# HOWTO: Bandwidth limiting

## abali

Bandwidth limiting howto

Last updated: 10. 07. 2004

0. When do you need this?

You may want to read this howto and implement bandwidth limiting if:

You are running P2P software and want to ensure that your uploads use only bandwidth that is unused otherwise, so they do not slow down your web surfing/etc;

You are running a WEB/FTP/whatever server and consider their traffic to be of a lower priority than your other activites;

You have a DSL connection and experience slowdowns in your downloads when uploading;

If none of these apply but for any reasons you want to control the uplink bandwidth used by your computer or other boxes that you provide network connection for.

1. Introduction

Linux has a very powerful mechanism for controlling network bandwidth usage. As being powerful inevitably implies being complex, this feature is documented in lengthy and exhaustive documents in great details.  These documents however can prove to be excessive in their length and language to users who are looking for simple solutions for simple questions. This guide aims to give a short and practical introduction on how to solve some common issues that users tend to experience on an everyday basis.

Before we start, you may want to note what this howto is not about:

First, it will not tell you how to limit the rate at which data is sent to your computer (download rate). See section 7 to find out why is this difficult to implement.

Second, it will not tell you how to limit the total network usage for specific clients (aka. accounting). There are many great software available that will do this for you.

Third, it will not tell you about basic networking concepts, nor will it go into details on advanced topics. This guide is for the "average" user who has a basic understanding of how the TCP/IP protocol works. Those who might find this document excessively simplified are advised to refer to the more comprehensive resources listed below.

2. Prerequisites

For all the examples in this guide to work, you will need the following two packages emerged onto your system:

```
$ emerge sys-apps/iproute2

$ emerge net-firewall/iptables
```

Iptables is not required if you are not going to use advanced methods for classifying network traffic; it is however a useful piece of software that every network-enabled computer shall have installed.

In your kernel, you shall have at least the following options compiled in or as modules:

```
Kernel 2.6.x

------------

Device Drivers --> Networking Support --> Networking options

[*] Network packet filtering (replaces ipchains)

QoS and/or fair queueing -->

<M> HTB packet scheduler

<M> SFQ queue

[*] Packet classifier API

<M> Firewall based classifier

<M> U32 Classifier

[*] Traffic policing

Kernel 2.4.x

------------

Networking options --> IP: Netfilter Configuration

<*> IP tables support

Networking options --> QoS and/or fair queueing

<M> HTB packet scheduler

<M> SFQ queue

[*] Packet classifier API

<M> Firewall based classifier

<M> U32 classifier
```

It is recommended to select everything under QoS and iptables and compile them into modules -- you can never know when you are going to need it.

The HTB packet scheduler is included in the kernel from 2.4.20; should you have an older kernel installed, then come out of your cave and install a recent one.  :Smile: 

3. How bandwidth limiting works

Bandwidth limiting, more specifically queueing determines the way in which data is sent from your computer. With iproute2 you create so-called classes for the outgoing network traffic (that is called egress) and attach a queueing discipline (qdisc) to these classes that  determine how the data is sent from them. By default, your outgoing queue (egress) has no classes and it has a simple queueing discipline that sends your data out in a FIFO (First In, First Out) order. You are free to divide this queue into as many classes and subclasses as you wish, with different queueing disciplines attached to each of them.

Once we have classes for the network traffic, we need to classify the actual network packets into the class we designated for them. This is done with the help of specific rules that may match upon the characteristics of network packets such as the destination IP address or the source port number.

4. Creating classes for bandwidth limiting

The only queueing discipline we are going to use in this guide is the HTB (Hierarchical Token Bucket) qdisc. It was meant as a more understandable, intuitive and faster replacement for the CBQ qdisc, and works indeed in a simple, easy to learn way and scales nicely for more complex solutions.

In this example, we are going to create 3 classes for our outgoing traffic, where each of the classes has a different speed limit set. Explanations follow.

If your network interface for outgoing traffic is not 'eth0', you will need to change it to the appropriate one (eg. ppp0, wlan0).

```
$ tc qdisc add dev eth0 root handle 1: htb default 10

$ tc class add dev eth0 parent 1: classid 1:1 htb rate 120kbit burst 6k

$ tc class add dev eth0 parent 1:1 classid 1:10 htb rate 120kbit burst 6k prio 1

$ tc class add dev eth0 parent 1:1 classid 1:20 htb rate  60kbit burst 6k prio 2

$ tc class add dev eth0 parent 1:1 classid 1:30 htb rate  30kbit burst 6k prio 3

$ tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

$ tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

$ tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10 
```

Let's see these commands explained.

```
$ tc qdisc add dev eth0 root handle 1: htb default 10
```

This line adds the HTB qdisc to the root handle and gives it the "handle" 1:, which we will use later to refer to. default 10 means that is not otherwise classified will be assigned to the class 1:10.

```
$ tc class add dev eth0 parent 1: classid 1:1 htb rate 120kbit burst 6k
```

This command adds a subclass 1:1 to the class defined above. rate 120kbit specifies that network traffic in this class may not use more than 120kbit/s of the bandwidth. burst 6k controls the amount of data that may be sent at once at maximal speed. Without going into deep details, the concept of burst comes from the fact that network speed is not measured instantly, but is computed from averages. If you set burst to a low value, you may experience transfer rates lower than desired; if it's too large, rate limiting will become imprecise and eventually useless. If in doubt, do not specify it, a fairly recent iproute2 will compute the smallest possible value for you.

Usually it is a good idea to set the root upload rate to a somewhat lower value than your actual uplink is, because this way you can ensure that packet scheduling is performed on your machine, not in your DSL modem/whatever, which might result in a lower performance than what your shiny Linux system would offer.

```
$ tc class add dev eth0 parent 1:1 classid 1:10 htb rate 120kbit burst 6k prio 1

$ tc class add dev eth0 parent 1:1 classid 1:20 htb rate  60kbit burst 6k prio 2

$ tc class add dev eth0 parent 1:1 classid 1:30 htb rate  30kbit burst 6k prio 3
```

These commands create three subclasses under the class specified above. These classes will be given the handle 1:10, 1:20 and 1:30. 1:10 (which, as you might remember, is the default class) has the same parameters as the parent class has; this will be useful for traffic we do not want to limit. 1:20 has a speed limit of 60kbit/s, whereas 1:30 is limited to 30kbit/s. By giving each of them a priority, we specify that 1:20 may use up to 60kbit/s of bandwidth, but only to the extent 1:10 is unused. So if we have traffic at 80k/s in 1:10, 1:20 will receive only 40k/s; if 1:10 has 20kbit/s, 1:20 will get 60kbit/s. 1:30 is similar: it may use only 30kbit/s at most, but only if the other classes do not require that bandwidth.

If that helps, you might look at the classes as leaves of a tree:

```
               1:1

            120kbit/s

  1:10        1:20        1:30

120kbit/s   60kbit/s    30kbit/s

```

But do not forget that 1:10, 1:20 and 1:30 are not equal, as there is a specific priority order for them.

HTB offers an endless number of possibilities thanks to the hierarchical structure, and these are all well documented in its great user guide. Remember, this guide is only meant to be a short introduction on how these things work; once you get the basics, it will be easy to learn and implement new ways of bandwidth throttling.

```
$ tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

$ tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

$ tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

```

Finally, these lines add an additional qdisc beneath those three classes we already have. The SFQ (Stochastic Fairness Queueing) qdisc is a simple algorithm that ensures that the available bandwidth in the specified class is divided in a "fair" manner among the network streams, that is: bandwidth is distributed in a round-robin fashion. It is recommended to always use this qdisc, as it usually turns out to be better than the plain FIFO queue, unless all your packets have the proper ToS (Type of Service) flag set, which is pretty unlikely.

5. Classifying network streams

Network streams can be assigned to classes using the tc filter command. If you have a fairly simple class tree such as the one above, you might attach your rules for classifying to the root handle, that is being 1: in our case. For more complicated setups, you might want to take benefit of the fact that filters are attached to handles and are processed in a hierarchical manner.

Let's see some examples. If you have a friend with the IP number 1.2.3.4 who is downloading a lot from you, you might simply direct all the traffic going to him into the 1:30 class so he will never use more than 30kbit/s of your bandwidth (you may add a netmask like /24 to the IP number):

```
$ tc filter add dev eth0 parent 1: protocol ip u32 match ip dst 1.2.3.4 flowid 1:30

```

Another situation might be that you are running a web server on port 80 and you don't want it to take up all your bandwidth serving requests, so you limit it to 60kbit/s and make sure that it only uses bandwidth you wouldn't use otherwise (ie. not used by the default 1:10 class):

```
$ tc filter add dev eth0 parent 1: protocol ip u32 match ip sport 80 0xffff flowid 1:20

```

You can also match on the so-called marks you might make on packets using iptables, which enables the use of iptables' advanced rules not supported by the u32 classifier. This document is not meant to be a guide for iptables, so let's see only one example. I'm running DC++ under wine and want to limit the upload bandwidth it can use. Iptables has a nifty match extension called owner, which makes it possible to check if an outgoing locally-generated packet was created by a process with a given UID, GID, PID, SID, or command name. So I look for "wineserver" (see "ps -A" for process names) and assign mark "2" to all the packets coming from it, and then use tc to assign these packets to a restricted class (1:30):

```
$ iptables -t mangle -A OUTPUT -m owner --cmd-owner wineserver -j MARK --set-mark 2

$ tc filter add dev eth0 protocol ip parent 1:0 handle 2 fw flowid 1:30

```

U32 has many more options and so does iptables, so be sure to check the docs if you need other matches. Should you have matches on the same level that might conflict each other, be sure to assign priorities to each of them (prio 1, prio 2 etc.) to your liking.

6. Other useful commands

To see a list of your classes, enter:

```
$ tc class show dev eth0

class htb 1:1 root rate 120Kbit ceil 120Kbit burst 6Kb cburst 1752b 

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 120Kbit ceil 120Kbit burst 6Kb cburst 1752b 

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 60Kbit ceil 60Kbit burst 6Kb cburst 1675b 

class htb 1:30 parent 1:1 leaf 30: prio 3 rate 30Kbit ceil 30Kbit burst 6Kb cburst 1637b 

```

To check the statistics for the classes, add "-s":

```
$ tc -s class show dev eth0

class htb 1:1 root rate 120Kbit ceil 120Kbit burst 6Kb cburst 1752b 

 Sent 440085220 bytes 2961615 pkts (dropped 0, overlimits 0) 

 rate 5170bps 23pps 

 lended: 0 borrowed: 0 giants: 0

 tokens: 291200 ctokens: -1534

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 120Kbit ceil 120Kbit burst 6Kb cburst 1752b 

 Sent 157506822 bytes 2213767 pkts (dropped 0, overlimits 0) 

 rate 1306bps 18pps 

 lended: 2213767 borrowed: 0 giants: 0

 tokens: 402094 ctokens: 109360

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 60Kbit ceil 60Kbit burst 6Kb cburst 1675b 

 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) 

 lended: 0 borrowed: 0 giants: 0

 tokens: 819200 ctokens: 223466

class htb 1:30 parent 1:1 leaf 30: prio 3 rate 30Kbit ceil 30Kbit burst 6Kb cburst 1637b 

 Sent 275743173 bytes 747867 pkts (dropped 34476, overlimits 0) 

 rate 3826bps 4pps backlog 19p 

 lended: 747848 borrowed: 0 giants: 0

 tokens: 728678 ctokens: -472923

```

To delete all your classes and restore the boot-time default setting, enter:

```
$ tc qdisc del dev eth0 root

```

7. Limiting download bandwidth

As already mentioned, this guide aimed to introduce egress shaping, ie. how you can control the way packets are sent from your host. Ingress (download) shaping, on the other hand, is a more complicated issue. Strictly speaking, you have no direct control of what people send you from other machines. However the Internet is mostly based on TCP/IP nowadays, which basically offers three means of throttling the download bandwidth:

If data is coming at a greater rate than you would prefer, you can start dropping incoming packets. A well-behaved remote end would then recognize this and slow down to a rate at which the packet loss is minimal. Unfortunately we all know that many corporations see standards as if they were merely loose guidelines, so there is a chance that the rate will not be decreased. And if it won't, then the situation will be even worse: data will be coming at the same speed, and moreover you will be dropping packets. And anyway, all packets that you have received and dropped in order to indicate your need for a lower speed will be retransmitted, so this is also a waste of network capacity. Nevertheless, iproute2 supports this and if you already know a bit about egress shaping it shouldn't be a great deal to implement it.

If you know TCP/IP, you might have already heard that one has to notify the sender of each packet he receives that he has actually received it. This response is called the ACK packet (coming from  acknowledge). Delaying these ACK packets could make the transfer slow down, but this is something that I've met only in theories.

TCP window manipulation is an advanced and better method of influencing the speed of network streams, unfortunately AFAIK there are no open source applications that implement that for the time being.

8. Resources

You are advised to refer to the following resources for more information:

Linux Advanced Routing & Traffic Control, home of the famous howto that shall give answer to all your questions

Homepage of HTB, offering an excellent user guide with graphs and more

Traffic Shaping with Linux, a good introduction and summary of the features of iproute2

---

Corrections, questions, ideas, typo fixes are welcome!Last edited by abali on Thu Oct 07, 2004 7:59 pm; edited 2 times in total

----------

## PoLiPiE

nice howto man  :Very Happy: 

looks very nifty 

very nice work   :Laughing:   :Laughing:   :Laughing:   :Laughing: 

----------

## abali

Added section 0 so people can decide if they should read this howto even if they have never heard of bandwidth limiting.

----------

## gutter

 *abali wrote:*   

> Added section 0 so people can decide if they should read this howto even if they have never heard of bandwidth limiting.

 

A very very very great work   :Wink: 

----------

## eNTi

good work.

----------

## Kovid

Nice HOWTO. One small suggestion

You should probably add the "Firewall based classifier" as a required module. It's needed to do mark based matching. Took me a while to figure that out.

----------

## abali

 *Kovid wrote:*   

> You should probably add the "Firewall based classifier" as a required module. It's needed to do mark based matching. Took me a while to figure that out.

 

Thanks, added.

----------

## Kanniball

Congratulations for this great tuturial...

Can I give a little suggestion?

Compile this as a bash file and use variables for devices. So we can read the tutorial and change the settings, because they are very well commented?

Thanks again for this how-to!!! and keep giving us more  :Smile: 

----------

## blackphiber

I could put this all into a bash file (say we call it htb) and do something like: (in /etc/init.d and chmod it: chmod +x /etc/init.d/htb )

```
#!/sbin/runscript

depend() {

        use logger

        need net

}

start() {

        ebegin "Starting htb"

        /etc/htb-start.sh

        eend $?

} 

stop() {

        ebegin "Stopping htb"

        /etc/htb-stop.sh

        eend $?

}
```

and inside of htb-start.sh would be all the commands that you use to configure it as pointed out above (very nice, thank you!) and inside htb-stop.sh would be tc qdisc del dev eth0 root

and of course those two files should be chmoded to execute too

----------

## LeTene

I am slowly beginning to understand traffic shaping thanks to this excellent howto, thanks abali!

I'm having problems however trying to shape incoming traffic to my machine (which is behind an ADSL modem/router/firewall) to handle P2P connections. My machine is connected to the router via a 100baseT cable. Here's my layout:

```
    INTERNET

        |

   MODEM/ROUTER

        |

  My Gentoo Box
```

My 'Net connection is 1024/256, and I want to limit uploads that I serve on P2P to 200kbits, to allow me to SSH/surf reasonably, so I came up with this script based on the guide above - it attempts to limit bandwidth on port 9176 to 200kbits max. The problem is, it limits ingress (download rate) as well as egress (upload rates) and I can't figure it out...

```
# Clear old queues, and set up root

tc qdisc del dev eth0 root

tc qdisc add dev eth0 root handle 1: htb default 10

# Full rate of LAN by default

tc class add dev eth0 parent 1: classid 1:1 htb rate 99mbit

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 99mbit prio 1

# Class for P2P

tc class add dev eth0 parent 1:1 classid 1:20 htb rate 200kbit prio 2

# Filter port 9176 to the P2P class defined peviously

tc filter add dev eth0 parent 1: protocol ip u32 match ip sport 9176 0xffff flowid 1:20
```

It's my understanding that traffic shaping only affects egress, but the ingress is being limited to the 200kbits as well! Am I completely on the wrong track here? Any help appreciated!

----------

## Parasietje

This is completely what I want! Thank you!

Don't know a solution to your problem though.  :Mad: 

----------

## LeTene

 *Parasietje wrote:*   

> This is completely what I want! Thank you!
> 
> Don't know a solution to your problem though. 

 

Hehehe - I solved it, and should have posted this earlier. I just used the marking-packets-by-app method to end up with this (remember this is for a machine inside a firewall on a 100mbit LAN - I want to limit traffic destined for the firewall & the Internet):

```
#!/bin/bash

# Zap the iptables mangle queue

iptables -t mangle -F

# Egress device

OUT=eth0

# Flow rates

# NOTE: Bruce is a mate of mine, I give him a big bandwidth hit ;)

MAX=100mbit

VALKNUT=90kbit

BRUCE=100kbit

# Delete existing shaping

tc qdisc del dev $OUT root

# ===========

# Our classes

# ===========

# Top

tc qdisc add dev $OUT root handle 1: htb default 40

tc class add dev $OUT parent 1: classid 1:1 htb rate $MAX

tc class add dev $OUT parent 1:1 classid 1:10 htb rate $MAX

tc class add dev $OUT parent 1:1 classid 1:20 htb rate $VALKNUT ceil $VALKNUT

tc class add dev $OUT parent 1:1 classid 1:30 htb rate $BRUCE ceil $BRUCE

tc class add dev $OUT parent 1:1 classid 1:40 htb rate $MAX ceil $MAX

# Rehashing

tc qdisc add dev $OUT parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev $OUT parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev $OUT parent 1:30 handle 30: sfq perturb 10

tc qdisc add dev $OUT parent 1:40 handle 40: sfq perturb 10

# ===================

# the magic begins...

# NOTE: Bruce's IP address altered for privacys' sake for this post

# ===================

# DC++

iptables -t mangle -A OUTPUT -m owner --destination ! 213.218.xxx.xx --cmd-owner valknut -j MARK --set-mark 2

tc filter add dev $OUT protocol ip parent 1:0 handle 2 fw flowid 1:20

# Bruce

iptables -t mangle -A OUTPUT -m owner --destination 213.218.xxx.xx --cmd-owner valknut -j MARK --set-mark 3

tc filter add dev $OUT protocol ip parent 1:0 handle 3 fw flowid 1:30
```

----------

## Parasietje

By the way, can't this script be used for incoming traffic on a router too? Limit outgoing traffic on eth0 that comes from ports higher than 1024 to limit the same incoming traffic on ppp0.

----------

## SaFrOuT

i am on ADSL 512/128  :Rolling Eyes: 

and i just want to use thi Tip to handle my uploads for the torrent world   :Wink:  ,  my upload's maximum is about 12kb/sec i want to be sure that the uplaods for the torrents won't exceed 6~7kb/sec while i am browsing

can anyone please explain what do i need to change in those commands to make it work ?

----------

## LeTene

 *Parasietje wrote:*   

> By the way, can't this script be used for incoming traffic on a router too? Limit outgoing traffic on eth0 that comes from ports higher than 1024 to limit the same incoming traffic on ppp0.

 

I've never done ingress (incoming) quality-of-service stuff, but recall reading that it's better done upstream. I think this means - assuming you have a Linux firewall box - that you should limit the rate it delivers packets to your LAN, and so it's still egress (outgoing) quality-of-service.

 *SaFrOuT wrote:*   

> i am on ADSL 512/128
> 
> and i just want to use thi Tip to handle my uploads for the torrent world, my upload's maximum is about 12kb/sec i want to be sure that the uplaods for the torrents won't exceed 6~7kb/sec while i am browsing
> 
> can anyone please explain what do i need to change in those commands to make it work ?

 

Here's my shot at a cut-down version of the script for you  :Wink: . You will want to change the BT_RATE to your maximum desired upload, and the BT_APP to the name of your Bittorrent client (e.g. qtorrent, azureus). Also, make sure the OUT variable is set to your actual egress device (ppp0, eth0, whatever):

```
#!/bin/bash

# Zap the iptables mangle queue

iptables -t mangle -F

# Egress device

OUT=eth0

# Flow rates

MAX=100mbit

BT_MAX=90kbit

# Application names (for "marking")

BT_APP=qtorrent

# Delete existing shaping

tc qdisc del dev $OUT root

# ===========

# Our classes

# ===========

# Top

tc qdisc add dev $OUT root handle 1: htb default 30

tc class add dev $OUT parent 1: classid 1:1 htb rate $MAX

tc class add dev $OUT parent 1:1 classid 1:10 htb rate $MAX

tc class add dev $OUT parent 1:1 classid 1:20 htb rate $BT_MAX ceil $BT_MAX

tc class add dev $OUT parent 1:1 classid 1:30 htb rate $MAX ceil $MAX

# Rehashing

tc qdisc add dev $OUT parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev $OUT parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev $OUT parent 1:30 handle 30: sfq perturb 10

# ===================

# the magic begins...

# ===================

# Bittorrent

iptables -t mangle -A OUTPUT -m owner --cmd-owner $BT_APP -j MARK --set-mark 2

tc filter add dev $OUT protocol ip parent 1:0 handle 2 fw flowid 1:20
```

