocol ip prio 0 handle $MARKPRIO1 fw classid 1:11

   tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle $MARKPRIO2 fw classid 1:12

   tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle $MARKPRIO3 fw classid 1:13

   tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle $MARKPRIO4 fw classid 1:14

   tc filter add dev eth0 parent 1:0 protocol ip prio 4 handle $MARKPRIO5 fw classid 1:15

   tc filter add dev eth0 parent 1:0 protocol ip prio 5 handle $MARKPRIO6 fw classid 1:16
```

Matter was that this set of rules was taking to much time for a packet to travel it. One of my goal was to allow low ping for online players, even if they download.

Then, I decided to use another way. I choosed to mark other traffic than bittorrent (l7 and ipp2p are taking time to execute) and to priorize it with the PRIO qdisc, because I doesn't want really to do traffic control, but to say that if someone is doing something important, p2p traffic or other less important protocol where to be down. I added a repartition between users too. Here is my new script :

```

# Part 1 :

# Classing /identifying Packets with iptables

/etc/init.d/iptables stop

# Constants

echo Constants.

   LOCALNET="192.168.1.0/255.255.255.0"

   MARKPRIO1="1" # ICMP, SSH, ntp, Multiplayer Games...

   MARKPRIO2="2" # Ordi 1

   MARKPRIO3="3" # Ordi 2

   MARKPRIO4="4" # Ordi 3

   MARKPRIO5="5" # Ordi 4

   MARKPRIO6="6" # Ressources Partagées

   MARKPRIO6="7" # Invités

# Setting policy (unsecure settings, we are behind a dsl modem)

echo Setting Default Policies 

   iptables -P INPUT ACCEPT

   iptables -P OUTPUT ACCEPT

   iptables -P FORWARD ACCEPT

   iptables -t nat -P POSTROUTING ACCEPT

   iptables -t nat -P PREROUTING ACCEPT

# Flushing all tables

echo Flushing All Tables 

   iptables -t filter -F INPUT

   iptables -t filter -F OUTPUT

   iptables -t filter -F FORWARD

   iptables -t nat -F POSTROUTING

   iptables -t nat -F PREROUTING

   iptables -t nat -F OUTPUT

   iptables -t mangle -F PREROUTING

   iptables -t mangle -F INPUT

   iptables -t mangle -F FORWARD

   iptables -t mangle -F OUTPUT

   iptables -t mangle -F POSTROUTING

# NAT

echo NAT.

   iptables -t nat -A POSTROUTING -s $LOCALNET -j MASQUERADE

# Setting priority marks (cf. http://www.portforward.com/cports.htm for a list of ports used by apps, including games.)

echo Setting priority marks.

#       # Known users.

#       echo Known users.

      iptables -A OUTPUT -t mangle -o eth0 -j MARK --set-mark $MARKPRIO2

      iptables -A FORWARD -t mangle -o eth0 -s 192.168.1.20 -j MARK --set-mark $MARKPRIO3

      iptables -A FORWARD -t mangle -o eth0 -s 192.168.1.30 -j MARK --set-mark $MARKPRIO4

      iptables -A FORWARD -t mangle -o eth0 -s 192.168.1.40 -j MARK --set-mark $MARKPRIO5

   # Priority 1

   echo Priority 1.

      # TOS

      echo TOS.

      iptables -t mangle -A POSTROUTING -p tcp -m tos --tos Minimize-Delay -j MARK --set-mark $MARKPRIO1

      # Games

      echo Call of Duty / United Offensive, Wolfenstein Enemy Territory / True Combat Elite

         iptables -t mangle -A POSTROUTING -m layer7 --l7proto quake-halflife -j MARK --set-mark $MARKPRIO1

      echo icmp.

         iptables -t mangle -A POSTROUTING -p icmp -j MARK --set-mark $MARKPRIO1

      echo DNS.