----------

## SaFrOuT

Thanks LeTene for your help

bt i get this error when i try to run your script

```

home Desktop # ./upload.sh

iptables v1.2.11: can't initialize iptables table `mangle': iptables who? (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

RTNETLINK answers: No such file or directory

RTNETLINK answers: Invalid argument

RTNETLINK answers: No such file or directory

RTNETLINK answers: No such file or directory

RTNETLINK answers: No such file or directory

RTNETLINK answers: No such file or directory

RTNETLINK answers: No such file or directory

RTNETLINK answers: No such file or directory

RTNETLINK answers: No such file or directory

iptables v1.2.11: can't initialize iptables table `mangle': iptables who? (do you need to insmod?)

Perhaps iptables or your kernel needs to be upgraded.

RTNETLINK answers: Invalid argument

We have an error talking to the kernel

home Desktop #        
```

and my kernel 2.6.9-ck3's config looks like this

```

# Networking options

#

CONFIG_PACKET=y

# CONFIG_PACKET_MMAP is not set

# CONFIG_NETLINK_DEV is not set

CONFIG_UNIX=y

# CONFIG_NET_KEY is not set

CONFIG_INET=y

# CONFIG_IP_MULTICAST is not set

# CONFIG_IP_ADVANCED_ROUTER is not set

# CONFIG_IP_PNP is not set

# CONFIG_NET_IPIP is not set

# CONFIG_NET_IPGRE is not set

# CONFIG_ARPD is not set

CONFIG_SYN_COOKIES=y

# CONFIG_INET_AH is not set

# CONFIG_INET_ESP is not set

# CONFIG_INET_IPCOMP is not set

# CONFIG_INET_TUNNEL is not set

#

# IP: Virtual Server Configuration

#

# CONFIG_IP_VS is not set

# CONFIG_IPV6 is not set

CONFIG_NETFILTER=y

# CONFIG_NETFILTER_DEBUG is not set

#

# IP: Netfilter Configuration

#

CONFIG_IP_NF_CONNTRACK=m

# CONFIG_IP_NF_CT_ACCT is not set

# CONFIG_IP_NF_CT_PROTO_SCTP is not set

CONFIG_IP_NF_FTP=m

CONFIG_IP_NF_IRC=m

CONFIG_IP_NF_TFTP=m

CONFIG_IP_NF_AMANDA=m

CONFIG_IP_NF_QUEUE=m

CONFIG_IP_NF_IPTABLES=m

CONFIG_IP_NF_MATCH_LIMIT=m

CONFIG_IP_NF_MATCH_IPRANGE=m

CONFIG_IP_NF_MATCH_MAC=m

CONFIG_IP_NF_MATCH_PKTTYPE=m

CONFIG_IP_NF_MATCH_MARK=m

CONFIG_IP_NF_MATCH_MULTIPORT=m

CONFIG_IP_NF_MATCH_TOS=m

CONFIG_IP_NF_MATCH_RECENT=m

CONFIG_IP_NF_MATCH_ECN=m

CONFIG_IP_NF_MATCH_DSCP=m

CONFIG_IP_NF_MATCH_AH_ESP=m

CONFIG_IP_NF_MATCH_LENGTH=m

CONFIG_IP_NF_MATCH_TTL=m

CONFIG_IP_NF_MATCH_TCPMSS=m

CONFIG_IP_NF_MATCH_HELPER=m

CONFIG_IP_NF_MATCH_STATE=m

CONFIG_IP_NF_MATCH_CONNTRACK=m

CONFIG_IP_NF_MATCH_OWNER=m

# CONFIG_IP_NF_MATCH_ADDRTYPE is not set

# CONFIG_IP_NF_MATCH_REALM is not set

# CONFIG_IP_NF_MATCH_SCTP is not set

# CONFIG_IP_NF_MATCH_COMMENT is not set

CONFIG_IP_NF_FILTER=m

CONFIG_IP_NF_TARGET_REJECT=m

CONFIG_IP_NF_TARGET_LOG=m

CONFIG_IP_NF_TARGET_ULOG=m

CONFIG_IP_NF_TARGET_TCPMSS=m

CONFIG_IP_NF_NAT=m

CONFIG_IP_NF_NAT_NEEDED=y

CONFIG_IP_NF_TARGET_MASQUERADE=m

CONFIG_IP_NF_TARGET_REDIRECT=m

CONFIG_IP_NF_TARGET_NETMAP=m

CONFIG_IP_NF_TARGET_SAME=m

CONFIG_IP_NF_NAT_LOCAL=y

CONFIG_IP_NF_NAT_SNMP_BASIC=m

CONFIG_IP_NF_NAT_IRC=m

CONFIG_IP_NF_NAT_FTP=m

CONFIG_IP_NF_NAT_TFTP=m

CONFIG_IP_NF_NAT_AMANDA=m

CONFIG_IP_NF_MANGLE=m

CONFIG_IP_NF_TARGET_TOS=m

CONFIG_IP_NF_TARGET_ECN=m

CONFIG_IP_NF_TARGET_DSCP=m

CONFIG_IP_NF_TARGET_MARK=m

CONFIG_IP_NF_TARGET_CLASSIFY=m

# CONFIG_IP_NF_RAW is not set

CONFIG_IP_NF_ARPTABLES=m

CONFIG_IP_NF_ARPFILTER=m

CONFIG_IP_NF_ARP_MANGLE=m

# CONFIG_IP_NF_COMPAT_IPCHAINS is not set

# CONFIG_IP_NF_COMPAT_IPFWADM is not set

#

# QoS and/or fair queueing

#

CONFIG_NET_SCHED=y

CONFIG_NET_SCH_CLK_JIFFIES=y

# CONFIG_NET_SCH_CLK_GETTIMEOFDAY is not set

# CONFIG_NET_SCH_CLK_CPU is not set

# CONFIG_NET_SCH_CBQ is not set

CONFIG_NET_SCH_HTB=m

CONFIG_NET_SCH_HFSC=m

CONFIG_NET_SCH_PRIO=m

CONFIG_NET_SCH_RED=m

CONFIG_NET_SCH_SFQ=m

CONFIG_NET_SCH_TEQL=m

CONFIG_NET_SCH_TBF=m

CONFIG_NET_SCH_GRED=m

CONFIG_NET_SCH_DSMARK=m

CONFIG_NET_SCH_NETEM=m

CONFIG_NET_SCH_INGRESS=m

# CONFIG_NET_QOS is not set

CONFIG_NET_CLS=y

# CONFIG_NET_CLS_TCINDEX is not set

# CONFIG_NET_CLS_ROUTE4 is not set

# CONFIG_NET_CLS_ROUTE is not set

CONFIG_NET_CLS_FW=m

CONFIG_NET_CLS_U32=m

# CONFIG_CLS_U32_PERF is not set

# CONFIG_NET_CLS_IND is not set

```

----------

## Parasietje

http://www.szabilinux.hu/bandwidth/

This URL is worth checking out. Download bandwidth limiting works like a charm on my router. If you run a squid proxy, you may have problems limiting download traffic if you use transparent proxying.

Use Delaying Pools for squid bandhwith limiting. (Line 2849 in squid.conf)Last edited by Parasietje on Sat Dec 18, 2004 11:07 am; edited 1 time in total

----------

## Deranger

Nevermind...Last edited by Deranger on Fri Mar 25, 2005 7:40 pm; edited 1 time in total

----------

## hardcampa

```
class htb 1:1 root rate 120Kbit ceil 120Kbit burst 6Kb cburst 1752b

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 120Kbit ceil 120Kbit burst 6Kb cburst 1752b

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 60Kbit ceil 60Kbit burst 6Kb cburst 1675b

class htb 1:30 parent 1:1 leaf 30: prio 3 rate 30Kbit ceil 30Kbit burst 6Kb cburst 1637b
```

The parameters which you typed sets the minimum rate at 120Kbit for class 1.

Then you set the ceiling at 120Kbit as well?

This makes the other 2 classes not recieve any traffic at all during high loads.

Shouldn't you instead divide the maximum rate over the rate parameters in the classes and let the ceiling be the maximum rate so that the other classes can lend each other tokens, thus making sure the full bandwidth can be shared if there's no traffic, seems to me that this is the big thing with HTB over CBQ?

Like this for example:

```
class htb 1:1 root rate 120Kbit ceil 120Kbit burst 6Kb cburst 1752b

class htb 1:10 parent 1:1 leaf 10: prio 1 rate 60Kbit ceil 120Kbit burst 6Kb cburst 1752b

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 30Kbit ceil 120Kbit burst 6Kb cburst 1675b

class htb 1:30 parent 1:1 leaf 30: prio 3 rate 30Kbit ceil 120Kbit burst 6Kb cburst 1637b
```

This guarantees class 1:10 gets at least 60Kbit but will use 120Kbit if the other classes aren't using the bandwidth, etc.

Btw, here's a small oneliner to interactively watch the traffic on the classes so that you can verify that they indeed get the traffic:

```

#!bin/sh

watch tc -s class show eth0
```

Type that in a file and chmod it 755 then just run it.

Just change the device (eth0) to whatever you're using

----------

## barberio

After playing around with the Wondershaper script, and reading the HTB docs, I discovered that theres a lot more you can do with HTB to maintain good bandwidth use on an ADSL line.

Most current simple HTB scripts just limit rates on the queues, so low priority trafic never gets to use the full amount. but use of prio, ceil, burst and cburst offer a relativly simple method to allow low priority trafic to use full bandwidth without the priority trafic being drowned out, or the low priority trafic starved.

I've created simple rc scripts to do this.

The script and it's config

It might also be useful to use MSS clamping. http://howtos.linux.com/howtos/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.shtml

----------

## barberio

It should also be noted that there is a critical bug with the 2.6.8 linux kernel that causes a crash and kernel oops on removing/creating ingress queues and policing. There is a patch available at http://lists.debian.org/debian-kernel/2004/08/msg01623.html and a Report (#76041) on gentoo bugs.

----------

## kkh

i'm using this simple script to limit the outgoing traffic on eth0 (connected to lan and wan) that won't go to local lan:

#!/bin/bash

iptables -t mangle -F

tc qdisc del dev eth0 root

tc qdisc add dev eth0 root handle 1: htb default 10

tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 100mbit

tc class add dev eth0 parent 1:1 classid 1:20 htb rate 10kbps

tc class add dev eth0 parent 1:1 classid 1:30 htb rate 5kbps

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

tc filter add dev eth0 protocol ip parent 1:0 handle 2 fw flowid 1:20

tc filter add dev eth0 protocol ip parent 1:0 handle 3 fw flowid 1:30

iptables -t mangle -A OUTPUT -d ! 192.168.0.0/24 -j MARK --set-mark 2

this works fine beside that the traffic limiting is rather inaccurate. the wan-traffic that gets marked by iptables jumps up and down between 5kb/s and 12kb/s - when limited by software and without htb/sfq the traffic is precisely 10kb/s

----------

## barberio

Try putting Lan trafic on its own root handle. As your tree is now, HTB has to calculate against two other peer qdiscs for the lan trafic.

Also, check quantum? I need to work on that in my own script.

----------

## barberio

Updated my bandwidth RC script to try to calculate working quantum sizes from the MTU of the device being used. This should get rid of messages like 'HTB: quantum of class 10001 is big. Consider r2q change.'

----------

## tuxlover

There's also a very good howto packet shaping on gentoo linux at the gentoo wiki.

----------

## LeTene

It's worth a quick mention that the L7 filtering is now working for the 2.6.10 series kernels - much more elegant solution to protocol-filtering...just emerge l7-filter.

----------

## ranmakun

I'm having problems with HTB, I've created very simple rules to test this and it doesn't work, here's what I'm using:

```

#!/bin/bash

INTERFACE='eth0'

TC='/sbin/tc'

#reset everything

iptables --flush --table mangle

$TC qdisc del dev $INTERFACE root 2> /dev/null > /dev/null

#rules

$TC qdisc add dev $INTERFACE root handle 1: htb default 20

$TC class add dev $INTERFACE parent 1: classid 1:1 htb rate 100kbit

$TC class add dev $INTERFACE parent 1:1 classid 1:10 htb rate 92kbit ceil 100kbit prio 0

$TC class add dev $INTERFACE parent 1:1 classid 1:20 htb rate 32kbit ceil 100kbit prio 1

$TC qdisc add dev $INTERFACE parent 1:10 handle 10: sfq perturb 10

$TC qdisc add dev $INTERFACE parent 1:20 handle 20: sfq perturb 10

iptables -t mangle -A POSTROUTING -o eth0 -p tcp --dport 80 -j CLASSIFY --set-class 1:10

#I've also tried with the following line instead of iptables

#tc filter add dev eth0 parent 1: protocol ip u32 match ip dport 80 0xffff flowid 1:10

```

That is, everything goes to 1:20 except web traffic that goes to 1:10

But it doesn't work, I get the following output from "tc -s class show dev eth0":

 *Quote:*   

> 
> 
> class htb 1:1 root rate 100000bit ceil 100000bit burst 1611b cburst 1611b
> 
>  Sent 1996470 bytes 5057 pkts (dropped 0, overlimits 0)
> ...

 

No matter how much I surf the web 1:10 doesn't fill with anything.

I've also didn't understand why to classify web traffic the author of this thread used source port 80, if traffic is outgoing it should be destination port I think. Anyway, in case you ask, I've tried both, source and destination on my tests but neither of them work. Any ideas?, I don't know what else to try, I've also tried other ways of doing it and can't find a solution. Thank you.

----------

## j-kidd

Try to use prio 1 and prio 2 instead of prio 0 and prio 1. I have tried prio 0 with tc filter as suggested by some websites, but it didn't work. I suspect prio 0 won't work with tc class too.

----------

## DeathAndTaxes

 *ranmakun wrote:*   

> I'm having problems with HTB, I've created very simple rules to test this and it doesn't work, here's what I'm using:
> 
> [code]
> 
> #!/bin/bash
> ...

 

Instead of using the iptables -j CLASSIFY --set-class option, have you tried the -j MARK --set-mark option?  Also, I'm thinking you don't need to --set-class 1:10, but rather just --set-class 10.  Perhaps the CLASSIFY target isn't working for you, while I've never seen the MARK target not work (I'm assuming that both the kernels are configured correctly...If you didn't have CLASSIFY target support, iptables would let you know).

The more I think about it, the more I think you need to just set --set-class 10.

----------

## DeathAndTaxes

 *j-kidd wrote:*   

> Try to use prio 1 and prio 2 instead of prio 0 and prio 1. I have tried prio 0 with tc filter as suggested by some websites, but it didn't work. I suspect prio 0 won't work with tc class too.

 

Sorry to double-post like this...I think prio 0 should work just fine...I've always started counting from 0 with tc and it's always worked (been doing this for about 2 years).  However, I don't *think* there's any adverse affect of starting from 1 or any other number.   :Smile: 

----------

## ranmakun

Thanks for your help guys, but still I couldn't solve it.

I've tried with different prios, but it's the same. I've also tried marking the packets instead of classifying but no luck. Also using "10" in the classifier instead of "1:10", nothing worked.

I've started to investigate things a little closer, "iptables -t mangle -L -v" shows a packet and byte count of zero, with the two methods of classifying by iptables, so I think there is the problem. But I cannot find why it doesn't do it. I'm doing NAT on this machine so I thought maybe it wasn't doing anything for the NATed machines, so I tried to generate web traffic in the machine itself using wget and nothing happened. I've also tried deleting all iptables and setting all policies to ACCEPT and then using mangle and it didn't work either. I'm really out of ideas, maybe it's the kernel?, the modules?

kernel version is 2.6.10-gentoo-r4

```

kaori htb # lsmod

Module                  Size  Used by

ip_conntrack_ftp       70928  -

cls_u32                 5552  -

ipt_limit               1644  -

ipt_multiport           1516  -

ipt_CLASSIFY            1612  -

ipt_mark                1196  -

ipt_length              1228  -

ipt_MARK                1484  -

cls_fw                  2860  -

sch_sfq                 4556  -

sch_htb                21356  -

iptable_mangle          1868  -

ipt_state               1324  -

ipt_LOG                 5836  -

iptable_nat            20776  -

ip_conntrack           37812  -

iptable_filter          2636  -

ip_tables              14144  -

```

----------

## DeathAndTaxes

Have you re-emerged both iproute2 and iptables since compiling this kernel?  Are your error messages getting suppressed somehow?  If it doesn't work, and you're redirecting all the exit messages to /dev/null, you'd not know it.

It could be that the packets are getting marked, but tc isn't configured correctly, or that tc is ok, but the packets are getting marked incorrectly.  I think the usual practice is to create a new target in the mangle table and point all traffic that's destined out $INTERNET_INTERFACE to that new table, then mark the packets there.  You *should* be able to mark them wherever (including the POSTROUTING section), but it is a bit easier to maintain if you build another TARGET.

There's a few utilities you can use to look at the packets as they pass to your interface(s).  I think ethereal can do this, but I've not ever used it.

You can also try changing the default class in your $TC ... root handle ... line.  Change that on the fly in one window and `watch -n1 /sbin/tc -s qdisc show dev eth0` in another window and see if it the traffic starts changing to different filters.

I also try to avoid using tc with the u32 match whenever I can.  I try to handle just marking in iptables and only using tc to do it's thing based on marks.  I've found that tc and ip both can be really, uhm, crashy when something weird happens (try setting up two routes and have a packet match positively in the ruleset for both routes...Your box will probably stop responding to traffic).   :Wink: 

----------

## BeFalou

Hi,

I've been trying to get this all day but I'm starting to think that what I want is not possible. I want to do traffic shaping to get something like Upload Speed Sense , which is a feature present in some emule mods but not in amule, and it consists on giving two values (Min and Max) to the upload rate and the programa itself moves betweeen that values so that you can surf and do internet stuff pretty fast. Since I'm on 512/128 I need to set an upload rate of at least 10kb/s but if I do that my downloads are slowed down too. Thats why I need traffic shaping.

I first tried the script that LeTene posted(modified for my purposes):

```
#!/bin/bash

# Zap the iptables mangle queue

iptables -t mangle -F

# Egress device

OUT=eth0

# Flow rates

MAX=100mbit

BT_MAX=90kbit

# Application names (for "marking")

BT_APP=qtorrent

# Delete existing shaping

tc qdisc del dev $OUT root

# ===========

# Our classes

# ===========

# Top

tc qdisc add dev $OUT root handle 1: htb default 30

tc class add dev $OUT parent 1: classid 1:1 htb rate $MAX

tc class add dev $OUT parent 1:1 classid 1:10 htb rate $MAX

tc class add dev $OUT parent 1:1 classid 1:20 htb rate $BT_MAX ceil $BT_MAX

tc class add dev $OUT parent 1:1 classid 1:30 htb rate $MAX ceil $MAX

# Rehashing

tc qdisc add dev $OUT parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev $OUT parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev $OUT parent 1:30 handle 30: sfq perturb 10

# ===================

# the magic begins...

# ===================

# Bittorrent

iptables -t mangle -A OUTPUT -m owner --cmd-owner $BT_APP -j MARK --set-mark 2

tc filter add dev $OUT protocol ip parent 1:0 handle 2 fw flowid 1:20
```

It worked great but then I realized that my downloads in aMule were slower. That could be because for amule my connection is 90kbits/s and its upload limit (inside the program) is almost that so it's like it was using for uploading all the avaliable upload bandwidth (with the negative effect on downloads). I'm not sure if that's correct.

What I've been trying since then is to only limit the traffic from the upload amule port (lets call it $APP_PORT). I basically tried two different ways, changing from the comment "the magic begins":

1.- Removing last 2 lines and using:

```
tc filter add dev $OUT parent 1:0 protocol ip u32 match ip sport $APP_PORT 0xffff flowid 1:20
```

2.- Removing last 2 lines and using:

```
iptables -t mangle -A POSTROUTING -p tcp --sport $APP_PORT -j CLASSIFY --set-class 1:20
```

Neither of them worked as expected, my inet connection was almost dead all the time.

I need help with this, I don't know if what I'm trying to do is the best way or even possible. Any suggestion will be greatly appreciated.

----------

## kaksi

I cant seem to get the incoming bandwidth (download) to be catched by my script. I do not want to shape the download speed but I want to use it for statistics.

Here is a part of my script:

```

#Classes

# eth0

tc qdisc add dev eth0 root handle 1: htb default 30

tc class add dev eth0 parent 1: classid 1:1 htb rate 9Mbit burst 6k

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 9Mbit burst 6k prio 1

tc class add dev eth0 parent 1:1 classid 1:20 htb rate  8Mbit burst 6k prio 2

tc class add dev eth0 parent 1:1 classid 1:30 htb rate  8Mbit burst 6k prio 3

tc class add dev eth0 parent 1:1 classid 1:40 htb rate  8Mbit burst 6k prio 4

tc class add dev eth0 parent 1:1 classid 1:50 htb rate  8Mbit burst 6k prio 5

tc class add dev eth0 parent 1:1 classid 1:60 htb rate  8Mbit burst 6k prio 6

tc class add dev eth0 parent 1:1 classid 1:70 htb rate  8Mbit burst 6k prio 7

tc class add dev eth0 parent 1:1 classid 1:80 htb rate  8Mbit burst 6k prio 8

tc class add dev eth0 parent 1:1 classid 1:90 htb rate  8Mbit burst 6k prio 9

tc class add dev eth0 parent 1:1 classid 1:100 htb rate  8Mbit burst 6k prio 10

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

tc qdisc add dev eth0 parent 1:40 handle 40: sfq perturb 10

tc qdisc add dev eth0 parent 1:50 handle 50: sfq perturb 10

tc qdisc add dev eth0 parent 1:60 handle 60: sfq perturb 10

tc qdisc add dev eth0 parent 1:70 handle 70: sfq perturb 10

tc qdisc add dev eth0 parent 1:80 handle 80: sfq perturb 10

tc qdisc add dev eth0 parent 1:90 handle 90: sfq perturb 10

tc qdisc add dev eth0 parent 1:100 handle 100: sfq perturb 10

#eth1

tc qdisc add dev eth1 root handle 2: htb default 30

tc class add dev eth1 parent 2: classid 2:1 htb rate 99Mbit burst 6k

tc class add dev eth1 parent 2:1 classid 2:10 htb rate 99Mbit burst 6k prio 1

tc class add dev eth1 parent 2:1 classid 2:20 htb rate  99Mbit burst 6k prio 2

tc class add dev eth1 parent 2:1 classid 2:30 htb rate  99Mbit burst 6k prio 3

tc class add dev eth1 parent 2:1 classid 2:40 htb rate  99Mbit burst 6k prio 4

tc class add dev eth1 parent 2:1 classid 2:50 htb rate  99Mbit burst 6k prio 5

tc class add dev eth1 parent 2:1 classid 2:60 htb rate  99Mbit burst 6k prio 6

tc class add dev eth1 parent 2:1 classid 2:70 htb rate  99Mbit burst 6k prio 7

tc class add dev eth1 parent 2:1 classid 2:80 htb rate  99Mbit burst 6k prio 8

tc class add dev eth1 parent 2:1 classid 2:90 htb rate  99Mbit burst 6k prio 9

tc class add dev eth1 parent 2:1 classid 2:100 htb rate  99Mbit burst 6k prio 10

tc qdisc add dev eth1 parent 2:10 handle 10: sfq perturb 10

tc qdisc add dev eth1 parent 2:20 handle 20: sfq perturb 10

tc qdisc add dev eth1 parent 2:30 handle 30: sfq perturb 10

tc qdisc add dev eth1 parent 2:40 handle 40: sfq perturb 10

tc qdisc add dev eth1 parent 2:50 handle 50: sfq perturb 10

tc qdisc add dev eth1 parent 2:60 handle 60: sfq perturb 10

tc qdisc add dev eth1 parent 2:70 handle 70: sfq perturb 10

tc qdisc add dev eth1 parent 2:80 handle 80: sfq perturb 10

tc qdisc add dev eth1 parent 2:90 handle 90: sfq perturb 10

tc qdisc add dev eth1 parent 2:100 handle 100: sfq perturb 10

```

This script is located at my server that acts as a bridge between my network and my internet connection. Here is a sample output of what happens when I download a 100MB file from a server on the net:

```

 13:22:29 up  1:11,  3 users,  load average: 2.38, 1.34, 0.59

                                          Interval    Cumulated Total

Dev  Classid   Tokens   Ctokens Rate      Speed       Send      Send

-------------------------------------------------------------------------

eth0 1:1       5535     2423    83.78KB   23.76KB/s   240.18KB  1.22MB2KB

eth0 1:10      5535     2423    18.92KB   2.10KB/s    29.19KB   183.08KB

eth0 1:100     6291     2662    0B        0B/s        0B        0B

eth0 1:20      6291     2662    0B        0B/s        0B        0B

eth0 1:30      6226     2597    71.11KB   21.66KB/s   210.99KB  1.04MB4KB

eth0 1:40      6291     2662    0B        0B/s        0B        0B

eth0 1:50      6291     2662    0B        0B/s        0B        0B

eth0 1:60      6291     2662    0B        0B/s        0B        0B

eth0 1:70      6291     2662    0B        0B/s        0B        0B

eth0 1:80      6291     2662    0B        0B/s        0B        0B

eth0 1:90      6291     2662    0B        0B/s        0B        0B

eth1 2:1       383      1032    3.11KB    1.00MB/s    9.71MB    49.45MB

eth1 2:10      502      1151    9.62KB    1.80KB/s    27.20KB   74.46KB

eth1 2:100     507      1156    0B        0B/s        0B        0B

eth1 2:20      494      1143    488B      0B/s        469B      3.07KB

eth1 2:30      503      1152    6.72KB    40B/s       1.73KB    334.38KB

eth1 2:40      507      1156    0B        0B/s        0B        0B

eth1 2:50      383      1032    3.67KB    1.00MB/s    9.67MB    49.01MB

eth1 2:60      507      1156    0B        0B/s        0B        0B

eth1 2:70      360      1009    4.83KB    1.15KB/s    11.93KB   46.71KB

eth1 2:80      507      1156    0B        0B/s        0B        0B

eth1 2:90      507      1156    0B        0B/s        0B        0B

```

As can be seen the trafic from the net to eth0 (nic connected to internet) the traffic cannot be seen. But the traffic from the server (eth1) to my internal computer that donwloads the file can be seen.

Is there anyway I can make this traffic be seen at eth0? Or is that not possible? Is it only outgoing traffic that can be montored?

----------

## opentaka

intresting.

but i guess this thing will limit whole interface instead of by application only.

it will be more then nice if someone can write how to limit the bandwidth by application tho..

----------

## DeathAndTaxes

 *kaksi wrote:*   

> Is there anyway I can make this traffic be seen at eth0? Or is that not possible? Is it only outgoing traffic that can be montored?

 

If I understand it correctly, tc only works on traffic being sent, not on receiving traffic.  If you set up a couple of IMQ devices, you could bend your traffic coming from the interenet (on eth0, right) to one of your IMQ devices, classifying it as it goes, and get nice stats if you need them.

Alternatively, you could mark the packets with iptables as they come in, and then count the packets with iptables and get your stats off of that with an iptables -t mangle -L WHATEVERYOURTABLEISCALLED -v -n.  .   :Wink: 

----------

## bookstack

Is there anyway to shape the traffic more dedicately ?

For example, limit the dl/ul bandwidth according the user, time, application ...

----------

## DeathAndTaxes

 *bookstack wrote:*   

> Is there anyway to shape the traffic more dedicately ?
> 
> For example, limit the dl/ul bandwidth according the user, time, application ...

 

Yes, the trick is getting the right patch(es) for iptables.  I know there are patches for time of day, and I know there's some patches for p2p traffic.  The term 'application' is a bit esoteric...Your router is only interested in ips and ports for the most part...It won't know if you're browsing with konqueror or firefox, just it sees port 80 traffic.

I think there's some per-user stuff that's relatively new, but I'm not familiar with it myself.

I'd look at www.lartc.org and google around it's mailing lists and such.  I'm sure there's other people out there who have done/are interested in doing what you want.  I'd suggest joining the lartc.org mailing list and posting your questions to it, since those are the guys who do this sort of stuff.   :Wink: 

----------

## ranmakun

There is traffic analyzer software that uses iptables to mark the traffic, then you can classify it easily.

I read about it the other day at work and I think I bookmarked it there, tomorrow I'll see if I have the site.

----------

## ranmakun

 *ranmakun wrote:*   

> There is traffic analyzer software that uses iptables to mark the traffic, then you can classify it easily.
> 
> I read about it the other day at work and I think I bookmarked it there, tomorrow I'll see if I have the site.

 

Ok, here I found it: http://l7-filter.sourceforge.net/

 *Quote:*   

> 
> 
> L7-filter is a classifier for the Linux kernel's Netfilter subsystem that identifies packets based on application layer data. This means that it can classify packets as HTTP, FTP, Gnucleus, eDonkey2000, etc., regardless of port. It complements existing classifiers that match on address, port numbers and so on.
> 
> Our intent is for l7-filter to be used in conjunction with Linux QoS to do bandwith arbitration ("packet shaping").
> ...

 

Looks promising, I didn't have time to test it yet.

----------

## ranmakun

Another one: http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html

 *Quote:*   

> 
> 
> The goal of the IPP2P project is to identify peer-to-peer (P2P) data in IP traffic. For this purpose we extended the iptables/netfilter architecture by a new matching module. Thereby IPP2P integrates itself easily into existing Linux firewalls and it's functionality can be used by adding appropriate filter rules.
> 
> IPP2P uses suitable search patterns to identify P2P traffic thus allowing the reliable identifcation of traffic belonging to many P2P networks. Once identified one may handle P2P traffic in different ways - dropping such traffic, putting into low priority classes or shaping to a given bandwidth limit is possible. Reducing costs, freeing network ressources and therefore improving network performance is often the result of using IPP2P.
> ...

 

----------

## tnt

l7-filter (with little hacking of iptables source) works fine on amd64.

here is an example:

http://www.aaen.edu.yu/~tnt/forums/titan.eth2-week.png

 :Wink: 

----------

## tnt

 *barberio wrote:*   

> Updated my bandwidth RC script to try to calculate working quantum sizes from the MTU of the device being used. This should get rid of messages like 'HTB: quantum of class 10001 is big. Consider r2q change.'

 

Seems that your scritps are missing.

Could you past them here?

 :Question: 

----------

## ranmakun

 *tnt wrote:*   

> l7-filter (with little hacking of iptables source) works fine on amd64.
> 
> here is an example:
> 
> http://www.aaen.edu.yu/~tnt/forums/titan.eth2-week.png
> ...

 

Two questions:

1.  There is an l7-filter ebuild, but I don't see any iptables USE flag to use with it for l7-filter support. Did you patched iptables manually?

2. What did you use to make those graphs?

----------

## tnt

1. you should emerge iptables with 'extensions' use flag 

```
titan ~ # emerge -pv iptables

These are the packages that I would merge, in order:

Calculating dependencies ...done!

[ebuild   R   ] net-firewall/iptables-1.2.11-r3  -debug +extensions -ipv6 -static 0 kB

Total size of downloads: 0 kB

titan ~ #
```

but in my case (amd64 system) I had to patch source manually to solve bug about 64-bit integer.

details here:

https://bugs.gentoo.org/show_bug.cgi?id=88218

2. I use rrdtool (which rulz  :Very Happy:  ) to monitor all of my server activities and later to draw graphs

 :Wink: 

----------

## ranmakun

 *tnt wrote:*   

> 1. you should emerge iptables with 'extensions' use flag
> 
> 2. I use rrdtool (which rulz  ) to monitor all of my server activities and later to draw graphs
> 
> 

 

I see, well, I have a problem with the extensions use flag:

```

[snip]

 * WARNING: 3rd party extensions has been enabled.

 * This means that iptables will use your currently installed

 * kernel in /usr/src/linux as headers for iptables.

 *

 * You may have to patch your kernel to allow iptables to build.

 * Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ for patches

 * for your kernel.

>>> Unpacking source...

>>> Unpacking iptables-1.2.11.tar.bz2 to /var/tmp/portage/iptables-1.2.11-r3/work

 * Applying grsecurity-1.2.8-iptables.patch.bz2 ...                                                                                [ ok ]

 * Applying install_ipv6_apps.patch.bz2 ...                                                                                        [ ok ]

 * Applying install_all_dev_files.patch.bz2 ...                                                                                    [ ok ]

 * Applying round-robin.patch ...                                                                                                  [ ok ]

 * Applying CAN-2004-0986.patch ...                                                                                                [ ok ]

 * Applying iptables-1.2.9-imq1.diff.bz2 ...                                                                                       [ ok ]

 * Applying iptables-layer7-0.9.0.patch.bz2 ...                                                                                    [ ok ]

>>> Source unpacked.

Making dependencies: please wait...

Something wrong... deleting dependencies.

make: *** [../ipset/libipt_set.h] Error 1

!!! ERROR: net-firewall/iptables-1.2.11-r3 failed.

!!! Function src_compile, Line 91, Exitcode 2

!!! Please check http://cvs.iptables.org/patch-o-matic-ng/updates/ if your kernel needs to be patched for iptables

!!! If you need support, post the topmost build error, NOT this status message.

```

2. I imagined it was rrdtool, but do you use any special tool or you do it manually?, in this case, how do you get the value of each sample for the rrd?

----------

## tnt

Well, don't know anything about error you've got, but I'll paste my message to you here for others to see my examples of my scripts

 *Quote:*   

> Hello.
> 
> I don't use serverstats (couldn't even open that demo but newermind). 
> 
> I don't have mail server so I didn't have chance to try to monitor it. I've heard that 'mailgraph' is using rrdtool as a background for mail-server statistics.
> ...

 

----------

## ranmakun

 *tnt wrote:*   

> Well, don't know anything about error you've got, but I'll paste my message to you here for others to see my examples of my scripts
> 
> 

 

Well, thank you, this centainlly gave me some ideas I could use. Althought I don't see where you calculate the kb/s used by p2p, maybe I'm missing something.

The iptables problem was solved downgrading to a previous version, since upgrading to a ~x86 also had problems, a different one but still a problem.

----------

## tnt

Well, situation for p2p is a little bit complicated... I have 3 NICs in server: LAN, wifi comunity and internet (eth0, eth1, eth2).

P2P is shaped only for internet, but recorded for wifi too. I don't use IMQ so I have to limit incomming p2p traffic not at eth2 (internet iface) but on eth0 that is LAN iface. I mark packets comming from internet that are p2p (eth2) and when they are queued in eth0 for sending to client I put them in slow dequeuing class (by tc). P2P for wifi is something different, there are some allowed and not allowed ports for DC.

Part of firewall script I use for marking:

```
# 4.3 MANGLE table

# FORWARD chain

# PREROUTING chain

$IPTABLES -t mangle -A PREROUTING -i $LAN_IFACE -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto directconnect -j MARK --set-mark 0x102

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p TCP --sport ! 5444:5453 --dport ! 5444:5453 \

-m mark --mark 0x102 -j MARK --set-mark 0x109

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p TCP -m multiport --source-port 411,412,4012 \

-m mark --mark 0x109 -j MARK --set-mark 0x102

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p TCP -m multiport --destination-port 411,412,4012 \

-m mark --mark 0x109 -j MARK --set-mark 0x102

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x109 -m limit --limit 3/minute --limit-burst 3 -j LOG \

--log-level DEBUG --log-prefix "directconnect (input): "

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x102 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x109 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto fasttrack -j MARK --set-mark 0x101

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x101 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto gnutella -j MARK --set-mark 0x103

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x103 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto bittorrent -j MARK --set-mark 0x104

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x104 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto openft -j MARK --set-mark 0x105

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x105 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p TCP --sport 4200:4700 -m layer7 --l7proto edonkey -j MARK --set-mark 0x106

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x106 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto tesla -j MARK --set-mark 0x100

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x100 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto mute -j MARK --set-mark 0x100

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x100 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto applejuice -j MARK --set-mark 0x100

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x100 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto 100bao -j MARK --set-mark 0x100

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x100 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto fasttrack -j MARK --set-mark 0x201

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x201 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto directconnect -j MARK --set-mark 0x202

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x202 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto gnutella -j MARK --set-mark 0x203

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x203 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto bittorrent -j MARK --set-mark 0x204

#$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x204 -m limit --limit 3/minute --limit-burst 3 -j LOG \

#--log-level DEBUG --log-prefix "bittorrent: "

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x204 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto openft -j MARK --set-mark 0x205

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x205 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p TCP --sport 4200:4700 -m layer7 --l7proto edonkey -j MARK --set-mark 0x206

#$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x206 -m limit --limit 3/minute --limit-burst 3 -j LOG \

#--log-level DEBUG --log-prefix "edonkey: "

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x206 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto tesla -j MARK --set-mark 0x200

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x200 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto mute -j MARK --set-mark 0x200

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x200 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto applejuice -j MARK --set-mark 0x200

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x200 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto 100bao -j MARK --set-mark 0x200

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x200 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto poco -j MARK --set-mark 0x200

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x200 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto soribada -j MARK --set-mark 0x200

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x200 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto msn-filetransfer -j MARK --set-mark 0x200

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x200 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p TCP --sport 1080 -j MARK --set-mark 0x200

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto smtp -j MARK --set-mark 0x207

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x207 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto pop3 -j MARK --set-mark 0x207

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x207 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto imap -j MARK --set-mark 0x207

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x207 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto ftp -j MARK --set-mark 0x207

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x207 -j RETURN

# POSTROUTING chain

$IPTABLES -t mangle -A POSTROUTING -o $LAN_IFACE -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -d 10.0.0.114 -j MARK --set-mark 0x119

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x119 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto directconnect -j MARK --set-mark 0x112

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p TCP --sport ! 5444:5453 --dport ! 5444:5453 \

-m mark --mark 0x112 -j MARK --set-mark 0x119

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p TCP -m multiport --source-port 411,412,4012 \

-m mark --mark 0x119 -j MARK --set-mark 0x112

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p TCP -m multiport --destination-port 411,412,4012 \

-m mark --mark 0x119 -j MARK --set-mark 0x112

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x119 -m limit --limit 3/minute --limit-burst 3 -j LOG \

--log-level DEBUG --log-prefix "directconnect (output): "

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x112 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x119 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto fasttrack -j MARK --set-mark 0x111

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x111 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto gnutella -j MARK --set-mark 0x113

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x113 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto bittorrent -j MARK --set-mark 0x114

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x114 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto openft -j MARK --set-mark 0x115

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x115 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p TCP --dport 4200:4700 -m layer7 --l7proto edonkey -j MARK --set-mark 0x116

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x116 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto tesla -j MARK --set-mark 0x110

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x110 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto mute -j MARK --set-mark 0x110

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x110 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto applejuice -j MARK --set-mark 0x110

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x110 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto 100bao -j MARK --set-mark 0x110

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x110 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p TCP --sport 80 -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x217 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto fasttrack -j MARK --set-mark 0x211

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x211 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto directconnect -j MARK --set-mark 0x212

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x212 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto gnutella -j MARK --set-mark 0x213

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x213 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto bittorrent -j MARK --set-mark 0x214

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x214 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto openft -j MARK --set-mark 0x215

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x215 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p TCP --dport 4200:4700 -m layer7 --l7proto edonkey -j MARK --set-mark 0x216

#$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x216 -m limit --limit 3/minute --limit-burst 3 -j LOG \

#--log-level DEBUG --log-prefix "edonkey: "

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x216 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto tesla -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x210 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto mute -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x210 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto applejuice -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x210 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto 100bao -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x210 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto poco -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x210 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto soribada -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x210 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto msn-filetransfer -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x210 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p TCP --dport 1080 -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto smtp -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x217 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto pop3 -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x217 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto imap -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x217 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto ftp -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x217 -j RETURN

```

tc scripts used for eth0, eth1 and eth2 are:

```
#!/bin/bash

UPLINK=100

P2P=24

PUNISH=80

DEV=eth0

# cistimo sve sto je do sad bilo na device-u

tc qdisc del dev $DEV root    2> /dev/null > /dev/null

tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

# pravimo klase:

tc qdisc add dev $DEV root handle 1: htb default 10 r2q 63

tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}mbit

tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}mbit prio 1

tc class add dev $DEV parent 1:1 classid 1:20 htb rate ${P2P}kbit prio 2 quantum 1514

tc class add dev $DEV parent 1:1 classid 1:30 htb rate ${PUNISH}kbit prio 3 quantum 1514

tc qdisc add dev $DEV parent 1:10 handle 100: sfq perturb 11

tc qdisc add dev $DEV parent 1:20 handle 200: sfq perturb 13

tc qdisc add dev $DEV parent 1:30 handle 300: sfq perturb 15

# rasporedjujemo pakete po klasama na osnovu markiranja:

tc filter add dev $DEV parent 1:0 protocol ip prio 10 handle 0x201 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 15 handle 0x202 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 20 handle 0x203 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 25 handle 0x204 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 30 handle 0x205 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 35 handle 0x206 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 40 handle 0x200 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 45 handle 0x109 fw classid 1:30

#!/bin/bash

UPLINK=100

P2P=100

PUNISH=80

DEV=eth1

# cistimo sve sto je do sad bilo na device-u

tc qdisc del dev $DEV root    2> /dev/null > /dev/null

tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

# pravimo klase:

tc qdisc add dev $DEV root handle 1: htb default 10 r2q 63

tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}mbit

tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}mbit prio 1

tc class add dev $DEV parent 1:1 classid 1:20 htb rate ${P2P}mbit prio 2

tc class add dev $DEV parent 1:1 classid 1:30 htb rate ${PUNISH}kbit prio 3 quantum 1514

tc qdisc add dev $DEV parent 1:10 handle 100: sfq perturb 11

tc qdisc add dev $DEV parent 1:20 handle 200: sfq perturb 13

tc qdisc add dev $DEV parent 1:30 handle 300: sfq perturb 15

# rasporedjujemo pakete po klasama na osnovu markiranja:

tc filter add dev $DEV parent 1:0 protocol ip prio 10 handle 0x111 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 15 handle 0x112 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 20 handle 0x113 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 25 handle 0x114 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 30 handle 0x115 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 35 handle 0x116 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 40 handle 0x110 fw classid 1:20

tc filter add dev $DEV parent 1:0 protocol ip prio 45 handle 0x119 fw classid 1:30

#!/bin/bash

UPLINK=100

LOW_PRIO=48

P2P=16

DEV=eth2

# cistimo sve sto je do sad bilo na device-u

tc qdisc del dev $DEV root    2> /dev/null > /dev/null

tc qdisc del dev $DEV ingress 2> /dev/null > /dev/null

# pravimo klase:

tc qdisc add dev $DEV root handle 1: htb default 10 r2q 63

tc class add dev $DEV parent 1: classid 1:1 htb rate ${UPLINK}mbit

tc class add dev $DEV parent 1:1 classid 1:10 htb rate ${UPLINK}mbit prio 1

tc class add dev $DEV parent 1:1 classid 1:20 htb rate ${LOW_PRIO}kbit prio 2 quantum 1514

tc class add dev $DEV parent 1:20 classid 1:100 htb rate ${LOW_PRIO}kbit prio 2 quantum 1514

tc class add dev $DEV parent 1:20 classid 1:200 htb rate ${P2P}kbit prio 3 quantum 1514

tc qdisc add dev $DEV parent 1:10 handle 10: sfq perturb 11

tc qdisc add dev $DEV parent 1:100 handle 100: sfq perturb 15

tc qdisc add dev $DEV parent 1:200 handle 200: sfq perturb 13

# rasporedjujemo pakete po klasama na osnovu markiranja:

tc filter add dev $DEV parent 1:0 protocol ip prio 5 handle 0x217 fw classid 1:100

tc filter add dev $DEV parent 1:0 protocol ip prio 10 handle 0x211 fw classid 1:200

tc filter add dev $DEV parent 1:0 protocol ip prio 15 handle 0x212 fw classid 1:200

tc filter add dev $DEV parent 1:0 protocol ip prio 20 handle 0x213 fw classid 1:200

tc filter add dev $DEV parent 1:0 protocol ip prio 25 handle 0x214 fw classid 1:200

tc filter add dev $DEV parent 1:0 protocol ip prio 30 handle 0x215 fw classid 1:200

tc filter add dev $DEV parent 1:0 protocol ip prio 35 handle 0x216 fw classid 1:200

tc filter add dev $DEV parent 1:0 protocol ip prio 40 handle 0x210 fw classid 1:200

```

and p2p.rrd update script looks like this:

```
#!/usr/bin/perl -w

#

use RRDs;

sleep 2;

# define location of rrdtool databases

my $rrd = '/var/lib/rrd';

my $eth1_in_ft = `iptables -t mangle -L -n -v -x|grep 0x101|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_out_ft = `iptables -t mangle -L -n -v -x|grep 0x111|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_in_dc = `iptables -t mangle -L -n -v -x|grep 0x102|grep LAYER7|gawk '{print \$2; exit}'` *1;

my $eth1_out_dc = `iptables -t mangle -L -n -v -x|grep 0x112|grep LAYER7|gawk '{print \$2; exit}'` *1;

my $eth1_in_gnu = `iptables -t mangle -L -n -v -x|grep 0x103|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_out_gnu = `iptables -t mangle -L -n -v -x|grep 0x113|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_in_bittor = `iptables -t mangle -L -n -v -x|grep 0x104|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_out_bittor = `iptables -t mangle -L -n -v -x|grep 0x114|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_in_oft = `iptables -t mangle -L -n -v -x|grep 0x105|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_out_oft = `iptables -t mangle -L -n -v -x|grep 0x115|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_in_edonk = `iptables -t mangle -L -n -v -x|grep 0x106|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_out_edonk = `iptables -t mangle -L -n -v -x|grep 0x116|grep LAYER7|gawk '{print \$2}'` *1;

my $eth1_in_rest = `iptables -t mangle -L -n -v -x|grep 0x100|grep LAYER7|gawk 'BEGIN{sum=0}{sum+=\$2}END{print sum}'` *1;

my $eth1_out_rest = `iptables -t mangle -L -n -v -x|grep 0x110|grep LAYER7|gawk 'BEGIN{sum=0}{sum+=\$2}END{print sum}'` *1;

my $eth2_in_ft = `iptables -t mangle -L -n -v -x|grep 0x201|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_out_ft = `iptables -t mangle -L -n -v -x|grep 0x211|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_in_dc = `iptables -t mangle -L -n -v -x|grep 0x202|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_out_dc = `iptables -t mangle -L -n -v -x|grep 0x212|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_in_gnu = `iptables -t mangle -L -n -v -x|grep 0x203|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_out_gnu = `iptables -t mangle -L -n -v -x|grep 0x213|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_in_bittor = `iptables -t mangle -L -n -v -x|grep 0x204|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_out_bittor = `iptables -t mangle -L -n -v -x|grep 0x214|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_in_oft = `iptables -t mangle -L -n -v -x|grep 0x205|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_out_oft = `iptables -t mangle -L -n -v -x|grep 0x215|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_in_edonk = `iptables -t mangle -L -n -v -x|grep 0x206|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_out_edonk = `iptables -t mangle -L -n -v -x|grep 0x216|grep LAYER7|gawk '{print \$2}'` *1;

my $eth2_in_rest = `iptables -t mangle -L -n -v -x|grep 0x200|grep LAYER7|gawk 'BEGIN{sum=0}{sum+=\$2}END{print sum}'` *1;

my $eth2_out_rest = `iptables -t mangle -L -n -v -x|grep 0x210|grep LAYER7|gawk 'BEGIN{sum=0}{sum+=\$2}END{print sum}'` *1;

my $uptime = `cut -d" " -f1 /proc/uptime` *1;

if ($uptime > 600) {

# insert values into rrd

RRDs::update "$rrd/p2p.rrd",

        "-t", "eth1_in_ft:eth1_out_ft:eth1_in_dc:eth1_out_dc:eth1_in_gnu:eth1_out_gnu:eth1_in_bittor:eth1_out_bittor:eth1_in_oft:eth1_out_oft:eth1_in_edonk:eth1_out_edonk:eth1_in_rest:eth1_out_rest:eth2_in_ft:eth2_out_ft:eth2_in_dc:eth2_out_dc:eth2_in_gnu:eth2_out_gnu:eth2_in_bittor:eth2_out_bittor:eth2_in_oft:eth2_out_oft:eth2_in_edonk:eth2_out_edonk:eth2_in_rest:eth2_out_rest",

        "N:$eth1_in_ft:$eth1_out_ft:$eth1_in_dc:$eth1_out_dc:$eth1_in_gnu:$eth1_out_gnu:$eth1_in_bittor:$eth1_out_bittor:$eth1_in_oft:$eth1_out_oft:$eth1_in_edonk:$eth1_out_edonk:$eth1_in_rest:$eth1_out_rest:$eth2_in_ft:$eth2_out_ft:$eth2_in_dc:$eth2_out_dc:$eth2_in_gnu:$eth2_out_gnu:$eth2_in_bittor:$eth2_out_bittor:$eth2_in_oft:$eth2_out_oft:$eth2_in_edonk:$eth2_out_edonk:$eth2_in_rest:$eth2_out_rest";

if ($ERROR = RRDs::error) { print "unable to update: $ERROR\n"; }

}

```

I hope you'll find your way in all this mess.  :Very Happy: 

If you get stucked, do not hesitate to ask!

----------

## kaksi

tnt: Please post the script that creates the rrd database.