         iptables -t mangle -A POSTROUTING -p udp --sport 53 -j MARK --set-mark $MARKPRIO1

         iptables -t mangle -A POSTROUTING -p udp --dport 53 -j MARK --set-mark $MARKPRIO1

      echo TCP connections controls

         iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN SYN -j MARK --set-mark $MARKPRIO1

         iptables -t mangle -A POSTROUTING -p tcp --tcp-flags RST RST -j MARK --set-mark $MARKPRIO1

         iptables -t mangle -A POSTROUTING -p tcp --tcp-flags FIN FIN -j MARK --set-mark $MARKPRIO1

# Enable kernel forwarding

echo Enable kernel forwarding.

   echo 1 > /proc/sys/net/ipv4/ip_forward

/etc/init.d/iptables save

/etc/init.d/iptables start

# Part 2 :

# Sending packets with qdiscs

#Constants

echo Setting constants.

   # Rates

   echo Setting Garanteed Rates and Maximal Rate.

      UPRATE="808kbit" # ceil

#       PRIORATE1="156kbit"

#       PRIORATE2="156kbit"

#       PRIORATE3="90kbit"

#       PRIORATE4="95kbit"

#       PRIORATE5="3kbit"

#       PRIORATE6="1kbit"

      CLASS1="191kbit" # Débit individuel des utilisateurs connus

      CLASS2="4kbit" # Débit commun des utilisateurs inconnus

      CLASS3="40kbit" # Débit des services partagés

# Erasing previous configuration

echo Erasing previous configuration.

   tc qdisc del dev eth0 root 2> /dev/null > /dev/null

# Specify queue discipline

echo Specifying root class PRIO.

   tc qdisc add dev eth0 root handle 1:0 prio bands 2 priomap 1 1 1 1 1 1 0 0 1 1 1 1 1 1 1 1

echo Specifying qdiscs.

   tc qdisc add dev eth0 parent 1:1 handle 11:0 sfq perturb 10

   tc qdisc add dev eth0 parent 1:2 handle 12:0 htb default 7

echo Specifying class of all protocols.

   tc class add dev eth0 parent 12:0 classid 12:1 htb rate $UPRATE ceil $UPRATE

echo Specifying subclass of all protocols. Each known computer has a subclass. There are two others classes for shared ressources and for unknown computers.

# users connus

   tc class add dev eth0 parent 12:1 classid 12:2 htb rate $CLASS1 burst 3k ceil $UPRATE prio 1

   tc class add dev eth0 parent 12:1 classid 12:3 htb rate $CLASS1 burst 3k ceil $UPRATE prio 1

   tc class add dev eth0 parent 12:1 classid 12:4 htb rate $CLASS1 burst 3k ceil $UPRATE prio 1

   tc class add dev eth0 parent 12:1 classid 12:5 htb rate $CLASS1 burst 3k ceil $UPRATE prio 1

# Shared ressources

   tc class add dev eth0 parent 12:1 classid 12:6 htb rate $CLASS3 burst 3k ceil $UPRATE prio 2

# Unknown users

   tc class add dev eth0 parent 12:1 classid 12:7 htb rate $CLASS2 burst 3k ceil $UPRATE prio 3

# Add queuing disciplines

echo Addind sfq queueing disciplines.

   tc qdisc add dev eth0 parent 12:2 sfq perturb 10

   tc qdisc add dev eth0 parent 12:3 sfq perturb 10

   tc qdisc add dev eth0 parent 12:4 sfq perturb 10

   tc qdisc add dev eth0 parent 12:5 sfq perturb 10

   tc qdisc add dev eth0 parent 12:6 sfq perturb 10

   tc qdisc add dev eth0 parent 12:7 sfq perturb 10

# Filter packets

echo filtering packets depending on their marks.

echo Niveau 1.

   tc filter add dev eth0 parent 1:0 protocol ip prio 0 handle $MARKPRIO1 fw classid 1:1

echo Niveau 2.