----------

## tnt

This one creates p2p.rrd database:

```
#!/usr/bin/perl -w

#

use RRDs;

# define location of rrdtool databases

my $rrd = '/var/lib/rrd';

if (! -e "$rrd/p2p.rrd")

{

        print "creating rrd database for p2p...\n";

        RRDs::create "$rrd/p2p.rrd",

                "-s 300",

                "DS:eth0_in_ft:DERIVE:600:0:12500000",

                "DS:eth0_in_dc:DERIVE:600:0:12500000",

                "DS:eth0_in_gnu:DERIVE:600:0:12500000",

                "DS:eth0_in_bittor:DERIVE:600:0:12500000",

                "DS:eth0_in_oft:DERIVE:600:0:12500000",

                "DS:eth0_in_edonk:DERIVE:600:0:12500000",

                "DS:eth0_in_rest:DERIVE:600:0:12500000",

                "DS:eth0_out_ft:DERIVE:600:0:12500000",

                "DS:eth0_out_dc:DERIVE:600:0:12500000",

                "DS:eth0_out_gnu:DERIVE:600:0:12500000",

                "DS:eth0_out_bittor:DERIVE:600:0:12500000",

                "DS:eth0_out_oft:DERIVE:600:0:12500000",

                "DS:eth0_out_edonk:DERIVE:600:0:12500000",

                "DS:eth0_out_rest:DERIVE:600:0:12500000",

                "DS:eth1_in_ft:DERIVE:600:0:12500000",

                "DS:eth1_in_dc:DERIVE:600:0:12500000",

                "DS:eth1_in_gnu:DERIVE:600:0:12500000",

                "DS:eth1_in_bittor:DERIVE:600:0:12500000",

                "DS:eth1_in_oft:DERIVE:600:0:12500000",

                "DS:eth1_in_edonk:DERIVE:600:0:12500000",

                "DS:eth1_in_rest:DERIVE:600:0:12500000",

                "DS:eth1_out_ft:DERIVE:600:0:12500000",

                "DS:eth1_out_dc:DERIVE:600:0:12500000",

                "DS:eth1_out_gnu:DERIVE:600:0:12500000",

                "DS:eth1_out_bittor:DERIVE:600:0:12500000",

                "DS:eth1_out_oft:DERIVE:600:0:12500000",

                "DS:eth1_out_edonk:DERIVE:600:0:12500000",

                "DS:eth1_out_rest:DERIVE:600:0:12500000",

                "DS:eth2_in_ft:DERIVE:600:0:12500000",

                "DS:eth2_in_dc:DERIVE:600:0:12500000",

                "DS:eth2_in_gnu:DERIVE:600:0:12500000",

                "DS:eth2_in_bittor:DERIVE:600:0:12500000",

                "DS:eth2_in_oft:DERIVE:600:0:12500000",

                "DS:eth2_in_edonk:DERIVE:600:0:12500000",

                "DS:eth2_in_rest:DERIVE:600:0:12500000",

                "DS:eth2_out_ft:DERIVE:600:0:12500000",

                "DS:eth2_out_dc:DERIVE:600:0:12500000",

                "DS:eth2_out_gnu:DERIVE:600:0:12500000",

                "DS:eth2_out_bittor:DERIVE:600:0:12500000",

                "DS:eth2_out_oft:DERIVE:600:0:12500000",

                "DS:eth2_out_edonk:DERIVE:600:0:12500000",

                "DS:eth2_out_rest:DERIVE:600:0:12500000",

                "DS:eth3_in_ft:DERIVE:600:0:12500000",

                "DS:eth3_in_dc:DERIVE:600:0:12500000",

                "DS:eth3_in_gnu:DERIVE:600:0:12500000",

                "DS:eth3_in_bittor:DERIVE:600:0:12500000",

                "DS:eth3_in_oft:DERIVE:600:0:12500000",

                "DS:eth3_in_edonk:DERIVE:600:0:12500000",

                "DS:eth3_in_rest:DERIVE:600:0:12500000",

                "DS:eth3_out_ft:DERIVE:600:0:12500000",

                "DS:eth3_out_dc:DERIVE:600:0:12500000",

                "DS:eth3_out_gnu:DERIVE:600:0:12500000",

                "DS:eth3_out_bittor:DERIVE:600:0:12500000",

                "DS:eth3_out_oft:DERIVE:600:0:12500000",

                "DS:eth3_out_edonk:DERIVE:600:0:12500000",

                "DS:eth3_out_rest:DERIVE:600:0:12500000",

                "RRA:AVERAGE:0.5:1:576",

                "RRA:AVERAGE:0.9:6:672",

                "RRA:AVERAGE:0.9:24:744",

                "RRA:AVERAGE:0.9:288:730",

                "RRA:AVERAGE:0.9:2016:522";

        if ($ERROR = RRDs::error) { print "unable to generate database: $ERROR\n"; }

}

```

And this one is for system-5m.rrd:

```
#!/usr/bin/perl -w

#

use RRDs;

# define location of rrdtool databases

my $rrd = '/var/lib/rrd';

if (! -e "$rrd/system-5min.rrd")

{

        print "creating rrd database for system-5min...\n";

        RRDs::create "$rrd/system-5min.rrd",

                "-s 300",

                "DS:temp_cpu:GAUGE:600:-20:200",

                "DS:temp_sys:GAUGE:600:-20:200",

                "DS:temp_sda:GAUGE:600:-20:200",

                "DS:temp_sdb:GAUGE:600:-20:200",

                "DS:temp_sdc:GAUGE:600:-20:200",

                "DS:temp_sdd:GAUGE:600:-20:200",

                "DS:fan1:GAUGE:600:0:10000",

                "DS:fan2:GAUGE:600:0:10000",

                "DS:fan3:GAUGE:600:0:10000",

                "DS:voltage_cpu:GAUGE:600:0:5",

                "DS:voltage_ram:GAUGE:600:0:5",

                "DS:voltage_33v:GAUGE:600:0:7",

                "DS:voltage_5v:GAUGE:600:0:10",

                "DS:voltage_12v:GAUGE:600:0:20",

                "DS:voltage_bat:GAUGE:600:0:50",

                "DS:cpu0_user:COUNTER:600:0:100",

                "DS:cpu0_nice:COUNTER:600:0:100",

                "DS:cpu0_system:COUNTER:600:0:100",

                "DS:cpu0_iowait:COUNTER:600:0:100",

                "DS:cpu0_irq:COUNTER:600:0:100",

                "DS:cpu0_softirq:COUNTER:600:0:100",

                "DS:cpu1_user:COUNTER:600:0:100",

                "DS:cpu1_nice:COUNTER:600:0:100",

                "DS:cpu1_system:COUNTER:600:0:100",

                "DS:cpu1_iowait:COUNTER:600:0:100",

                "DS:cpu1_irq:COUNTER:600:0:100",

                "DS:cpu1_softirq:COUNTER:600:0:100",

                "DS:time_1000:COUNTER:600:0:300000",

                "DS:time_1800:COUNTER:600:0:300000",

                "DS:load:GAUGE:600:0:U",

                "DS:ip_conntrack_count:GAUGE:600:0:U",

                "DS:uptime:GAUGE:600:0:U",

                "DS:mem_buffers:GAUGE:600:0:U",

                "DS:mem_cache:GAUGE:600:0:U",

                "DS:mem_app:GAUGE:600:0:U",

                "DS:mem_active:GAUGE:600:0:U",

                "DS:mem_inactive:GAUGE:600:0:U",

                "DS:swap_total:GAUGE:600:0:U",

                "DS:swap_cached:GAUGE:600:0:U",

                "DS:swaped_in:COUNTER:600:0:U",

                "DS:swaped_out:COUNTER:600:0:U",

                "DS:dirty_pages:GAUGE:600:0:U",

                "DS:eth0_in:COUNTER:600:0:12500000",

                "DS:eth0_out:COUNTER:600:0:12500000",

                "DS:eth1_in:COUNTER:600:0:12500000",

                "DS:eth1_out:COUNTER:600:0:12500000",

                "DS:eth2_in:COUNTER:600:0:12500000",

                "DS:eth2_out:COUNTER:600:0:12500000",

                "DS:eth3_in:COUNTER:600:0:12500000",

                "DS:eth3_out:COUNTER:600:0:12500000",

                "DS:sda_read:COUNTER:600:0:U",

                "DS:sda_write:COUNTER:600:0:U",

                "DS:sdb_read:COUNTER:600:0:U",

                "DS:sdb_write:COUNTER:600:0:U",

                "DS:sdc_read:COUNTER:600:0:U",

                "DS:sdc_write:COUNTER:600:0:U",

                "DS:sdd_read:COUNTER:600:0:U",

                "DS:sdd_write:COUNTER:600:0:U",

                "DS:blanko_counter_01:COUNTER:600:0:U",

                "DS:blanko_counter_02:COUNTER:600:0:U",

                "DS:blanko_counter_03:COUNTER:600:0:U",

                "DS:blanko_counter_04:COUNTER:600:0:U",

                "DS:blanko_counter_05:COUNTER:600:0:U",

                "DS:blanko_counter_06:COUNTER:600:0:U",

                "DS:blanko_counter_07:COUNTER:600:0:U",

                "DS:blanko_counter_08:COUNTER:600:0:U",

                "DS:blanko_counter_09:COUNTER:600:0:U",

                "DS:blanko_counter_10:COUNTER:600:0:U",

                "DS:blanko_gauge_01:GAUGE:600:0:U",

                "DS:blanko_gauge_02:GAUGE:600:0:U",

                "DS:blanko_gauge_03:GAUGE:600:0:U",

                "DS:blanko_gauge_04:GAUGE:600:0:U",

                "DS:blanko_gauge_05:GAUGE:600:0:U",

                "DS:blanko_gauge_06:GAUGE:600:0:U",

                "DS:blanko_gauge_07:GAUGE:600:0:U",

                "DS:blanko_gauge_08:GAUGE:600:0:U",

                "DS:blanko_gauge_09:GAUGE:600:0:U",

                "DS:blanko_gauge_10:GAUGE:600:0:U",

                "DS:blanko_derive_01:DERIVE:600:0:U",

                "DS:blanko_derive_02:DERIVE:600:0:U",

                "DS:blanko_derive_03:DERIVE:600:0:U",

                "DS:blanko_derive_04:DERIVE:600:0:U",

                "DS:blanko_derive_05:DERIVE:600:0:U",

                "DS:blanko_absolute_01:ABSOLUTE:600:0:U",

                "DS:blanko_absolute_02:ABSOLUTE:600:0:U",

                "DS:blanko_absolute_03:ABSOLUTE:600:0:U",

                "DS:blanko_absolute_04:ABSOLUTE:600:0:U",

                "DS:blanko_absolute_05:ABSOLUTE:600:0:U",

                "RRA:AVERAGE:0.5:1:576",

                "RRA:AVERAGE:0.9:6:672",

                "RRA:AVERAGE:0.9:24:744",

                "RRA:AVERAGE:0.9:288:730",

                "RRA:AVERAGE:0.9:2016:522";

        if ($ERROR = RRDs::error) { print "unable to generate database: $ERROR\n"; }

}

if (! -e "$rrd/system-procs.rrd")

{

        print "creating rrd database for system-procs...\n";

        RRDs::create "$rrd/system-procs.rrd",

                "-s 300",

                "DS:processes_active:GAUGE:600:0:U",

                "DS:processes_total:GAUGE:600:0:U",

                "RRA:AVERAGE:0.5:1:576",

                "RRA:AVERAGE:0.9:6:672",

                "RRA:AVERAGE:0.9:24:744",

                "RRA:AVERAGE:0.9:288:730",

                "RRA:AVERAGE:0.9:2016:522";

        if ($ERROR = RRDs::error) { print "unable to generate database: $ERROR\n"; }

}

```

----------

## kaksi

Anyone that can see what is wrong with my script?

I have two nics. One is eth0 and is connected to internet and one is eth1 and is connected to my internal lan. These two are brdiged as br0 (maybe that what is wrong?)

Anyway here is the script:

```

#!/bin/bash

#INTERFACE

INET_IFACE=eth0

WIFI_IFACE=eth1

IPTABLES=/sbin/iptables

#Flushing all tables

iptables -F INPUT

iptables -F FORWARD

iptables -F OUTPUT

iptables -t mangle -F

iptables -t mangle -F INPUT

iptables -t mangle -F FORWARD

iptables -t mangle -F OUTPUT

iptables -t mangle -F POSTROUTING

tc qdisc del dev $WIFI_IFACE root

tc qdisc del dev $INET_IFACE root

# MANGLE table

##DC

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto directconnect -j MARK --set-mark 0x102

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p TCP --sport ! 5444:5453 --dport ! 5444:5453 -m mark --mark 0x102 -j MARK --set-mark 0x602

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p TCP -m multiport --source-port 411,412,4012 -m mark --mark 0x602 -j MARK --set-mark 0x102

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p TCP -m multiport --destination-port 411,412,4012 -m mark --mark 0x602 -j MARK --set-mark 0x102

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x602 -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "directconnect (input): "

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x102 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x602 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto directconnect -j MARK --set-mark 0x202

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p TCP --sport ! 5444:5453 --dport ! 5444:5453 -m mark --mark 0x112 -j MARK --set-mark 0x702

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p TCP -m multiport --source-port 411,412,4012 -m mark --mark 0x702 -j MARK --set-mark 0x202

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p TCP -m multiport --destination-port 411,412,4012 -m mark --mark 0x702 -j MARK --set-mark 0x202

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x702 -m limit --limit 3/minute --limit-burst 3 -j LOG --log-level DEBUG --log-prefix "directconnec (output):"

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x202 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x702 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto directconnect -j MARK --set-mark 0x302

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x302 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto directconnect -j MARK --set-mark 0x402

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x402 -j RETURN

##END DC

##FASTTRACK

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto fasttrack -j MARK --set-mark 0x101

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x101 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto fasttrack -j MARK --set-mark 0x201

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x201 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto fasttrack -j MARK --set-mark 0x301

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x301 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto fasttrack -j MARK --set-mark 0x401

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x401 -j RETURN

##END FASTTRACK

##GNUTELLA

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto gnutella -j MARK --set-mark 0x103

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x103 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto gnutella -j MARK --set-mark 0x203

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x203 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto gnutella -j MARK --set-mark 0x303

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x303 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto gnutella -j MARK --set-mark 0x403

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x403 -j RETURN

#END GNUTELLA

##BITTORRENT

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto bittorrent -j MARK --set-mark 0x104

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x104 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto bittorrent -j MARK --set-mark 0x204

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x204 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto bittorrent -j MARK --set-mark 0x304

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x304 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto bittorrent -j MARK --set-mark 0x404

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x404 -j RETURN

##END BITTORRENT

##OPENTFT

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto openft -j MARK --set-mark 0x105

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x105 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto openft -j MARK --set-mark 0x205

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x205 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto openft -j MARK --set-mark 0x305

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x305 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto openft -j MARK --set-mark 0x405

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x405 -j RETURN

#END OPENFT

##EDONKEY

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p TCP --sport 4200:4700 -m layer7 --l7proto edonkey -j MARK --set-mark 0x106

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x106 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p TCP --dport 4200:4700 -m layer7 --l7proto edonkey -j MARK --set-mark 0x206

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x206 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p TCP --sport 4200:4700 -m layer7 --l7proto edonkey -j MARK --set-mark 0x306

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x306 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p TCP --dport 4200:4700 -m layer7 --l7proto edonkey -j MARK --set-mark 0x406

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x406 -j RETURN

##END EDONKEY

##SMTP

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto smtp -j MARK --set-mark 0x107

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x107 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto smtp -j MARK --set-mark 0x207

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x207 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto smtp -j MARK --set-mark 0x307

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x307 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto smtp -j MARK --set-mark 0x407

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x407 -j RETURN

##END SMTP

##POP3

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto pop3 -j MARK --set-mark 0x108

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x108 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto pop3 -j MARK --set-mark 0x208

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x208 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto pop3 -j MARK --set-mark 0x308

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x308 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto pop3 -j MARK --set-mark 0x408

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x408 -j RETURN

##END POP3

##IMAP

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto imap -j MARK --set-mark 0x109

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x109 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto imap -j MARK --set-mark 0x209

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x209 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto imap -j MARK --set-mark 0x309

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x309 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto imap -j MARK --set-mark 0x409

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x409 -j RETURN

##END IMAP

##FTP

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto ftp -j MARK --set-mark 0x110

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x110 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto ftp -j MARK --set-mark 0x210

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x210 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto ftp -j MARK --set-mark 0x310

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x310 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto ftp -j MARK --set-mark 0x410

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x410 -j RETURN 

##END FTP

##HTTP

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto http -j MARK --set-mark 0x111

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x111 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto http -j MARK --set-mark 0x211

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x211 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto http -j MARK --set-mark 0x311

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x311 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto http -j MARK --set-mark 0x411

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x411 -j RETURN 

#END HTTP

##JABBER

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto jabber -j MARK --set-mark 0x112

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x112 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto jabber -j MARK --set-mark 0x212

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x212 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto jabber -j MARK --set-mark 0x312

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x312 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto jabber -j MARK --set-mark 0x412

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x412 -j RETURN 

##END JABBER

##SMB

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto smb -j MARK --set-mark 0x113

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x113 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto smb -j MARK --set-mark 0x213

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x213 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto smb -j MARK --set-mark 0x313

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x313 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto smb -j MARK --set-mark 0x413

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x413 -j RETURN 

##END SMB

##SSH

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto ssh -j MARK --set-mark 0x114

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x114 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto ssh -j MARK --set-mark 0x214

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x214 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto ssh -j MARK --set-mark 0x314

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x314 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto ssh -j MARK --set-mark 0x414

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x414 -j RETURN 

##END SSH

##SSL

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m layer7 --l7proto validcertssl -j MARK --set-mark 0x115

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x115 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m layer7 --l7proto validcertssl -j MARK --set-mark 0x215

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x215 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m layer7 --l7proto validcertssl -j MARK --set-mark 0x315

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x315 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m layer7 --l7proto validcertssl -j MARK --set-mark 0x415

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x415 -j RETURN 

##END SSL

##HLDS

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p tcp --sport 27015 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p udp --sport 27015 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p tcp --sport 27016 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p udp --sport 27016 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p tcp --sport 27005 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p udp --sport 27005 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p tcp --dport 27015 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p udp --dport 27015 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p tcp --dport 27016 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p udp --dport 27016 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p tcp --dport 27005 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p udp --dport 27005 -j MARK --set-mark 0x116

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x116 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p tcp --sport 27015 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p udp --sport 27015 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p tcp --sport 27016 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p udp --sport 27016 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p tcp --sport 27005 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p udp --sport 27005 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p tcp --dport 27015 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p udp --dport 27015 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p tcp --dport 27016 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p udp --dport 27016 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p tcp --dport 27005 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p udp --dport 27005 -j MARK --set-mark 0x216

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x216 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p tcp --sport 27015 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p udp --sport 27015 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p tcp --sport 27016 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p udp --sport 27016 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p tcp --sport 27005 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p udp --sport 27005 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p tcp --dport 27015 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p udp --dport 27015 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p tcp --dport 27016 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p udp --dport 27016 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p tcp --dport 27005 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p udp --dport 27005 -j MARK --set-mark 0x316

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x316 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --sport 27015 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p udp --sport 27015 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --sport 27016 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p udp --sport 27016 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --sport 27005 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p udp --sport 27005 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --dport 27015 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p udp --dport 27015 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --dport 27016 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p udp --dport 27016 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --dport 27005 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p udp --dport 27005 -j MARK --set-mark 0x416

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x416 -j RETURN

##END HLDS

##CCXSTREAM

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p tcp --sport 1400 -j MARK --set-mark 0x117

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p tcp --dport 1400 -j MARK --set-mark 0x117

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p udp --sport 1400 -j MARK --set-mark 0x117

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p udp --dport 1400 -j MARK --set-mark 0x117

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x117 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p tcp --sport 1400 -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p tcp --dport 1400 -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p udp --sport 1400 -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p udp --dport 1400 -j MARK --set-mark 0x217

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x217 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p tcp --sport 1400 -j MARK --set-mark 0x317

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p tcp --dport 1400 -j MARK --set-mark 0x317

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p udp --sport 1400 -j MARK --set-mark 0x317

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p udp --dport 1400 -j MARK --set-mark 0x317

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x317 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --sport 1400 -j MARK --set-mark 0x417

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp --dport 1400 -j MARK --set-mark 0x417

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p udp --sport 1400 -j MARK --set-mark 0x417

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p udp --dport 1400 -j MARK --set-mark 0x417

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x417 -j RETURN

##END CCXSTREAM

##ICMP

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -p icmp -j MARK --set-mark 0x118

$IPTABLES -t mangle -A PREROUTING -i $WIFI_IFACE -m mark --mark 0x117 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -p icmp -j MARK --set-mark 0x218

$IPTABLES -t mangle -A POSTROUTING -o $WIFI_IFACE -m mark --mark 0x217 -j RETURN

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -p icmp -j MARK --set-mark 0x318

$IPTABLES -t mangle -A PREROUTING -i $INET_IFACE -m mark --mark 0x317 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p icmp -j MARK --set-mark 0x418

$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -m mark --mark 0x417 -j RETURN

##END ICMP

#Classes

tc qdisc add dev $WIFI_IFACE root handle 1: htb default 50

tc class add dev $WIFI_IFACE parent 1: classid 1:1 htb rate 9Mbit burst 6k

tc class add dev $WIFI_IFACE parent 1:1 classid 1:10 htb rate 9Mbit burst 6k prio 1

tc class add dev $WIFI_IFACE parent 1:1 classid 1:20 htb rate  8Mbit burst 6k prio 2

tc class add dev $WIFI_IFACE parent 1:1 classid 1:30 htb rate  8Mbit burst 6k prio 3

tc class add dev $WIFI_IFACE parent 1:1 classid 1:40 htb rate  7Mbit burst 6k prio 4

tc class add dev $WIFI_IFACE parent 1:1 classid 1:50 htb rate  7Mbit burst 6k prio 5

tc class add dev $WIFI_IFACE parent 1:1 classid 1:60 htb rate  7Mbit burst 6k prio 6

tc class add dev $WIFI_IFACE parent 1:1 classid 1:70 htb rate  6Mbit burst 6k prio 7

tc class add dev $WIFI_IFACE parent 1:1 classid 1:80 htb rate  6Mbit burst 6k prio 8

tc qdisc add dev $WIFI_IFACE parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev $WIFI_IFACE parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev $WIFI_IFACE parent 1:30 handle 30: sfq perturb 10

tc qdisc add dev $WIFI_IFACE parent 1:40 handle 40: sfq perturb 10

tc qdisc add dev $WIFI_IFACE parent 1:50 handle 50: sfq perturb 10

tc qdisc add dev $WIFI_IFACE parent 1:60 handle 60: sfq perturb 10

tc qdisc add dev $WIFI_IFACE parent 1:70 handle 70: sfq perturb 10

tc qdisc add dev $WIFI_IFACE parent 1:80 handle 80: sfq perturb 10

tc qdisc add dev $INET_IFACE root handle 2: htb default 50

tc class add dev $INET_IFACE parent 2: classid 2:1 htb rate 90Mbit burst 6k

tc class add dev $INET_IFACE parent 2:1 classid 2:10 htb rate 90Mbit burst 6k prio 1

tc class add dev $INET_IFACE parent 2:1 classid 2:20 htb rate  90Mbit burst 6k prio 2

tc class add dev $INET_IFACE parent 2:1 classid 2:30 htb rate  90Mbit burst 6k prio 3

tc class add dev $INET_IFACE parent 2:1 classid 2:40 htb rate  90Mbit burst 6k prio 4

tc class add dev $INET_IFACE parent 2:1 classid 2:50 htb rate  90Mbit burst 6k prio 5

tc class add dev $INET_IFACE parent 2:1 classid 2:60 htb rate  90Mbit burst 6k prio 6

tc class add dev $INET_IFACE parent 2:1 classid 2:70 htb rate  90Mbit burst 6k prio 7

tc class add dev $INET_IFACE parent 2:1 classid 2:80 htb rate  90Mbit burst 6k prio 8

tc qdisc add dev $INET_IFACE parent 2:10 handle 10: sfq perturb 10

tc qdisc add dev $INET_IFACE parent 2:20 handle 20: sfq perturb 10

tc qdisc add dev $INET_IFACE parent 2:30 handle 30: sfq perturb 10

tc qdisc add dev $INET_IFACE parent 2:40 handle 40: sfq perturb 10

tc qdisc add dev $INET_IFACE parent 2:50 handle 50: sfq perturb 10

tc qdisc add dev $INET_IFACE parent 2:60 handle 60: sfq perturb 10

tc qdisc add dev $INET_IFACE parent 2:70 handle 70: sfq perturb 10

tc qdisc add dev $INET_IFACE parent 2:80 handle 80: sfq perturb 10

##Classifying network stream

#HLDS

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x116 fw classid 1:10

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x216 fw classid 1:10

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x316 fw classid 2:10

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x416 fw classid 2:10

###END HLDS

#ICMP

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x118 fw classid 1:20

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x218 fw classid 1:20

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x318 fw classid 2:20

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x418 fw classid 2:20

##END ICMP

#MAIL - 107 108 109

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x107 fw classid 1:30

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x207 fw classid 1:30

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x307 fw classid 2:30

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x407 fw classid 2:30

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x108 fw classid 1:30

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x208 fw classid 1:30

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x308 fw classid 2:30

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x408 fw classid 2:30

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x109 fw classid 1:30

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x209 fw classid 1:30

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x309 fw classid 2:30

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x409 fw classid 2:30

##END MAIL

##SSH

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x114 fw classid 1:40

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x214 fw classid 1:40

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x314 fw classid 2:40

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x414 fw classid 2:40

##END SSH

##FTP, HTTP, SSL

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x115 fw classid 1:60

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x215 fw classid 1:60

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x315 fw classid 2:60

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x415 fw classid 2:60

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x111 fw classid 1:60

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x211 fw classid 1:60

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x311 fw classid 2:60

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x411 fw classid 2:60

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x110 fw classid 1:60

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x210 fw classid 1:60

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x310 fw classid 2:60

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x410 fw classid 2:60

##END FTP, HTTP, SSL

##SAMBA, CCXSTREAM

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x117 fw classid 1:70

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x217 fw classid 1:70

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x317 fw classid 2:70

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x417 fw classid 2:70

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x113 fw classid 1:70

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x213 fw classid 1:70

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x313 fw classid 2:70

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x413 fw classid 2:70

##END SAMBA, CCXSTREAM

##P2P

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x102 fw classid 1:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x202 fw classid 1:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x302 fw classid 2:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x402 fw classid 2:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x101 fw classid 1:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x201 fw classid 1:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x301 fw classid 2:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x401 fw classid 2:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x103 fw classid 1:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x203 fw classid 1:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x303 fw classid 2:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x403 fw classid 2:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x104 fw classid 1:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x204 fw classid 1:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x304 fw classid 2:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x404 fw classid 2:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x105 fw classid 1:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x205 fw classid 1:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x305 fw classid 2:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x405 fw classid 2:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x106 fw classid 1:80

tc filter add dev $WIFI_IFACE parent 1:0 protocol ip handle 0x206 fw classid 1:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x306 fw classid 2:80

tc filter add dev $INET_IFACE parent 2:0 protocol ip handle 0x406 fw classid 2:80

##END P2P

```

All traffic gets assigned to the default class 1:50 and 2:50

Here is the output of iptables -t mangle -L -n -v -x:

```
Chain PREROUTING (policy ACCEPT 33534569 packets, 5086715259 bytes)

    pkts      bytes target     prot opt in     out     source               destination

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto directconnect MARK set 0x102

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp spts:!5444:5453 dpts:!5444:5453 MARK match 0x102 MARK set 0x602

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           multiport sports 411,412,4012 MARK match 0x602 MARK set 0x102

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           multiport dports 411,412,4012 MARK match 0x602 MARK set 0x102

       0        0 LOG        all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x602 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `directconnect (input): '

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x102

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x602

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto directconnect MARK set 0x302

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x302

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto fasttrack MARK set 0x101

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x101

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto fasttrack MARK set 0x301

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x301

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto gnutella MARK set 0x103

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x103

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto gnutella MARK set 0x303

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x303

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto bittorrent MARK set 0x104

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x104

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto bittorrent MARK set 0x304

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x304

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto openft MARK set 0x105

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x105

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto openft MARK set 0x305

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x305

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp spts:4200:4700 LAYER7 l7proto edonkey MARK set 0x106

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x106

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spts:4200:4700 LAYER7 l7proto edonkey MARK set 0x306

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x306

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto smtp MARK set 0x107

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x107

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto smtp MARK set 0x307

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x307

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto pop3 MARK set 0x108

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x108

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto pop3 MARK set 0x308

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x308

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto imap MARK set 0x109

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x109

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto imap MARK set 0x309

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x309

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ftp MARK set 0x110

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x110

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ftp MARK set 0x310

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x310

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto http MARK set 0x111

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x111

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto http MARK set 0x311

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x311

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto jabber MARK set 0x112

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x112

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto jabber MARK set 0x312

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x312

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto smb MARK set 0x113

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x113

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto smb MARK set 0x313

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x313

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x114

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x114

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x314

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x314

       0        0 MARK       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto validcertssl MARK set 0x115

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x115

       0        0 MARK       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto validcertssl MARK set 0x315

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x315

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp spt:27015 MARK set 0x116

       0        0 MARK       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp spt:27015 MARK set 0x116

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp spt:27016 MARK set 0x116

       0        0 MARK       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp spt:27016 MARK set 0x116

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp spt:27005 MARK set 0x116

       0        0 MARK       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp spt:27005 MARK set 0x116

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:27015 MARK set 0x116

       0        0 MARK       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp dpt:27015 MARK set 0x116

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:27016 MARK set 0x116

       0        0 MARK       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp dpt:27016 MARK set 0x116

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:27005 MARK set 0x116

       0        0 MARK       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp dpt:27005 MARK set 0x116

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x116

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spt:27015 MARK set 0x316

       0        0 MARK       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spt:27015 MARK set 0x316

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spt:27016 MARK set 0x316

       0        0 MARK       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spt:27016 MARK set 0x316

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spt:27005 MARK set 0x316

       0        0 MARK       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spt:27005 MARK set 0x316

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:27015 MARK set 0x316

       0        0 MARK       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:27015 MARK set 0x316

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:27016 MARK set 0x316

       0        0 MARK       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:27016 MARK set 0x316

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:27005 MARK set 0x316

       0        0 MARK       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:27005 MARK set 0x316

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x316

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp spt:1400 MARK set 0x117

       0        0 MARK       tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1400 MARK set 0x117

       0        0 MARK       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp spt:1400 MARK set 0x117

       0        0 MARK       udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1400 MARK set 0x117

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x117

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spt:1400 MARK set 0x317

       0        0 MARK       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1400 MARK set 0x317

       0        0 MARK       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spt:1400 MARK set 0x317

       0        0 MARK       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1400 MARK set 0x317

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x317

       0        0 MARK       icmp --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK set 0x118

       0        0 RETURN     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x117

       0        0 MARK       icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK set 0x318

       0        0 RETURN     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           MARK match 0x317

Chain INPUT (policy ACCEPT 10147124 packets, 2972921848 bytes)

    pkts      bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 23388743 packets, 2113852735 bytes)

    pkts      bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 13387965 packets, 16432385100 bytes)

    pkts      bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 36775756 packets, 18546110076 bytes)

    pkts      bytes target     prot opt in     out     source               destination

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto directconnect MARK set 0x202

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp spts:!5444:5453 dpts:!5444:5453 MARK match 0x112 MARK set 0x702

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           multiport sports 411,412,4012 MARK match 0x702 MARK set 0x202

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           multiport dports 411,412,4012 MARK match 0x702 MARK set 0x202

       0        0 LOG        all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x702 limit: avg 3/min burst 3 LOG flags 0 level 7 prefix `directconnec (output):'

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x202

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x702

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto directconnect MARK set 0x402

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x402

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto fasttrack MARK set 0x201

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x201

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto fasttrack MARK set 0x401

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x401

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto gnutella MARK set 0x203

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x203

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto gnutella MARK set 0x403

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x403

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto bittorrent MARK set 0x204

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x204

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto bittorrent MARK set 0x404

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x404

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto openft MARK set 0x205

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x205

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto openft MARK set 0x405

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x405

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp dpts:4200:4700 LAYER7 l7proto edonkey MARK set 0x206

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x206

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpts:4200:4700 LAYER7 l7proto edonkey MARK set 0x406

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x406

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto smtp MARK set 0x207

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x207

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto smtp MARK set 0x407

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x407

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto pop3 MARK set 0x208

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x208

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto pop3 MARK set 0x408

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x408

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto imap MARK set 0x209

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x209

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto imap MARK set 0x409

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x409

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ftp MARK set 0x210

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x210

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ftp MARK set 0x410

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x410

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto http MARK set 0x211

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x211

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto http MARK set 0x411

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x411

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto jabber MARK set 0x212

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x212

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto jabber MARK set 0x412

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x412

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto smb MARK set 0x213

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x213

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto smb MARK set 0x413

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x413

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x214

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x214

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x414

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x414

       0        0 MARK       all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto validcertssl MARK set 0x215

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x215

       0        0 MARK       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto validcertssl MARK set 0x415

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x415

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp spt:27015 MARK set 0x216

       0        0 MARK       udp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           udp spt:27015 MARK set 0x216

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp spt:27016 MARK set 0x216

       0        0 MARK       udp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           udp spt:27016 MARK set 0x216

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp spt:27005 MARK set 0x216

       0        0 MARK       udp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           udp spt:27005 MARK set 0x216

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp dpt:27015 MARK set 0x216

       0        0 MARK       udp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           udp dpt:27015 MARK set 0x216

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp dpt:27016 MARK set 0x216

       0        0 MARK       udp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           udp dpt:27016 MARK set 0x216

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp dpt:27005 MARK set 0x216

       0        0 MARK       udp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           udp dpt:27005 MARK set 0x216

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x216

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:27015 MARK set 0x416

       0        0 MARK       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp spt:27015 MARK set 0x416

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:27016 MARK set 0x416

       0        0 MARK       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp spt:27016 MARK set 0x416

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:27005 MARK set 0x416

       0        0 MARK       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp spt:27005 MARK set 0x416

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpt:27015 MARK set 0x416

       0        0 MARK       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp dpt:27015 MARK set 0x416

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpt:27016 MARK set 0x416

       0        0 MARK       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp dpt:27016 MARK set 0x416

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpt:27005 MARK set 0x416

       0        0 MARK       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp dpt:27005 MARK set 0x416

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x416

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp spt:1400 MARK set 0x217

       0        0 MARK       tcp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           tcp dpt:1400 MARK set 0x217

       0        0 MARK       udp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           udp spt:1400 MARK set 0x217

       0        0 MARK       udp  --  *      eth1    0.0.0.0/0            0.0.0.0/0           udp dpt:1400 MARK set 0x217

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x217

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp spt:1400 MARK set 0x417

       0        0 MARK       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           tcp dpt:1400 MARK set 0x417

       0        0 MARK       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp spt:1400 MARK set 0x417

       0        0 MARK       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0           udp dpt:1400 MARK set 0x417

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x417

       0        0 MARK       icmp --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK set 0x218

       0        0 RETURN     all  --  *      eth1    0.0.0.0/0            0.0.0.0/0           MARK match 0x217

       0        0 MARK       icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK set 0x418

       0        0 RETURN     all  --  *      eth0    0.0.0.0/0            0.0.0.0/0           MARK match 0x417

```

I'm not sure exactly what this output says but I guess it lists the rules set (which seem fine) and the traffic at each rule. This is the problem it is 0.

Here is an output of the tc traffic:

[code]

 15:19:58 up 1 day,  4:36,  2 users,  load average: 0.00, 0.00, 0.00

                                          Interval    Cumulated Total

Dev  Classid   Tokens   Ctokens Rate      Speed       Send      Send

-------------------------------------------------------------------------

eth1 1:1       4267     1155    204.45KB  23.10KB/s   618.18KB  204.34MB

eth1 1:10      5592     2480    0B        0B/s        0B        0B

eth1 1:20      6291     2662    0B        0B/s        0B        0B

eth1 1:30      6291     2662    0B        0B/s        0B        0B

eth1 1:40      7189     2895    0B        0B/s        0B        0B

eth1 1:50      5486     1192    197.30KB  23.10KB/s   618.18KB  204.34MB

eth1 1:60      7189     2895    0B        0B/s        0B        0B

eth1 1:70      8388     3208    0B        0B/s        0B        0B

eth1 1:80      8388     3208    0B        0B/s        0B        0B

eth0 2:1       555      1165    8.48KB    675B/s      24.61KB   29.99MB

eth0 2:10      559      1169    0B        0B/s        0B        0B

eth0 2:20      559      1169    0B        0B/s        0B        0B

eth0 2:30      559      1169    0B        0B/s        0B        0B

eth0 2:40      559      1169    0B        0B/s        0B        0B

eth0 2:50      555      1165    8.49KB    675B/s      24.61KB   29.99MB

eth0 2:60      559      1169    0B        0B/s        0B        0B

eth0 2:70      559      1169    0B        0B/s        0B        0B

eth0 2:80      559      1169    0B        0B/s        0B        0B

[code]

This is when I'm streaming music to my xbox via my ccxstream server on the same machine that has the rules...

Anyone that can see the problem?

----------

## kaksi

It seem like the bridge is the problem. Cause when I set the interface to be br0 on the iptables parts it works... Hmmm so iptables can not see of the package belongs to eth1 or eth0 when they are bridges as br0 but tc can...

----------

## kaksi

I seem to have problem with l7-filter. I have emerged l7-filter and l7-protocol and iptables with l7-support.

But I still can not get any result from it. I have this code to mark ssh packages:

```

$IPTABLES -t mangle -A PREROUTING -m layer7 --l7proto ssh -j MARK --set-mark 0x114

$IPTABLES -t mangle -A PREROUTING -m mark --mark 0x114 -j RETURN

$IPTABLES -t mangle -A INPUT -m layer7 --l7proto ssh -j MARK --set-mark 0x114

$IPTABLES -t mangle -A INPUT -m mark --mark 0x114 -j RETURN

$IPTABLES -t mangle -A OUTPUT -m layer7 --l7proto ssh -j MARK --set-mark 0x114

$IPTABLES -t mangle -A OUTPUT -m mark --mark 0x114 -j RETURN

$IPTABLES -t mangle -A FORWARD -m layer7 --l7proto ssh -j MARK --set-mark 0x114

$IPTABLES -t mangle -A FORWARD -m mark --mark 0x114 -j RETURN

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto ssh -j MARK --set-mark 0x214

$IPTABLES -t mangle -A POSTROUTING -m mark --mark 0x214 -j RETURN

```

This should mark ssh packages whatever they come from... But the output of iptables:

```

iptables -t mangle -L -n -v -x | grep ssh

       0        0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x114

       0        0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x114

       0        0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x114

       0        0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x114

       0        0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto ssh MARK set 0x214

```

What could be the problem?

----------

## ranmakun

 *tnt wrote:*   

> 
> 
> I hope you'll find your way in all this mess. 
> 
> If you get stucked, do not hesitate to ask!

 

Aha!!, so you were keeping the best part just for yourself, you greedy bastard!!  :Wink: 

This is great, I don't have the time to see it right now, but it will be very useful, thank you very much!

----------

## tnt

You're all welcome!  :Wink: 

----------

## kaksi

tnt: Can you post the scripts that generate the graphs aswell?