   tc filter add dev eth0 parent 12:0 protocol ip prio 0 handle $MARKPRIO2 fw classid 12:2

   tc filter add dev eth0 parent 12:0 protocol ip prio 1 handle $MARKPRIO3 fw classid 12:3

   tc filter add dev eth0 parent 12:0 protocol ip prio 2 handle $MARKPRIO4 fw classid 12:4

   tc filter add dev eth0 parent 12:0 protocol ip prio 3 handle $MARKPRIO5 fw classid 12:5

   tc filter add dev eth0 parent 12:0 protocol ip prio 4 handle $MARKPRIO6 fw classid 12:6
```

I think it would be easy to change my scripts for one user only, especially the first one which should work because the number of user has no importance on it.

----------

## dj_farid

I solved my problem with upgrading iptables. See the thread I mentioned in the first post.

My script is there too. It is a lot more simple than yours since I am the only user.

Thanks anyway   :Smile: 

----------

## pheno

Hi dj_farid!

Could you post your full working script here. Thanks!

----------

## dj_farid

Here you go!

```
#!/bin/bash

TC='/sbin/tc'

echo "Doing some traffic shaping"

# Clear

tc qdisc del dev eth0 root    # Clear any previous stuff

# Shaping

CEIL=904

tc qdisc add dev eth0 root handle 1: htb default 10

tc class add dev eth0 parent 1: classid 1:1 htb rate ${CEIL}kbit

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 820kbit ceil ${CEIL}kbit prio 1

tc class add dev eth0 parent 1:1 classid 1:20 htb rate 80kbit ceil 900kbit quantum 1514 prio 2

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

##Restrict BitTorrent upload

iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark

iptables -t mangle -A OUTPUT -m mark ! --mark 0 -j ACCEPT

iptables -t mangle -A OUTPUT -m layer7 --l7proto bittorrent -j MARK --set-mark 2

#iptables -t mangle -A OUTPUT -m ipp2p --bit -j MARK --set-mark 2

iptables -t mangle -A OUTPUT -j CONNMARK --save-mark

tc filter add dev eth0 protocol ip parent 1:0 handle 2 fw flowid 1:20

```

I would like to use ipp2p instead of l7-protocol, since ipp2p is supposed to be faster for p2p traffic[/quote].

My guess is that I didn't get ipp2p working since the version in prtage is quite old (0.8.0) and does not work with my 2.6.17 kernel.

Whenever 0.8.2 hits portage, I will try it again.

----------

## CheshireCat

If the shaping happens on the same machine as the BT client, use owner match and the CONNMARK target to label outgoing connections. Incoming packets that are part of a connection that was originated locally will keep the same mark via connection tracking. To handle remotely-originated connections, use the CONNMARK target to label incoming traffic to the port your client listens on.

If you're shaping on a different system from the one running your BT client, add a second IP to the interface (look in /etc/conf.net.example to see how), and bind your client to that IP (see client documentation). Use that IP on the shaping system to identify the P2P traffic.

Either of these methods will be better for resource usage than content-based filtering, and also will allow the use of BT encryption to avoid content filtering at your ISP (if that is a concern with your ISP). Here's how I'm marking traffic to/from rtorrent:

```
iptables -t mangle -A INPUT -p tcp -m tcp --dport 29498 -j CONNMARK --set-mark 0x1

iptables -t mangle -A INPUT -m connmark --mark 0x1 -j CONNMARK --restore-mark

iptables -t mangle -A OUTPUT -m owner --uid-owner p2p -j CONNMARK --set-mark 0x1

iptables -t mangle -A OUTPUT -m owner --uid-owner freenet -j CONNMARK --set-mark 0x1

iptables -t mangle -A OUTPUT -m connmark --mark 0x1 -j CONNMARK --restore-mark
```

You can then filter on fwmark values (handle <N> fw) in your shaping script.

----------