----------

## tnt

It's little bit messed up, and too long for one post:

```
#!/usr/bin/perl

#

use RRDs;

# define location of rrdtool databases

my $rrd = '/var/lib/rrd';

# define location of images

my $img = '/var/www/localhost/htdocs/monitor/graphs';

my $hight = '200';

my $big = '240';

my $width = '1000';

my $s_hight = '150';

my $s_big = '180';

my $s_width = '500';

&CreateGraph1("system-5min", "day", "Temperatures on Titan");

&CreateGraph1("system-5min", "week", "Temperatures on Titan");

&CreateGraph1("system-5min", "month", "Temperatures on Titan");

&CreateGraph1("system-5min", "year", "Temperatures on Titan");

&CreateGraph1("system-5min", "0years", "Temperatures on Titan");

sub CreateGraph1

{

        RRDs::graph "$img/system.temperatures-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $hight, "-w", $width,

#                "-l 0",

                "-Y",

                "-M",

                "-a", "PNG",

                "-v Celcius",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:systemp=$rrd/$_[0].rrd:temp_sys:AVERAGE",

                "DEF:cputemp=$rrd/$_[0].rrd:temp_cpu:AVERAGE",

                "CDEF:systemp_over=systemp,UN,UNKN,systemp,42,GT,systemp,systemp,2,-,20,200,LIMIT,IF,IF",

                "CDEF:cputemp_over=cputemp,UN,UNKN,cputemp,35,GT,cputemp,cputemp,2,-,20,200,LIMIT,IF,IF",

                "CDEF:systemp_good=systemp,UN,UNKN,systemp,42,GT,42,systemp,IF,IF",

                "CDEF:cputemp_good=cputemp,UN,UNKN,cputemp,35,GT,35,cputemp,IF,IF",

                "AREA:systemp_over#397563",

                "LINE1:systemp_over#3CB18E",

                "AREA:systemp_good#346370:System",

                "LINE1:systemp_good#22AAD1",

                "GPRINT:systemp:MAX:  Max\\: %5.1lf %s",

                "GPRINT:systemp:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:systemp:LAST: Current\\: %5.1lf %S\Celsius\\n",

                "AREA:cputemp_over#A7343B",

                "LINE1:cputemp_over#EC4954",

                "AREA:cputemp_good#7C5B57:CPU   ",

                "LINE1:cputemp_good#CC958F",

                "GPRINT:cputemp:MAX:  Max\\: %5.1lf %S",

                "GPRINT:cputemp:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:cputemp:LAST: Current\\: %5.1lf %SCelsius",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph2("system-5min", "day", "Disk temperatures on Titan");

&CreateGraph2("system-5min", "week", "Disk temperatures on Titan");

&CreateGraph2("system-5min", "month", "Disk temperatures on Titan");

&CreateGraph2("system-5min", "year", "Disk temperatures on Titan");

&CreateGraph2("system-5min", "0years", "Disk temperatures on Titan");

sub CreateGraph2

{

        RRDs::graph "$img/system.disk-temps-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

#                "-l 0",

                "-Y",

                "-M",

                "-a", "PNG",

                "-v Celcius",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:sda=$rrd/$_[0].rrd:temp_sda:AVERAGE",

                "DEF:sdb=$rrd/$_[0].rrd:temp_sdb:AVERAGE",

                "DEF:sdc=$rrd/$_[0].rrd:temp_sdc:AVERAGE",

                "DEF:sdd=$rrd/$_[0].rrd:temp_sdd:AVERAGE",

                "LINE2:sda#3CB18E:sda",

                "LINE1:sda#397563",

                "GPRINT:sda:MAX:  Max\\: %5.1lf",

                "GPRINT:sda:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:sda:LAST: Current\\: %5.1lf Celsius\\n",

                "LINE2:sdb#22AAD1:sdb",

                "LINE1:sdb#346370",

                "GPRINT:sdb:MAX:  Max\\: %5.1lf",

                "GPRINT:sdb:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:sdb:LAST: Current\\: %5.1lf Celsius\\n",

                "LINE2:sdc#CC958F:sdc",

                "LINE1:sdc#7C5B57",

                "GPRINT:sdc:MAX:  Max\\: %5.1lf",

                "GPRINT:sdc:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:sdc:LAST: Current\\: %5.1lf Celsius\\n",

                "LINE2:sdd#A97EB0:sdd",

                "LINE1:sdd#715A6F",

                "GPRINT:sdd:MAX:  Max\\: %5.1lf",

                "GPRINT:sdd:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:sdd:LAST: Current\\: %5.1lf Celsius",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph3("system-5min", "day", "Memory usage on Titan");

&CreateGraph3("system-5min", "week", "Memory usage on Titan");

&CreateGraph3("system-5min", "month", "Memory usage on Titan");

&CreateGraph3("system-5min", "year", "Memory usage on Titan");

&CreateGraph3("system-5min", "0years", "Memory usage on Titan");

sub CreateGraph3

{

        RRDs::graph "$img/system.mem-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy",

                "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $hight, "-w", $width,

                "-l 0",

                "-Y",

#               "-M",

                "-a", "PNG",

                "-b 1024",

                "-v Bytes",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:mem_app=$rrd/$_[0].rrd:mem_app:AVERAGE",

                "DEF:mem_buffers=$rrd/$_[0].rrd:mem_buffers:AVERAGE",

                "DEF:mem_cache=$rrd/$_[0].rrd:mem_cache:AVERAGE",

                "DEF:mem_active=$rrd/system-temp.rrd:mem_active:AVERAGE",

                "DEF:mem_inactive=$rrd/system-temp.rrd:mem_inactive:AVERAGE",

                "CDEF:app=mem_app,1024,*",

                "CDEF:buffers=mem_buffers,1024,*",

                "CDEF:cache=mem_cache,1024,*",

                "CDEF:buffstack=app,buffers,+",

                "CDEF:total=app,buffers,+,cache,+",

                "CDEF:active=mem_active,1024,*",

                "CDEF:inactive=mem_inactive,1024,*",

                "AREA:total#346370:Cache      ",

                "GPRINT:cache:MAX:  Max\\: %5.1lf %s",

                "GPRINT:cache:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:cache:LAST: Current\\: %5.1lf %SB\\n",

                "AREA:buffstack#397563:Buffers    ",

                "LINE1:buffstack#3CB18E",

                "GPRINT:buffers:MAX:  Max\\: %5.1lf %s",

                "GPRINT:buffers:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:buffers:LAST: Current\\: %5.1lf %SB\\n",

                "AREA:app#7C5B57:Application",

                "LINE1:app#CC958F",

                "GPRINT:app:MAX:  Max\\: %5.1lf %s",

                "GPRINT:app:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:app:LAST: Current\\: %5.1lf %SB\\n",

                "LINE1:total#22AAD1:Total      ",

                "GPRINT:total:MAX:  Max\\: %5.1lf %S",

                "GPRINT:total:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:total:LAST: Current\\: %5.1lf %SB",

#                "AREA:active#FF000011:Active     ",

#                "GPRINT:active:MAX:  Max\\: %5.1lf %s",

#                "GPRINT:active:AVERAGE: Avg\\: %5.1lf %S",

#                "GPRINT:active:LAST: Current\\: %5.1lf %SB\\n",

#                "STACK:inactive#00FF0011:Inactive   ",

#                "GPRINT:inactive:MAX:  Max\\: %5.1lf %s",

#                "GPRINT:inactive:AVERAGE: Avg\\: %5.1lf %S",

#                "GPRINT:inactive:LAST: Current\\: %5.1lf %SB",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph4("system-5min", "day", "Swap usage on Titan");

&CreateGraph4("system-5min", "week", "Swap usage on Titan");

&CreateGraph4("system-5min", "month", "Swap usage on Titan");

&CreateGraph4("system-5min", "year", "Swap usage on Titan");

&CreateGraph4("system-5min", "0years", "Swap usage on Titan");

sub CreateGraph4

{

        RRDs::graph "$img/system.swap-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $hight, "-w", $width,

                "-l 0", "-b 1024",

                "-Y", "-M",

                "-a", "PNG",

                "-v Bytes",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:swap_cached=$rrd/$_[0].rrd:swap_cached:AVERAGE",

                "DEF:swap_total=$rrd/$_[0].rrd:swap_total:AVERAGE",

                "CDEF:cached=swap_cached,1024,*",

                "CDEF:total=swap_total,1024,*",

                "AREA:total#346370:Total ",

                "LINE1:total#22AAD1",

                "GPRINT:total:MAX:  Max\\: %5.1lf %S",

                "GPRINT:total:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:total:LAST: Current\\: %5.1lf %SB\\n",

                "AREA:cached#397563:Cached",

                "LINE1:cached#3CB18E",

                "GPRINT:cached:MAX:  Max\\: %5.1lf %s",

                "GPRINT:cached:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:cached:LAST: Current\\: %5.1lf %SB",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph5("system-5min", "day", "CPU usage on Titan");

&CreateGraph5("system-5min", "week", "CPU usage on Titan");

&CreateGraph5("system-5min", "month", "CPU usage on Titan");

&CreateGraph5("system-5min", "year", "CPU usage on Titan");

&CreateGraph5("system-5min", "0years", "CPU usage on Titan");

sub CreateGraph5

{

        RRDs::graph "$img/system.cpu0-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy",

                "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $hight, "-w", $width,

                "-l 0",

#                "-Y",

#               "-M",

#               "-u 100",

                "-r",

                "-a", "PNG",

                "-v %",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:user=$rrd/$_[0].rrd:cpu0_user:AVERAGE",

                "DEF:nice=$rrd/$_[0].rrd:cpu0_nice:AVERAGE",

                "DEF:system=$rrd/$_[0].rrd:cpu0_system:AVERAGE",

                "DEF:iowait=$rrd/$_[0].rrd:cpu0_iowait:AVERAGE",

                "DEF:irq=$rrd/$_[0].rrd:cpu0_irq:AVERAGE",

                "DEF:softirq=$rrd/$_[0].rrd:cpu0_softirq:AVERAGE",

                "CDEF:softirq_stack=softirq,irq,+",

                "CDEF:iowait_stack=softirq_stack,iowait,+",

                "CDEF:nice_stack=iowait_stack,nice,+",

                "CDEF:user_stack=nice_stack,user,+",

                "CDEF:system_stack=user_stack,system,+,100,MIN",

                "CDEF:total=system_stack",

                "AREA:system_stack#A7343B:system ",

                "LINE1:total#CA3F48",

                "GPRINT:system:MAX:  Max\\: %5.1lf",

                "GPRINT:system:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:system:LAST: Current\\: %5.1lf %%\\n",

                "AREA:user_stack#7C5B57:user   ",

                "LINE1:user_stack#CC958f",

                "GPRINT:user:MAX:  Max\\: %5.1lf",

                "GPRINT:user:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:user:LAST: Current\\: %5.1lf %%\\n",

                "AREA:nice_stack#346370:nice   ",

                "LINE1:nice_stack#22AAD1",

                "GPRINT:nice:MAX:  Max\\: %5.1lf",

                "GPRINT:nice:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:nice:LAST: Current\\: %5.1lf %%\\n",

                "AREA:iowait_stack#397563:iowait ",

                "LINE1:iowait_stack#3CB18E",

                "GPRINT:iowait:MAX:  Max\\: %5.1lf",

                "GPRINT:iowait:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:iowait:LAST: Current\\: %5.1lf %%\\n",

                "AREA:softirq_stack#5E7149:softirq",

                "LINE1:softirq_stack#71A43B",

                "GPRINT:softirq:MAX:  Max\\: %5.1lf",

                "GPRINT:softirq:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:softirq:LAST: Current\\: %5.1lf %%\\n",

                "AREA:irq#756339:irq    ",

                "LINE1:irq#B18E3C",

                "GPRINT:irq:MAX:  Max\\: %5.1lf",

                "GPRINT:irq:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:irq:LAST: Current\\: %5.1lf %%\\n",

                "HRULE:0#888888:total  ",

#                "LINE1:total#CA3F48:total  ",

                "GPRINT:total:MAX:  Max\\: %5.1lf",

                "GPRINT:total:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:total:LAST: Current\\: %5.1lf %%";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph6("system-5min", "day", "Swaped memory on Titan");

&CreateGraph6("system-5min", "week", "Swaped memory on Titan");

&CreateGraph6("system-5min", "month", "Swaped memory on Titan");

&CreateGraph6("system-5min", "year", "Swaped memory on Titan");

&CreateGraph6("system-5min", "0years", "Swaped memory on Titan");

sub CreateGraph6

{

        RRDs::graph "$img/system.swaped-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_big, "-w", $s_width,

                "-l 0",

                "-Y",

                "-M",

                "-a", "PNG",

                "-b 1024",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:swaped_in=$rrd/$_[0].rrd:swaped_in:AVERAGE",

                "DEF:swaped_out=$rrd/$_[0].rrd:swaped_out:AVERAGE",

                "CDEF:sin=swaped_in,4096,*",

                "CDEF:sout=swaped_out,-4096,*",

                "CDEF:sout_print=swaped_out,4096,*",

                "AREA:sin#7C5B57:swaped in ",

                "LINE1:sin#CC958F",

                "GPRINT:sin:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:sin:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:sin:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:sout#346370:swaped out",

                "LINE1:sout#22AAD1",

                "GPRINT:sout_print:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:sout_print:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:sout_print:LAST: Current\\: %5.1lf %sB/s",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph7("system-5min", "day", "eth0 (LAN) usage on Titan");

&CreateGraph7("system-5min", "week", "eth0 (LAN) usage on Titan");

&CreateGraph7("system-5min", "month", "eth0 (LAN) usage on Titan");

&CreateGraph7("system-5min", "year", "eth0 (LAN) usage on Titan");

&CreateGraph7("system-5min", "0years", "eth0 (LAN) usage on Titan");

sub CreateGraph7

{

        RRDs::graph "$img/system.eth0-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $big, "-w", $width,

                "-l 0",

#               "-Y",

                "-M",

                "-a", "PNG",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:eth0_in=$rrd/$_[0].rrd:eth0_in:AVERAGE",

                "DEF:eth0_out=$rrd/$_[0].rrd:eth0_out:AVERAGE",

                "CDEF:eth0_out_n=eth0_out,-1,*",

                "AREA:eth0_in#7C5B57:eth0 in ",

                "LINE1:eth0_in#CC958F",

                "GPRINT:eth0_in:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth0_in:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth0_in:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:eth0_out_n#346370:eth0 out",

                "LINE1:eth0_out_n#22AAD1",

                "GPRINT:eth0_out:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth0_out:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth0_out:LAST: Current\\: %5.1lf %sB/s",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph8("system-5min", "day", "Dirty memory on Titan");

&CreateGraph8("system-5min", "week", "Dirty memory on Titan");

&CreateGraph8("system-5min", "month", "Dirty memory on Titan");

&CreateGraph8("system-5min", "year", "Dirty memory on Titan");

&CreateGraph8("system-5min", "0years", "Dirty memory on Titan");

sub CreateGraph8

{

        RRDs::graph "$img/system.dirty-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0", "-b 1024",

                "-Y", "-M",

                "-a", "PNG",

                "-b 1024",

                "-v Bytes",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:dirty_pages=$rrd/$_[0].rrd:dirty_pages:AVERAGE",

                "CDEF:dirty=dirty_pages,4096,*",

                "AREA:dirty#397563:dirty:",

                "LINE1:dirty#3CB18E",

                "GPRINT:dirty:MAX:  Max\\: %5.1lf %S",

                "GPRINT:dirty:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:dirty:LAST: Current\\: %5.1lf %SB",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph9("system-5min", "day", "CPU load on Titan");

&CreateGraph9("system-5min", "week", "CPU load on Titan");

&CreateGraph9("system-5min", "month", "CPU load on Titan");

&CreateGraph9("system-5min", "year", "CPU load on Titan");

&CreateGraph9("system-5min", "0years", "CPU load on Titan");

sub CreateGraph9

{

        RRDs::graph "$img/system.load-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

                "-Y",

                "-M",

                "-a", "PNG",

                "-v processes",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:load=$rrd/$_[0].rrd:load:AVERAGE",

                "AREA:load#7C5B57:Load",

                "LINE1:load#CC958F",

                "GPRINT:load:MAX:  Max\\: %5.2lf",

                "GPRINT:load:AVERAGE: Avg\\: %5.2lf",

                "GPRINT:load:LAST: Current\\: %5.2lf processes",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph10("system-5min", "day", "CPU frequency on Titan");

&CreateGraph10("system-5min", "week", "CPU frequency on Titan");

&CreateGraph10("system-5min", "month", "CPU frequency on Titan");

&CreateGraph10("system-5min", "year", "CPU frequency on Titan");

&CreateGraph10("system-5min", "0years", "CPU frequency on Titan");

sub CreateGraph10

{

        RRDs::graph "$img/system.freq-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

                "-Y",

                "-u 100",

                "-r",

                "-a", "PNG",

                "-v %",

                "-c", "CANVAS#585858",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:t_1000=$rrd/$_[0].rrd:time_1000:AVERAGE",

                "DEF:t_1800=$rrd/$_[0].rrd:time_1800:AVERAGE",

                "CDEF:time_1000=100,t_1000,t_1000,t_1800,+,/,*",

                "CDEF:time_1800=100,t_1800,t_1000,t_1800,+,/,*",

                "AREA:time_1000#346370:Time at 1.0GHz",

                "GPRINT:time_1000:MAX:  Max\\: %5.1lf %s",

                "GPRINT:time_1000:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:time_1000:LAST: Current\\: %5.1lf %S%%\\n",

                "STACK:time_1800#7C5B57:Time at 1.8GHz",

                "GPRINT:time_1800:MAX:  Max\\: %5.1lf %s",

                "GPRINT:time_1800:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:time_1800:LAST: Current\\: %5.1lf %S%%",

                "LINE1:time_1000#CC958F",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph11("system-5min", "day", "Voltages on Titan");

&CreateGraph11("system-5min", "week", "Voltages on Titan");

&CreateGraph11("system-5min", "month", "Voltages on Titan");

&CreateGraph11("system-5min", "year", "Voltages on Titan");

&CreateGraph11("system-5min", "0years", "Voltages on Titan");

sub CreateGraph11

{

        RRDs::graph "$img/system.voltages1-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

#                "-l 0",

                "-Y",

#               "-r",

                "-a", "PNG",

                "-v Volts",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:cpu=$rrd/$_[0].rrd:voltage_cpu:AVERAGE",

                "DEF:ram=$rrd/$_[0].rrd:voltage_ram:AVERAGE",

                "LINE2:cpu#CC958F:CPU    ",

                "LINE1:cpu#7C5B57",

                "GPRINT:cpu:MAX:  Max\\: %5.2lf %S",

                "GPRINT:cpu:AVERAGE: Avg\\: %5.2lf %S",

                "GPRINT:cpu:LAST: Current\\: %5.2lf %SV\\n",

                "LINE2:ram#22AAD1:RAM    ",

                "LINE1:ram#346370",

                "GPRINT:ram:MAX:  Max\\: %5.2lf %S",

                "GPRINT:ram:AVERAGE: Avg\\: %5.2lf %S",

                "GPRINT:ram:LAST: Current\\: %5.2lf %SV",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph12("system-5min", "day", "Voltages on Titan");

&CreateGraph12("system-5min", "week", "Voltages on Titan");

&CreateGraph12("system-5min", "month", "Voltages on Titan");

&CreateGraph12("system-5min", "year", "Voltages on Titan");

&CreateGraph12("system-5min", "0years", "Voltages on Titan");

sub CreateGraph12

{

        RRDs::graph "$img/system.voltages2-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

#                "-l 0",

                "-M",

#               "-r",

                "-a", "PNG",

                "-v Volts",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:v33v=$rrd/$_[0].rrd:voltage_33v:AVERAGE",

                "DEF:v5v=$rrd/$_[0].rrd:voltage_5v:AVERAGE",

                "DEF:v12v=$rrd/$_[0].rrd:voltage_12v:AVERAGE",

                "DEF:bat=$rrd/$_[0].rrd:voltage_bat:AVERAGE",

                "LINE2:bat#A97EB0:Battery",

                "LINE1:bat#715A6F",

                "GPRINT:bat:MAX:  Max\\: %5.2lf %S",

                "GPRINT:bat:AVERAGE: Avg\\: %5.2lf %S",

                "GPRINT:bat:LAST: Current\\: %5.2lf %SV\\n",

                "LINE2:v33v#71A43B:3.3v   ",

                "LINE1:v33v#5E7149",

                "GPRINT:v33v:MAX:  Max\\: %5.2lf %S",

                "GPRINT:v33v:AVERAGE: Avg\\: %5.2lf %S",

                "GPRINT:v33v:LAST: Current\\: %5.2lf %SV\\n",

                "LINE2:v5v#3CB18E:5v     ",

                "LINE1:v5v#397563",

                "GPRINT:v5v:MAX:  Max\\: %5.2lf %S",

                "GPRINT:v5v:AVERAGE: Avg\\: %5.2lf %S",

                "GPRINT:v5v:LAST: Current\\: %5.2lf %SV\\n",

                "LINE2:v12v#22AAD1:12v    ",

                "LINE1:v12v#346370",

                "GPRINT:v12v:MAX:  Max\\: %5.2lf %S",

                "GPRINT:v12v:AVERAGE: Avg\\: %5.2lf %S",

                "GPRINT:v12v:LAST: Current\\: %5.2lf %SV",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph13("system-procs", "day", "Active processes on Titan");

&CreateGraph13("system-procs", "week", "Active processes on Titan");

&CreateGraph13("system-procs", "month", "Active processes on Titan");

&CreateGraph13("system-procs", "year", "Active processes on Titan");

&CreateGraph13("system-procs", "0years", "Active processes on Titan");

sub CreateGraph13

{

        RRDs::graph "$img/system.proc-active-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v processes",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:active=$rrd/$_[0].rrd:processes_active:AVERAGE",

                "AREA:active#397563:Active ",

                "LINE1:active#3CB18E",

                "GPRINT:active:MAX:  Max\\: %5.2lf %S",

                "GPRINT:active:AVERAGE: Avg\\: %5.2lf %S",

                "GPRINT:active:LAST: Current\\: %5.2lf %Sactive",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph14("system-procs", "day", "Processes on Titan");

&CreateGraph14("system-procs", "week", "Processes on Titan");

&CreateGraph14("system-procs", "month", "Processes on Titan");

&CreateGraph14("system-procs", "year", "Processes on Titan");

&CreateGraph14("system-procs", "0years", "Processes on Titan");

sub CreateGraph14

{

        RRDs::graph "$img/system.proc-total-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

#               "-Y",

                "-M",

                "-a", "PNG",

                "-v processes",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:total=$rrd/$_[0].rrd:processes_total:AVERAGE",

                "AREA:total#346370:Total ",

                "LINE1:total#22AAD1",

                "GPRINT:total:MAX:  Max\\: %5.1lf %S",

                "GPRINT:total:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:total:LAST: Current\\: %5.1lf %Sprocesses",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph15("system-5min", "day", "Uptime of Titan");

&CreateGraph15("system-5min", "week", "Uptime of Titan");

&CreateGraph15("system-5min", "month", "Uptime of Titan");

&CreateGraph15("system-5min", "year", "Uptime of Titan");

&CreateGraph15("system-5min", "0years", "Uptime of Titan");

sub CreateGraph15

{

        RRDs::graph "$img/system.uptime-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v days",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:upt=$rrd/$_[0].rrd:uptime:AVERAGE",

                "CDEF:uptime=upt,86400,/",

                "AREA:uptime#397563:Uptime",

                "LINE1:uptime#3CB18E",

                "GPRINT:uptime:MAX:  Max\\: %5.1lf",

                "GPRINT:uptime:AVERAGE: Avg\\: %5.1lf",

                "GPRINT:uptime:LAST: Current\\: %5.1lf days",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph16("system-5min", "day", "Fan Speeds on Titan");

&CreateGraph16("system-5min", "week", "Fan Speeds on Titan");

&CreateGraph16("system-5min", "month", "Fan Speeds on Titan");

&CreateGraph16("system-5min", "year", "Fan Speeds on Titan");

&CreateGraph16("system-5min", "0years", "Fan Speeds on Titan");

sub CreateGraph16

{

        RRDs::graph "$img/system.fans-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy",

                "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

                "-Y",

                "-r",

                "-a", "PNG",

                "-v rpm",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:fan1=$rrd/$_[0].rrd:fan1:AVERAGE",

                "DEF:fan2=$rrd/$_[0].rrd:fan2:AVERAGE",

                "DEF:fan3=$rrd/$_[0].rrd:fan3:AVERAGE",

                "LINE2:fan3#3CB18E:PSU fan   ",

                "LINE1:fan3#397563",

                "GPRINT:fan3:MAX:  Max\\: %5.0lf",

                "GPRINT:fan3:AVERAGE: Avg\\: %5.0lf",

                "GPRINT:fan3:LAST: Current\\: %5.0lf rpm\\n",

                "LINE2:fan2#22AAD1:System fan",

                "LINE1:fan2#346370",

                "GPRINT:fan2:MAX:  Max\\: %5.0lf",

                "GPRINT:fan2:AVERAGE: Avg\\: %5.0lf",

                "GPRINT:fan2:LAST: Current\\: %5.0lf rpm\\n",

                "LINE2:fan1#CC958F:CPU fan   ",

                "LINE1:fan1#7C5B57",

                "GPRINT:fan1:MAX:  Max\\: %5.0lf",

                "GPRINT:fan1:AVERAGE: Avg\\: %5.0lf",

                "GPRINT:fan1:LAST: Current\\: %5.0lf rpm",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph18("system-2h", "day", "Frequency transitions on Titan");

&CreateGraph18("system-2h", "week", "Frequency transitions on Titan");

&CreateGraph18("system-2h", "month", "Frequency transitions on Titan");

&CreateGraph18("system-2h", "year", "Frequency transitions on Titan");

&CreateGraph18("system-2h", "0years", "Frequency transitions on Titan");

sub CreateGraph18

{

        RRDs::graph "$img/system.freq_trans-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v transitions",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:freq_trans=$rrd/$_[0].rrd:freq_trans:AVERAGE",

                "CDEF:trans=freq_trans,3600,*",

                "AREA:trans#7C5B57:Transitions",

                "LINE1:trans#CC958F",

                "GPRINT:trans:MAX:  Max\\: %5.1lf %s",

                "GPRINT:trans:AVERAGE: Avg\\: %5.1lf %s",

                "GPRINT:trans:LAST: Current\\: %5.1lf %stras/hour",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph19("pings", "day", "Ping to BGWireless");

&CreateGraph19("pings", "week", "Ping to BGWireless");

&CreateGraph19("pings", "month", "Ping to BGWireless");

&CreateGraph19("pings", "year", "Ping to BGWireless");

&CreateGraph19("pings", "0years", "Ping to BGWireless");

sub CreateGraph19

{

        RRDs::graph "$img/ping.bgw-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $hight, "-w", $width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v s",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:bgw=$rrd/$_[0].rrd:ping_bgw:AVERAGE",

                "CDEF:ping=bgw,1000,/",

                "AREA:ping#346370:BGWireless",

                "LINE1:ping#22AAD1",

                "GPRINT:ping:MAX:  Max\\: %5.1lf %ss",

                "GPRINT:ping:AVERAGE: Avg\\: %5.1lf %ss",

                "GPRINT:ping:LAST: Current\\: %5.1lf %ss",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph20("pings", "day", "Ping to ISP");

&CreateGraph20("pings", "week", "Ping to ISP");

&CreateGraph20("pings", "month", "Ping to ISP");

&CreateGraph20("pings", "year", "Ping to ISP");

&CreateGraph20("pings", "0years", "Ping to ISP");

sub CreateGraph20

{

        RRDs::graph "$img/ping.isp-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v s",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:isp=$rrd/$_[0].rrd:ping_isp:AVERAGE",

                "CDEF:ping=isp,1000,/",

                "AREA:ping#346370:ISP",

                "LINE1:ping#22AAD1",

                "GPRINT:ping:MAX:  Max\\: %5.1lf %ss",

                "GPRINT:ping:AVERAGE: Avg\\: %5.1lf %ss",

                "GPRINT:ping:LAST: Current\\: %5.1lf %ss",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph21("pings", "day", "Ping to Google");

&CreateGraph21("pings", "week", "Ping to Google");

&CreateGraph21("pings", "month", "Ping to Google");

&CreateGraph21("pings", "year", "Ping to Google");

&CreateGraph21("pings", "0years", "Ping to Google");

sub CreateGraph21

{

        RRDs::graph "$img/ping.google-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v s",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:google=$rrd/$_[0].rrd:ping_google:AVERAGE",

                "CDEF:ping=google,1000,/",

                "AREA:ping#346370:Google",

                "LINE1:ping#22AAD1",

                "GPRINT:ping:MAX:  Max\\: %5.1lf %ss",

                "GPRINT:ping:AVERAGE: Avg\\: %5.1lf %ss",

                "GPRINT:ping:LAST: Current\\: %5.1lf %ss",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph17("system-5min", "day", "sda usage on Titan");

&CreateGraph17("system-5min", "week", "sda usage on Titan");

&CreateGraph17("system-5min", "month", "sda usage on Titan");

&CreateGraph17("system-5min", "year", "sda usage on Titan");

&CreateGraph17("system-5min", "0years", "sda usage on Titan");

sub CreateGraph17

{

        RRDs::graph "$img/system.sda-rw-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_big, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-b 1024",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:sda_read=$rrd/$_[0].rrd:sda_read:AVERAGE",

                "DEF:sda_write=$rrd/$_[0].rrd:sda_write:AVERAGE",

                "CDEF:read=sda_read,512,*",

                "CDEF:write=sda_write,512,*",

                "CDEF:write_n=write,-1,*",

                "AREA:read#7C5B57:sda read ",

                "LINE1:read#CC958F",

                "GPRINT:read:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:read:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:read:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:write_n#346370:sda write",

                "LINE1:write_n#22AAD1",

                "GPRINT:write:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:write:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:write:LAST: Current\\: %5.1lf %sB/s",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph22("system-5min", "day", "sdb usage on Titan");

&CreateGraph22("system-5min", "week", "sdb usage on Titan");

&CreateGraph22("system-5min", "month", "sdb usage on Titan");

&CreateGraph22("system-5min", "year", "sdb usage on Titan");

&CreateGraph22("system-5min", "0years", "sdb usage on Titan");

sub CreateGraph22

{

        RRDs::graph "$img/system.sdb-rw-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_big, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-b 1024",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:sdb_read=$rrd/$_[0].rrd:sdb_read:AVERAGE",

                "DEF:sdb_write=$rrd/$_[0].rrd:sdb_write:AVERAGE",

                "CDEF:read=sdb_read,512,*",

                "CDEF:write=sdb_write,512,*",

                "CDEF:write_n=write,-1,*",

                "AREA:read#7C5B57:sdb read ",

                "LINE1:read#CC958F",

                "GPRINT:read:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:read:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:read:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:write_n#346370:sdb write",

                "LINE1:write_n#22AAD1",

                "GPRINT:write:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:write:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:write:LAST: Current\\: %5.1lf %sB/s",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph23("system-5min", "day", "sdc usage on Titan");

&CreateGraph23("system-5min", "week", "sdc usage on Titan");

&CreateGraph23("system-5min", "month", "sdc usage on Titan");

&CreateGraph23("system-5min", "year", "sdc usage on Titan");

&CreateGraph23("system-5min", "0years", "sdc usage on Titan");

sub CreateGraph23

{

        RRDs::graph "$img/system.sdc-rw-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_big, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-b 1024",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:sdc_read=$rrd/$_[0].rrd:sdc_read:AVERAGE",

                "DEF:sdc_write=$rrd/$_[0].rrd:sdc_write:AVERAGE",

                "CDEF:read=sdc_read,512,*",

                "CDEF:write=sdc_write,512,*",

                "CDEF:write_n=write,-1,*",

                "AREA:read#7C5B57:sdc read ",

                "LINE1:read#CC958F",

                "GPRINT:read:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:read:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:read:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:write_n#346370:sdc write",

                "LINE1:write_n#22AAD1",

                "GPRINT:write:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:write:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:write:LAST: Current\\: %5.1lf %sB/s",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

```

----------

## tnt

Still first script, part 2:

```

&CreateGraph24("system-5min", "day", "sdd usage on Titan");

&CreateGraph24("system-5min", "week", "sdd usage on Titan");

&CreateGraph24("system-5min", "month", "sdd usage on Titan");

&CreateGraph24("system-5min", "year", "sdd usage on Titan");

&CreateGraph24("system-5min", "0years", "sdd usage on Titan");

sub CreateGraph24

{

        RRDs::graph "$img/system.sdd-rw-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_big, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-b 1024",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:sdd_read=$rrd/$_[0].rrd:sdd_read:AVERAGE",

                "DEF:sdd_write=$rrd/$_[0].rrd:sdd_write:AVERAGE",

                "CDEF:read=sdd_read,512,*",

                "CDEF:write=sdd_write,512,*",

                "CDEF:write_n=write,-1,*",

                "AREA:read#7C5B57:sdd read ",

                "LINE1:read#CC958F",

                "GPRINT:read:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:read:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:read:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:write_n#346370:sdd write",

                "LINE1:write_n#22AAD1",

                "GPRINT:write:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:write:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:write:LAST: Current\\: %5.1lf %sB/s",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph25("system-5min", "day", "eth1 (BGWireless) usage on Titan");

&CreateGraph25("system-5min", "week", "eth1 (BGWireless) usage on Titan");

&CreateGraph25("system-5min", "month", "eth1 (BGWireless) usage on Titan");

&CreateGraph25("system-5min", "year", "eth1 (BGWireless) usage on Titan");

&CreateGraph25("system-5min", "0years", "eth1 (BGWireless) usage on Titan");

sub CreateGraph25

{

        RRDs::graph "$img/system.eth1-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy",

                "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $big, "-w", $width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:eth1_in=$rrd/$_[0].rrd:eth1_in:AVERAGE",

                "DEF:eth1_out=$rrd/$_[0].rrd:eth1_out:AVERAGE",

                "DEF:eth1_in_ft=$rrd/p2p.rrd:eth1_in_ft:AVERAGE",

                "DEF:eth1_out_ft=$rrd/p2p.rrd:eth1_out_ft:AVERAGE",

                "DEF:eth1_in_dc=$rrd/p2p.rrd:eth1_in_dc:AVERAGE",

                "DEF:eth1_out_dc=$rrd/p2p.rrd:eth1_out_dc:AVERAGE",

                "DEF:eth1_in_gnu=$rrd/p2p.rrd:eth1_in_gnu:AVERAGE",

                "DEF:eth1_out_gnu=$rrd/p2p.rrd:eth1_out_gnu:AVERAGE",

                "DEF:eth1_in_bittor=$rrd/p2p.rrd:eth1_in_bittor:AVERAGE",

                "DEF:eth1_out_bittor=$rrd/p2p.rrd:eth1_out_bittor:AVERAGE",

                "DEF:eth1_in_oft=$rrd/p2p.rrd:eth1_in_oft:AVERAGE",

                "DEF:eth1_out_oft=$rrd/p2p.rrd:eth1_out_oft:AVERAGE",

                "DEF:eth1_in_edonk=$rrd/p2p.rrd:eth1_in_edonk:AVERAGE",

                "DEF:eth1_out_edonk=$rrd/p2p.rrd:eth1_out_edonk:AVERAGE",

                "DEF:eth1_in_rest=$rrd/p2p.rrd:eth1_in_rest:AVERAGE",

                "DEF:eth1_out_rest=$rrd/p2p.rrd:eth1_out_rest:AVERAGE",

                "CDEF:eth1_out_n=eth1_out,-1,*",

                "CDEF:eth1_out_p2p=eth1_out_ft,eth1_out_dc,+,eth1_out_gnu,+,eth1_out_bittor,+,eth1_out_oft,+,eth1_out_edonk,+,eth1_out_rest,+,eth1_out,MIN",

                "CDEF:eth1_in_p2p=eth1_in_ft,eth1_in_dc,+,eth1_in_gnu,+,eth1_in_bittor,+,eth1_in_oft,+,eth1_in_edonk,+,eth1_in_rest,+,eth1_in,MIN",

                "CDEF:eth1_out_p2p_n=eth1_out_p2p,-1,*",

                "AREA:eth1_in#7C5B57:eth1 in ",

                "GPRINT:eth1_in:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:eth1_in_p2p#A7343B:p2p  in ",

                "LINE1:eth1_in_p2p#EC4954",

                "GPRINT:eth1_in_p2p:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_p2p:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_p2p:LAST: Current\\: %5.1lf %sB/s\\n",

                "LINE1:eth1_in#CC958F",

                "AREA:eth1_out_n#346370:eth1 out",

                "GPRINT:eth1_out:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:eth1_out_p2p_n#397563:p2p  out",

                "LINE1:eth1_out_p2p_n#3CB18E",

                "GPRINT:eth1_out_p2p:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_p2p:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_p2p:LAST: Current\\: %5.1lf %sB/s",

                "LINE1:eth1_out_n#22AAD1",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph26("system-5min", "day", "eth2 (Internet) usage on Titan");

&CreateGraph26("system-5min", "week", "eth2 (Internet) usage on Titan");

&CreateGraph26("system-5min", "month", "eth2 (Internet) usage on Titan");

&CreateGraph26("system-5min", "year", "eth2 (Internet) usage on Titan");

&CreateGraph26("system-5min", "0years", "eth2 (Internet) usage on Titan");

sub CreateGraph26

{

        RRDs::graph "$img/system.eth2-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $big, "-w", $width,

                "-l 0",

#               "-Y",

                "-M",

                "-a", "PNG",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:eth2_in=$rrd/$_[0].rrd:eth2_in:AVERAGE",

                "DEF:eth2_out=$rrd/$_[0].rrd:eth2_out:AVERAGE",

                "DEF:eth2_in_ft=$rrd/p2p.rrd:eth2_in_ft:AVERAGE",

                "DEF:eth2_out_ft=$rrd/p2p.rrd:eth2_out_ft:AVERAGE",

                "DEF:eth2_in_dc=$rrd/p2p.rrd:eth2_in_dc:AVERAGE",

                "DEF:eth2_out_dc=$rrd/p2p.rrd:eth2_out_dc:AVERAGE",

                "DEF:eth2_in_gnu=$rrd/p2p.rrd:eth2_in_gnu:AVERAGE",

                "DEF:eth2_out_gnu=$rrd/p2p.rrd:eth2_out_gnu:AVERAGE",

                "DEF:eth2_in_bittor=$rrd/p2p.rrd:eth2_in_bittor:AVERAGE",

                "DEF:eth2_out_bittor=$rrd/p2p.rrd:eth2_out_bittor:AVERAGE",

                "DEF:eth2_in_oft=$rrd/p2p.rrd:eth2_in_oft:AVERAGE",

                "DEF:eth2_out_oft=$rrd/p2p.rrd:eth2_out_oft:AVERAGE",

                "DEF:eth2_in_edonk=$rrd/p2p.rrd:eth2_in_edonk:AVERAGE",

                "DEF:eth2_out_edonk=$rrd/p2p.rrd:eth2_out_edonk:AVERAGE",

                "DEF:eth2_in_rest=$rrd/p2p.rrd:eth2_in_rest:AVERAGE",

                "DEF:eth2_out_rest=$rrd/p2p.rrd:eth2_out_rest:AVERAGE",

                "CDEF:eth2_out_n=eth2_out,-1,*",

                "CDEF:eth2_out_p2p=eth2_out_ft,eth2_out_dc,+,eth2_out_gnu,+,eth2_out_bittor,+,eth2_out_oft,+,eth2_out_edonk,+,eth2_out_rest,+,eth2_out,MIN",

                "CDEF:eth2_in_p2p=eth2_in_ft,eth2_in_dc,+,eth2_in_gnu,+,eth2_in_bittor,+,eth2_in_oft,+,eth2_in_edonk,+,eth2_in_rest,+,eth2_in,MIN",

                "CDEF:eth2_out_p2p_n=eth2_out_p2p,-1,*",

                "AREA:eth2_in#7C5B57:eth2 in ",

                "GPRINT:eth2_in:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:eth2_in_p2p#A7343B:p2p  in ",

                "LINE1:eth2_in_p2p#EC4954",

                "GPRINT:eth2_in_p2p:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_p2p:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_p2p:LAST: Current\\: %5.1lf %sB/s\\n",

                "LINE1:eth2_in#CC958F",

                "AREA:eth2_out_n#346370:eth2 out",

                "GPRINT:eth2_out:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:eth2_out_p2p_n#397563:p2p  out",

                "LINE1:eth2_out_p2p_n#3CB18E",

                "GPRINT:eth2_out_p2p:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_p2p:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_p2p:LAST: Current\\: %5.1lf %sB/s",

                "LINE1:eth2_out_n#22AAD1",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph27("system-5min", "day", "Disks usage on Titan");

&CreateGraph27("system-5min", "week", "Disks usage on Titan");

&CreateGraph27("system-5min", "month", "Disks usage on Titan");

&CreateGraph27("system-5min", "year", "Disks usage on Titan");

&CreateGraph27("system-5min", "0years", "Disks usage on Titan");

sub CreateGraph27

{

        RRDs::graph "$img/system.disks-rw-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $big, "-w", $width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-b 1024",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:sda_read=$rrd/$_[0].rrd:sda_read:AVERAGE",

                "DEF:sda_write=$rrd/$_[0].rrd:sda_write:AVERAGE",

                "DEF:sdb_read=$rrd/$_[0].rrd:sdb_read:AVERAGE",

                "DEF:sdb_write=$rrd/$_[0].rrd:sdb_write:AVERAGE",

                "DEF:sdc_read=$rrd/$_[0].rrd:sdc_read:AVERAGE",

                "DEF:sdc_write=$rrd/$_[0].rrd:sdc_write:AVERAGE",

                "DEF:sdd_read=$rrd/$_[0].rrd:sdd_read:AVERAGE",

                "DEF:sdd_write=$rrd/$_[0].rrd:sdd_write:AVERAGE",

                "CDEF:read=sda_read,sdb_read,+,sdc_read,+,sdd_read,+,512,*",

                "CDEF:write=sda_write,sdb_write,+,sdc_write,+,sdd_write,+,512,*",

                "CDEF:write_n=write,-1,*",

                "AREA:read#7C5B57:Disk reads ",

                "LINE1:read#CC958F",

                "GPRINT:read:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:read:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:read:LAST: Current\\: %5.1lf %sB/s\\n",

                "AREA:write_n#346370:Disk writes",

                "LINE1:write_n#22AAD1",

                "GPRINT:write:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:write:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:write:LAST: Current\\: %5.1lf %sB/s",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph28("p2p", "day", "p2p traffic on eth1");

&CreateGraph28("p2p", "week", "p2p traffic on eth1");

&CreateGraph28("p2p", "month", "p2p traffic on eth1");

&CreateGraph28("p2p", "year", "p2p traffic on eth1");

&CreateGraph28("p2p", "0years", "p2p traffic on eth1");

sub CreateGraph28

{

        RRDs::graph "$img/p2p.eth1-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy",

                "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_big, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:eth1_in_ft=$rrd/$_[0].rrd:eth1_in_ft:AVERAGE",

                "DEF:eth1_out_ft=$rrd/$_[0].rrd:eth1_out_ft:AVERAGE",

                "DEF:eth1_in_dc=$rrd/$_[0].rrd:eth1_in_dc:AVERAGE",

                "DEF:eth1_out_dc=$rrd/$_[0].rrd:eth1_out_dc:AVERAGE",

                "DEF:eth1_in_gnu=$rrd/$_[0].rrd:eth1_in_gnu:AVERAGE",

                "DEF:eth1_out_gnu=$rrd/$_[0].rrd:eth1_out_gnu:AVERAGE",

                "DEF:eth1_in_bittor=$rrd/$_[0].rrd:eth1_in_bittor:AVERAGE",

                "DEF:eth1_out_bittor=$rrd/$_[0].rrd:eth1_out_bittor:AVERAGE",

                "DEF:eth1_in_oft=$rrd/$_[0].rrd:eth1_in_oft:AVERAGE",

                "DEF:eth1_out_oft=$rrd/$_[0].rrd:eth1_out_oft:AVERAGE",

                "DEF:eth1_in_edonk=$rrd/$_[0].rrd:eth1_in_edonk:AVERAGE",

                "DEF:eth1_out_edonk=$rrd/$_[0].rrd:eth1_out_edonk:AVERAGE",

                "DEF:eth1_in_rest=$rrd/$_[0].rrd:eth1_in_rest:AVERAGE",

                "DEF:eth1_out_rest=$rrd/$_[0].rrd:eth1_out_rest:AVERAGE",

                "DEF:eth1_in=$rrd/system-5min.rrd:eth1_in:AVERAGE",

                "DEF:eth1_out=$rrd/system-5min.rrd:eth1_out:AVERAGE",

                "CDEF:eth1_out_ft_n=eth1_out_ft,eth1_out,MIN,-1,*",

                "CDEF:eth1_out_dc_n=eth1_out_dc,eth1_out,MIN,-1,*",

                "CDEF:eth1_out_gnu_n=eth1_out_gnu,eth1_out,MIN,-1,*",

                "CDEF:eth1_out_bittor_n=eth1_out_bittor,eth1_out,MIN,-1,*",

                "CDEF:eth1_out_oft_n=eth1_out_oft,eth1_out,MIN,-1,*",

                "CDEF:eth1_out_edonk_n=eth1_out_edonk,eth1_out,MIN,-1,*",

                "CDEF:eth1_out_rest_n=eth1_out_rest,eth1_out,MIN,-1,*",

                "CDEF:eth1_in_ft_g=eth1_in_ft,eth1_in,MIN",

                "CDEF:eth1_in_dc_g=eth1_in_dc,eth1_in,MIN",

                "CDEF:eth1_in_gnu_g=eth1_in_gnu,eth1_in,MIN",

                "CDEF:eth1_in_bittor_g=eth1_in_bittor,eth1_in,MIN",

                "CDEF:eth1_in_oft_g=eth1_in_oft,eth1_in,MIN",

                "CDEF:eth1_in_edonk_g=eth1_in_edonk,eth1_in,MIN",

                "CDEF:eth1_in_rest_g=eth1_in_rest,eth1_in,MIN",

                "CDEF:eth1_out_p2p=eth1_out_ft,eth1_out_dc,+,eth1_out_gnu,+,eth1_out_bittor,+,eth1_out_oft,+,eth1_out_edonk,+,eth1_out_rest,+,eth1_out,MIN",

                "CDEF:eth1_in_p2p=eth1_in_ft,eth1_in_dc,+,eth1_in_gnu,+,eth1_in_bittor,+,eth1_in_oft,+,eth1_in_edonk,+,eth1_in_rest,+,eth1_in,MIN",

                "CDEF:eth1_out_p2p_n=eth1_out_p2p,-1,*",

                "AREA:eth1_in_ft_g#7C5B57:Fasttrack      in",

                "GPRINT:eth1_in_ft_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_ft_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_ft_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_in_dc_g#346370:DirectConnect  in",

                "GPRINT:eth1_in_dc_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_dc_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_dc_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_in_gnu_g#397563:Gnutella       in",

                "GPRINT:eth1_in_gnu_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_gnu_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_gnu_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_in_bittor_g#5E7149:Bittorrent     in",

                "GPRINT:eth1_in_bittor_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_bittor_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_bittor_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_in_oft_g#756339:OpenFT         in",

                "GPRINT:eth1_in_oft_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_oft_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_oft_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_in_edonk_g#925A39:Edonkey        in",

                "GPRINT:eth1_in_edonk_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_edonk_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_edonk_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_in_rest_g#A7343B:Other p2p      in",

                "GPRINT:eth1_in_rest_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_rest_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_in_rest_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "LINE1:eth1_in_p2p#CC958F",

                "AREA:eth1_out_ft_n#7C5B57AA:Fasttrack     out",

                "GPRINT:eth1_out_ft:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_ft:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_ft:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_out_dc_n#346370AA:DirectConnect out",

                "GPRINT:eth1_out_dc:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_dc:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_dc:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_out_gnu_n#397563AA:Gnutella      out",

                "GPRINT:eth1_out_gnu:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_gnu:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_gnu:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_out_bittor_n#5E7149AA:Bittorrent    out",

                "GPRINT:eth1_out_bittor:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_bittor:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_bittor:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_out_oft_n#756339AA:OpenFT        out",

                "GPRINT:eth1_out_oft:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_oft:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_oft:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_out_edonk_n#925A39AA:Edonkey       out",

                "GPRINT:eth1_out_edonk:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_edonk:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_edonk:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth1_out_rest_n#A7343BAA:Other p2p     out",

                "GPRINT:eth1_out_rest:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_rest:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth1_out_rest:LAST: Current\\: %5.1lf %sB/s",

                "LINE1:eth1_out_p2p_n#CC958FAA",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph29("p2p", "day", "p2p traffic on eth2");

&CreateGraph29("p2p", "week", "p2p traffic on eth2");

&CreateGraph29("p2p", "month", "p2p traffic on eth2");

&CreateGraph29("p2p", "year", "p2p traffic on eth2");

&CreateGraph29("p2p", "0years", "p2p traffic on eth2");

sub CreateGraph29

{

        RRDs::graph "$img/p2p.eth2-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy",

                "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_big, "-w", $s_width,

                "-l 0",

                "-Y", "-M",

                "-a", "PNG",

                "-v Bytes per second",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:eth2_in_ft=$rrd/$_[0].rrd:eth2_in_ft:AVERAGE",

                "DEF:eth2_out_ft=$rrd/$_[0].rrd:eth2_out_ft:AVERAGE",

                "DEF:eth2_in_dc=$rrd/$_[0].rrd:eth2_in_dc:AVERAGE",

                "DEF:eth2_out_dc=$rrd/$_[0].rrd:eth2_out_dc:AVERAGE",

                "DEF:eth2_in_gnu=$rrd/$_[0].rrd:eth2_in_gnu:AVERAGE",

                "DEF:eth2_out_gnu=$rrd/$_[0].rrd:eth2_out_gnu:AVERAGE",

                "DEF:eth2_in_bittor=$rrd/$_[0].rrd:eth2_in_bittor:AVERAGE",

                "DEF:eth2_out_bittor=$rrd/$_[0].rrd:eth2_out_bittor:AVERAGE",

                "DEF:eth2_in_oft=$rrd/$_[0].rrd:eth2_in_oft:AVERAGE",

                "DEF:eth2_out_oft=$rrd/$_[0].rrd:eth2_out_oft:AVERAGE",

                "DEF:eth2_in_edonk=$rrd/$_[0].rrd:eth2_in_edonk:AVERAGE",

                "DEF:eth2_out_edonk=$rrd/$_[0].rrd:eth2_out_edonk:AVERAGE",

                "DEF:eth2_in_rest=$rrd/$_[0].rrd:eth2_in_rest:AVERAGE",

                "DEF:eth2_out_rest=$rrd/$_[0].rrd:eth2_out_rest:AVERAGE",

                "DEF:eth2_in=$rrd/system-5min.rrd:eth2_in:AVERAGE",

                "DEF:eth2_out=$rrd/system-5min.rrd:eth2_out:AVERAGE",

                "CDEF:eth2_out_ft_n=eth2_out_ft,eth2_out,MIN,-1,*",

                "CDEF:eth2_out_dc_n=eth2_out_dc,eth2_out,MIN,-1,*",

                "CDEF:eth2_out_gnu_n=eth2_out_gnu,eth2_out,MIN,-1,*",

                "CDEF:eth2_out_bittor_n=eth2_out_bittor,eth2_out,MIN,-1,*",

                "CDEF:eth2_out_oft_n=eth2_out_oft,eth2_out,MIN,-1,*",

                "CDEF:eth2_out_edonk_n=eth2_out_edonk,eth2_out,MIN,-1,*",

                "CDEF:eth2_out_rest_n=eth2_out_rest,eth2_out,MIN,-1,*",

                "CDEF:eth2_in_ft_g=eth2_in_ft,eth2_in,MIN",

                "CDEF:eth2_in_dc_g=eth2_in_dc,eth2_in,MIN",

                "CDEF:eth2_in_gnu_g=eth2_in_gnu,eth2_in,MIN",

                "CDEF:eth2_in_bittor_g=eth2_in_bittor,eth2_in,MIN",

                "CDEF:eth2_in_oft_g=eth2_in_oft,eth2_in,MIN",

                "CDEF:eth2_in_edonk_g=eth2_in_edonk,eth2_in,MIN",

                "CDEF:eth2_in_rest_g=eth2_in_rest,eth2_in,MIN",

                "CDEF:eth2_out_p2p=eth2_out_ft,eth2_out_dc,+,eth2_out_gnu,+,eth2_out_bittor,+,eth2_out_oft,+,eth2_out_edonk,+,eth2_out_rest,+,eth2_out,MIN",

                "CDEF:eth2_in_p2p=eth2_in_ft,eth2_in_dc,+,eth2_in_gnu,+,eth2_in_bittor,+,eth2_in_oft,+,eth2_in_edonk,+,eth2_in_rest,+,eth2_in,MIN",

                "CDEF:eth2_out_p2p_n=eth2_out_p2p,-1,*",

                "AREA:eth2_in_ft_g#7C5B57:Fasttrack      in",

                "GPRINT:eth2_in_ft_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_ft_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_ft_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_in_dc_g#346370:DirectConnect  in",

                "GPRINT:eth2_in_dc_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_dc_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_dc_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_in_gnu_g#397563:Gnutella       in",

                "GPRINT:eth2_in_gnu_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_gnu_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_gnu_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_in_bittor_g#5E7149:Bittorrent     in",

                "GPRINT:eth2_in_bittor_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_bittor_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_bittor_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_in_oft_g#756339:OpenFT         in",

                "GPRINT:eth2_in_oft_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_oft_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_oft_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_in_edonk_g#925A39:Edonkey        in",

                "GPRINT:eth2_in_edonk_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_edonk_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_edonk_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_in_rest_g#A7343B:Other p2p      in",

                "GPRINT:eth2_in_rest_g:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_rest_g:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_in_rest_g:LAST: Current\\: %5.1lf %sB/s\\n",

                "LINE1:eth2_in_p2p#CC958F",

                "AREA:eth2_out_ft_n#7C5B57AA:Fasttrack     out",

                "GPRINT:eth2_out_ft:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_ft:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_ft:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_out_dc_n#346370AA:DirectConnect out",

                "GPRINT:eth2_out_dc:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_dc:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_dc:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_out_gnu_n#397563AA:Gnutella      out",

                "GPRINT:eth2_out_gnu:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_gnu:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_gnu:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_out_bittor_n#5E7149AA:Bittorrent    out",

                "GPRINT:eth2_out_bittor:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_bittor:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_bittor:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_out_oft_n#756339AA:OpenFT        out",

                "GPRINT:eth2_out_oft:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_oft:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_oft:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_out_edonk_n#925A39AA:Edonkey       out",

                "GPRINT:eth2_out_edonk:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_edonk:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_edonk:LAST: Current\\: %5.1lf %sB/s\\n",

                "STACK:eth2_out_rest_n#A7343BAA:Other p2p     out",

                "GPRINT:eth2_out_rest:MAX:  Max\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_rest:AVERAGE: Avg\\: %5.1lf %sB/s",

                "GPRINT:eth2_out_rest:LAST: Current\\: %5.1lf %sB/s",

                "LINE1:eth2_out_p2p_n#CC958FAA",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph30("dns", "day", "DNS stats on Titan");

&CreateGraph30("dns", "week", "DNS stats on Titan");

&CreateGraph30("dns", "month", "DNS stats on Titan");

&CreateGraph30("dns", "year", "DNS stats on Titan");

&CreateGraph30("dns", "0years", "DNS stats on Titan");

sub CreateGraph30

{

        RRDs::graph "$img/system.dns-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy",

                "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

#                "-Y",

                "-r",

                "-a", "PNG",

                "-v per minute",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:success_ps=$rrd/$_[0].rrd:success:AVERAGE",

                "DEF:referral_ps=$rrd/$_[0].rrd:referral:AVERAGE",

                "DEF:nxrrset_ps=$rrd/$_[0].rrd:nxrrset:AVERAGE",

                "DEF:nxdomain_ps=$rrd/$_[0].rrd:nxdomain:AVERAGE",

                "DEF:recursion_ps=$rrd/$_[0].rrd:recursion:AVERAGE",

                "DEF:failure_ps=$rrd/$_[0].rrd:failure:AVERAGE",

                "CDEF:success=success_ps,60,*",

                "CDEF:referral=referral_ps,60,*",

                "CDEF:nxrrset=nxrrset_ps,60,*",

                "CDEF:nxdomain=nxdomain_ps,60,*",

                "CDEF:recursion=recursion_ps,60,*",

                "CDEF:failure=failure_ps,60,*",

                "CDEF:total=success,referral,+,nxrrset,+,nxdomain,+,recursion,+,failure,+",

                "AREA:success#756339:Success   ",

                "GPRINT:success:MAX:  Max\\: %6.2lf",

                "GPRINT:success:AVERAGE: Avg\\: %6.2lf",

                "GPRINT:success:LAST: Current\\: %6.2lf %s  1\/min\\n",

                "STACK:referral#5E7149:Referral  ",

                "GPRINT:referral:MAX:  Max\\: %6.2lf",

                "GPRINT:referral:AVERAGE: Avg\\: %6.2lf",

                "GPRINT:referral:LAST: Current\\: %6.2lf %s  1\/min\\n",

                "STACK:nxrrset#397563:NXrrset   ",

                "GPRINT:nxrrset:MAX:  Max\\: %6.2lf",

                "GPRINT:nxrrset:AVERAGE: Avg\\: %6.2lf",

                "GPRINT:nxrrset:LAST: Current\\: %6.2lf %s  1\/min\\n",

                "STACK:nxdomain#346370:NXdomain  ",

                "GPRINT:nxdomain:MAX:  Max\\: %6.2lf",

                "STACK:recursion#7C5B57:Recursion ",

                "GPRINT:recursion:MAX:  Max\\: %6.2lf",

                "GPRINT:recursion:AVERAGE: Avg\\: %6.2lf",

                "GPRINT:recursion:LAST: Current\\: %6.2lf %s  1\/min\\n",

                "STACK:failure#A7343B:Failure   ",

                "GPRINT:failure:MAX:  Max\\: %6.2lf",

                "GPRINT:failure:AVERAGE: Avg\\: %6.2lf",

                "GPRINT:failure:LAST: Current\\: %6.2lf %s  1\/min\\n",

                "LINE1:total#CC958F:Total     ",

                "GPRINT:total:MAX:  Max\\: %6.2lf",

                "GPRINT:total:AVERAGE: Avg\\: %6.2lf",

                "GPRINT:total:LAST: Current\\: %6.2lf   %s1\/min",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

&CreateGraph31("system-temp", "day", "IP Connections on Titan");

&CreateGraph31("system-temp", "week", "IP Connections on Titan");

&CreateGraph31("system-temp", "month", "IP Connections on Titan");

&CreateGraph31("system-temp", "year", "IP Connections on Titan");

&CreateGraph31("system-temp", "0years", "IP Connections on Titan");

sub CreateGraph31

{

        RRDs::graph "$img/system.ip_conntrack-$_[1].png",

                "-s -1$_[1]",

                "-t $_[2] - $_[1]",

                "--lazy", "-E", "-i", "--font", "TITLE:11:/usr/share/fonts/corefonts/arialbd.ttf",

                "-h", $s_hight, "-w", $s_width,

                "-l 0",

#               "-Y",

                "-M",

                "-a", "PNG",

                "-v processes",

                "-c", "CANVAS#222222",

                "-c", "BACK#C0C0CC",

                "-c", "GRID#576F6622",

                "-c", "MGRID#11111144",

                "DEF:connections=$rrd/$_[0].rrd:ip_conntrack_count:AVERAGE",

                "AREA:connections#7C5B57:Connections ",

                "LINE1:connections#CC958F",

                "GPRINT:connections:MAX:  Max\\: %5.1lf %S",

                "GPRINT:connections:AVERAGE: Avg\\: %5.1lf %S",

                "GPRINT:connections:LAST: Current\\: %5.1lf %S",

                "HRULE:0#888888";

        if ($ERROR = RRDs::error) { print "$0: unable to generate $_[0] $_[1] graph: $ERROR\n"; }

}

```

and this is cgi I point my browser to:

```
#!/bin/bash

echo "Content-Type: text/html"

echo

echo "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'>"

echo "<html>"

echo "<br>"

echo "<HEAD><META HTTP-EQUIV='Refresh' CONTENT='300'><META HTTP-EQUIV='Pragma' CONTENT='no-cache'>"

echo "<META HTTP-EQUIV='Expires' CONTENT='Sun, 02 Apr 2000 04:55:58 GMT'>"

echo "<META HTTP-EQUIV='Content-Type' CONTENT='text/html; charset=iso-8859-1'>"

nice -n 12 ./system_graphs.pl

echo "<TITLE>System monitoring for Titan</TITLE></HEAD>"

echo "<BODY BGCOLOR='#333333' link='#D0B0B0' vlink='#DDCCFF' alink='#EEEEEE'><div align='center'>"

echo "<TABLE BORDER=0 WIDTH='100%'>"

echo "<TR><TD><center><IMG ALT='Gentoo Linux' BORDER=0 SRC='../pics/powered-small.png'>"

echo "</TD><TD><center><H4><font COLOR=#C0C0CC>System monitoring for Titan</font></H4>"

echo "<a href="./system-day.cgi" title="Day">Day</a> <a href="./system-week.cgi" title="Week">Week</a> "

echo "<a href="./system-month.cgi" title="Month">Month</a> <a href="./system-year.cgi" title="Year">Year</a><br>"

echo "<br>"

echo "<a href="./squid-day.cgi" title="Squid">Squid</a> <a href="./apc-day.cgi" title="APC">APC</a> "

#echo "<a href="./network-day.cgi" title="Network">Network</a><br><br>"

echo "</TD><TD><center><IMG ALT='Gentoo Linux' BORDER=0 SRC='../pics/moving-drag.gif'>"

echo "</TD></TR></TABLE>"

echo "<br>"

echo "<A HREF='system.cpu0.cgi'><IMG ALT='system.cpu0 Graph' BORDER=0 SRC='graphs/system.cpu0-day.png'></A>"

echo "<br>"

echo "<A HREF='system.load.cgi'><IMG ALT='system.load Graph' BORDER=0 SRC='graphs/system.load-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.proc-active.cgi'><IMG ALT='system.proc-active Graph' BORDER=0 SRC='graphs/system.proc-active-day.png'></A>"

echo "<br>"

echo "<A HREF='system.freq.cgi'><IMG ALT='system.freq Graph' BORDER=0 SRC='graphs/system.freq-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.proc-total.cgi'><IMG ALT='system.proc-total Graph' BORDER=0 SRC='graphs/system.proc-total-day.png'></A>"

echo "<br>"

echo "<A HREF='system.mem.cgi'><IMG ALT='system.mem Graph' BORDER=0 SRC='graphs/system.mem-day.png'></A>"

echo "<br>"

echo "<A HREF='system.swap.cgi'><IMG ALT='system.swap Graph' BORDER=0 SRC='graphs/system.swap-day.png'></A>"

echo "<br>"

echo "<A HREF='system.swaped.cgi'><IMG ALT='system.swaped Graph' BORDER=0 SRC='graphs/system.swaped-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.dirty.cgi'><IMG ALT='system.dirty Graph' BORDER=0 SRC='graphs/system.dirty-day.png'></A>"

echo "<br>"

echo "<A HREF='system.eth0.cgi'><IMG ALT='system.eth0 Graph' BORDER=0 SRC='graphs/system.eth0-day.png'></A>"

echo "<br>"

echo "<A HREF='system.eth1.cgi'><IMG ALT='system.eth1 Graph' BORDER=0 SRC='graphs/system.eth1-day.png'></A>"

echo "<br>"

echo "<A HREF='system.eth2.cgi'><IMG ALT='system.eth2 Graph' BORDER=0 SRC='graphs/system.eth2-day.png'></A>"

echo "<br>"

echo "<A HREF='p2p.eth2.cgi'><IMG ALT='p2p.eth2 Graph' BORDER=0 SRC='graphs/p2p.eth2-day.png'></A>"

echo "<br>"

echo "<A HREF='system.disks-rw.cgi'><IMG ALT='system.disks-rw Graph' BORDER=0 SRC='graphs/system.disks-rw-day.png'></A>"

echo "<br>"

echo "<A HREF='system.sda-rw.cgi'><IMG ALT='system.sda-rw Graph' BORDER=0 SRC='graphs/system.sda-rw-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.sdb-rw.cgi'><IMG ALT='system.sdb-rw Graph' BORDER=0 SRC='graphs/system.sdb-rw-day.png'></A>"

echo "<br>"

echo "<A HREF='system.sdc-rw.cgi'><IMG ALT='system.sdc-rw Graph' BORDER=0 SRC='graphs/system.sdc-rw-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.sdd-rw.cgi'><IMG ALT='system.sdd-rw Graph' BORDER=0 SRC='graphs/system.sdd-rw-day.png'></A>"

echo "<br>"

echo "<A HREF='system.temperatures.cgi'><IMG ALT='system.temperatures Graph' BORDER=0 SRC='graphs/system.temperatures-day.png'></A>"

echo "<br>"

echo "<A HREF='system.disk-temps.cgi'><IMG ALT='system.disk-temps Graph' BORDER=0 SRC='graphs/system.disk-temps-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.fans.cgi'><IMG ALT='system.fans Graph' BORDER=0 SRC='graphs/system.fans-day.png'></A>"

echo "<br>"

echo "<A HREF='system.voltages1.cgi'><IMG ALT='system.voltages1 Graph' BORDER=0 SRC='graphs/system.voltages1-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.freq_trans.cgi'><IMG ALT='system.freq_trans Graph' BORDER=0 SRC='graphs/system.freq_trans-day.png'></A>"

echo "<br>"

echo "<A HREF='system.voltages2.cgi'><IMG ALT='system.voltages2 Graph' BORDER=0 SRC='graphs/system.voltages2-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.dns.cgi'><IMG ALT='system.dns Graph' BORDER=0 SRC='graphs/system.dns-day.png'></A>"

echo "<br>"

echo "<A HREF='system.uptime.cgi'><IMG ALT='system.uptime Graph' BORDER=0 SRC='graphs/system.uptime-day.png'></A>"

#echo "<br>"

echo "<A HREF='system.ip_conntrack.cgi'><IMG ALT='system.ip_conntrack Graph' BORDER=0 SRC='graphs/system.ip_conntrack-day.png'></A>"

echo "<br>"

echo "<A HREF='ping.bgw.cgi'><IMG ALT='ping.bgw Graph' BORDER=0 SRC='graphs/ping.bgw-day.png'></A>"

echo "<br>"

echo "<A HREF='ping.isp.cgi'><IMG ALT='ping.isp Graph' BORDER=0 SRC='graphs/ping.isp-day.png'></A>"

#echo "<br>"

echo "<A HREF='ping.google.cgi'><IMG ALT='ping.google Graph' BORDER=0 SRC='graphs/ping.google-day.png'></A>"

echo "</div></body></html>"

```

----------

## tnt

Take your time  :Wink: 

----------

## abz

Thanks for that, just the right size and complexity. 

Abz.

----------

## tnt

You've asked for my scripts, you've got them...

 :Wink: 

----------

## bakreule

To the original author, thank you very much for this how to, very well written and very informative.

To everyone, I just have a curiosity question: How much overhead does implementing bandwidth throttling impose on the kernel? Is it just a matter of how many rules you have? Or does it have a fixed penalty as soon as you have one rule, combined with the penalty for each additional rule?

----------

## tnt

 *bakreule wrote:*   

> To everyone, I just have a curiosity question: How much overhead does implementing bandwidth throttling impose on the kernel? Is it just a matter of how many rules you have? Or does it have a fixed penalty as soon as you have one rule, combined with the penalty for each additional rule?

 

http://l7-filter.sourceforge.net/performance

----------

## theDreamer

nice howto, thanks!

----------

## gringo

thanx guys, very interesting thread !

cheers

----------

## Seather

I have a linux gateway that shares the internet connection for my whole home network. I use the following to forward DC++ connections to my machine on the internal network (connected to eth0) that's actually running DC++ (p2p application).

What I want to do is set up bandwidth limiting on my gateway that will limit the upload traffic of that specific box on the inside network.

I use this to let dc++ work on the inside machine:

```
$IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 555 -j DNAT --to 192.168.0.57:555

$IPTABLES -t nat -A PREROUTING -i ppp0 -p udp --dport 555 -j DNAT --to 192.168.0.57:555

$IPTABLES -I FORWARD -i ppp0 -d 192.168.0.57 -p tcp --dport 555 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -I FORWARD -i ppp0 -d 192.168.0.57 -p udp --dport 555 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
```

This I added the following rule to mark the packets:

```
$IPTABLES -t mangle -I PREROUTING -i eth0 -s 192.168.0.57 -j MARK --set-mark 2
```

And this to bandwidth limit

```
# Define root

tc qdisc add dev eth0 root handle 1: htb default 10

tc class add dev eth0 parent 1: classid 1:1 htb rate 102400kbit burst 1218k

# Classes

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 102400kbit burst 1218k prio 1

tc class add dev eth0 parent 1:1 classid 1:20 htb rate 504kbit burst 12k prio 2

tc class add dev eth0 parent 1:1 classid 1:30 htb rate 56kbit burst 6k prio 3

# Fairly devide rest

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

# Limit

tc filter add dev eth0 protocol ip parent 1:0 handle 2 fw flowid 1:30
```

However this is limiting my download as well, it should though? How can I fix this?

----------

## Seather

I changed it over to work on ppp0, still limiting download too however:

```
# Define root

tc qdisc add dev ppp0 root handle 1: htb default 10

tc class add dev ppp0 parent 1: classid 1:1 htb rate 504kbit burst 6k

# Classes

tc class add dev ppp0 parent 1:1 classid 1:10 htb rate 504kbit burst 6k prio 1

tc class add dev ppp0 parent 1:1 classid 1:20 htb rate 252kbit burst 6k prio 2

tc class add dev ppp0 parent 1:1 classid 1:30 htb rate 56kbit burst 6k prio 3

# Fairly devide rest

tc qdisc add dev ppp0 parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev ppp0 parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev ppp0 parent 1:30 handle 30: sfq perturb 10

# Limit

tc filter add dev ppp0 protocol ip parent 1:0 handle 2 fw flowid 1:30
```

And

```
$IPTABLES -t nat -A PREROUTING -i ppp0 -p tcp --dport 555 -j DNAT --to 192.168.0.57:555

$IPTABLES -t nat -A PREROUTING -i ppp0 -p udp --dport 555 -j DNAT --to 192.168.0.57:555

$IPTABLES -I FORWARD -i ppp0 -d 192.168.0.57 -p tcp --dport 555 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -I FORWARD -i ppp0 -d 192.168.0.57 -p udp --dport 555 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -t mangle -I FORWARD -i eth0 -s 192.168.0.57 -o ppp0 -j MARK --set-mark 2
```

----------

## tnt

Try to use this:

http://l7-filter.sourceforge.net/

and read this:

http://l7-filter.sourceforge.net/L7-HOWTO-Netfilter#Doing

 :Wink: 

----------

## ddaas

Hi,

I am very new to HTB. In fact this is my first htb script.

Everything works great (a very good tutorial  :Smile: ), but I have 2 questions:

1) It seams that my ftp transfer runs faster than 10kbit. It seams it works with 15kbytes/s... Do you know why? This is not a very accurate measurement. It is the value showed my Total Commander when I transfer a file to my xp box from my linux server.

2) Could anyone explain the following?

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 10Kbit ceil 10Kbit burst 1611b cburst 1611b

 Sent 193705 bytes 2836 pkts (dropped 0, overlimits 0 requeues 0)

 rate 1291bit 19pps backlog 7p

lended: 2829 borrowed: 0 giants: 0

tokens: -1354518 ctokens: -1354518

my script is: 

 *Quote:*   

> #!/bin/bash
> 
> #deletes everything
> 
> tc qdisc del dev eth0 root
> ...

 

Thanks a lot

----------

## tnt

Probably you use passive ftp and port 20 on the server side is not used...

----------

## ahorn

I tried it the last two days. i don't get some real good shaping to work. why is there no X tool with preconfigured stuff 

for ssh,ed2k,etc?  :Wink:  - do you know the tool for ms windows called 'cFos' - thats such a klick-yougetit-tool. Maybe 

someone can post his entirely firewall-script with l7-filters, because i don't get how to manage fw-rules with l7-masking.

My router (avm fritzbox sl) got traffic shaping, too. is it important to find out the shaping rules from the router? i mean, 

if i manage some traffic at the gentoo box, can it be possible, that the route manage it again with other restrictions? 

maybe that's the reason why my poorly ssh stucks down when i surf the net after doing the traffic shaping howto at 

gentoo-wiki.com.

thanks for help, ahorn.

----------

## n0rbi666

Hi !

Nice How-to, but ... for me it does'nt work as I expected....

I want to limit amule upload and only upload.

so I wrote a script : 

```

tc qdisc del root dev eth0

tc qdisc add dev eth0 root handle 1: htb default 10

tc class add dev eth0 parent 1: classid 1:1 htb rate 100kbit ceil 100kbit

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 90kbit ceil 100kbit prio 1

tc class add dev eth0 parent 1:1 classid 1:20 htb rate  10kbit ceil 20kbit prio 9

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

iptables -t mangle -A OUTPUT -m owner --cmd-owner amule -j MARK --set-mark 2

tc filter add dev eth0 protocol ip parent 1:0 handle 2 fw flowid 1:20

```

And it works, but it limits upload and download - not only upload

How to fix it, so the script will limit only upload? (I tried with sport, dport at port 4666 but it does'nt work at all (I use 4666 for emule)

Thanx for help  :Smile: 

----------

## frostschutz

The HTB qdisc you set up on eth0 will shape everything that's sent out on eth0. So this script would only make sense if eth0 is a device that is dedicated to internet access. For shaping both up- and download with this, it would have to be some very weird network setup, like a router with only one network device (that serves both internet and LAN via eth0).

----------

## Lajasha

Thanks for the HowTo, but I was unable to get it up and running reffering to only this Doc. I was able to get it working after refering to a few different places for data. I figured I would post the configs that I used just so anyone else that maybe having issues with this too can give it a go.

First let me give you a little background into what I wanted to achieve. My classes are arranged like this

```

Main Class (divided into 5 pieces)

  Priority 1) Interactive applications (Highest Priority SSH)

  Priority 2) Shoutcast Server

  Priority 3) Services (http,ftp,etc.)

  Priority 4) Default (Anything not owned by the other rules)

  Priority 5) Bittorrent (Lowest Priority)

```

KERNEL

I used a 2.6 kernel and used a kernel config based on the one at gentoo wiki:

```
 Networking options  --->

   QoS and/or fair queueing  --->

     [*] QoS and/or fair queueing

     <M>   HTB packet scheduler

     <M>   SFQ queue

     [*]   Packet classifier API

     <M> Firewall based classifier

   IP: Netfilter Configuration  --->

     <M> Connection tracking (required for masq/NAT)

     <M> IP tables support (required for filtering/masq/NAT)

     <M>   limit match support

     <M>   MAC address match support

     <M>   Packet type match support

     <M>   netfilter MARK match support

     <M>   Multiple port match support

     <M>   TOS match support

     <M>   random match support

     <M>   recent match support

     <M>   ECN match support

     <M>   DSCP match support

     <M>   AH/ESP match support

     <M>   LENGTH match support

     <M>   TTL match support

     <M>   tcpmss match support

     <M>   Helper match support

     <M>   Connection state match support

     <M>   Connection mark match support

     <M>   Connection tracking match support

     <M>   Unclean match support (EXPERIMENTAL)

     <M>   Owner match support (EXPERIMENTAL)

     <M>   Packet filtering

     <M>     REJECT target support

     <M>     MIRROR target support (EXPERIMENTAL)

     <M>   Full NAT

     <M>     MASQUERADE target support

     <M>     REDIRECT target support

     <M>     Basic SNMP-ALG support (EXPERIMENTAL)

     <M>   Packet mangling

     <M>     TOS target support

     <M>     ECN target support

     <M>     DSCP target support

     <M>     MARK target support

     <M>   LOG target support

     <M>   CONNMARK target support

     <M>   ULOG target support

     <M>   TCPMSS target support

     <M> ARP tables support

     <M>   ARP packet filtering

     <M>   ARP payload mangling

```

I went more with the iptables based marking of packets instead of the route this HowTo used. Below is the iptables listing I used, and the shapping commands I used.

IPTABLES

```

#!/bin/bash

echo Creating Constants

# Constants

LOCALNET="192.168.0.0/255.255.255.0"

MARKPRIO1="1"

MARKPRIO2="2"

MARKPRIO3="3"

MARKPRIO4="4"

MARKPRIO5="5"

echo Setting Default Policies

# Setting policy

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -t nat -P POSTROUTING ACCEPT

iptables -t nat -P PREROUTING ACCEPT

echo Flushing All Tables

# Flushing all tables

iptables -F INPUT

iptables -F OUTPUT

iptables -F FORWARD

iptables -t nat -F POSTROUTING

iptables -t nat -F PREROUTING

iptables -t mangle -F OUTPUT

iptables -t mangle -F FORWARD

echo Setting up Redirections

iptables -t nat -A PREROUTING -p tcp -m tcp --dport 23 -j REDIRECT --to-ports 22

echo Punching Wholes in Firewall for Services

iptables -t filter -A INPUT -i lo -j ACCEPT

iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -t filter -A INPUT -p tcp -m tcp --dport 22:23 -j ACCEPT

iptables -t filter -A INPUT -p tcp -m tcp -m multiport --dports 20,21 -j ACCEPT

iptables -t filter -A INPUT -p udp -m udp -m multiport --dports 20,21 -j ACCEPT

iptables -t filter -A INPUT -p tcp -m tcp -m multiport --dports 80,443 -j ACCEPT

iptables -t filter -A INPUT -p tcp -m tcp --dport 5190 -j ACCEPT

iptables -t filter -A INPUT -p tcp -m tcp --dport 60000:65535 -j ACCEPT

iptables -t filter -A INPUT -p udp -m udp --dport 60000:65535 -j ACCEPT

echo Setting Priority Markers

# Setting priority marks

# Prio 1

# icmp

iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark $MARKPRIO1

# ssh

iptables -t mangle -A OUTPUT -p tcp --sport 22 -j MARK --set-mark $MARKPRIO1

# non tcp

iptables -t mangle -A OUTPUT -p ! tcp -j MARK --set-mark $MARKPRIO1

# Prio 2

#Shoutcast

iptables -t mangle -A OUTPUT -p tcp --sport 5190 -j MARK --set-mark $MARKPRIO2

# Prio 3

# http

iptables -t mangle -A OUTPUT -p tcp --sport 80 -j MARK --set-mark $MARKPRIO3

# https

iptables -t mangle -A OUTPUT -p tcp --sport 443 -j MARK --set-mark $MARKPRIO3

# Prio 4 (Default)

# Prio 5

#Used UID owner as I could not seem to collect all connections that were related to the bitorrent connection by just port

iptables -t mangle -A OUTPUT -m owner --uid-owner 500 -j MARK --set-mark $MARKPRIO5

iptables -t mangle -A OUTPUT -p tcp --sport 6881:6889 -j MARK --set-mark $MARKPRIO5

iptables -t mangle -A OUTPUT -p tcp --sport 6881:6889 -j MARK --set-mark $MARKPRIO5

# Remaining packets are marked according to TOS

iptables -t mangle -A OUTPUT -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark $MARKPRIO1

iptables -t mangle -A OUTPUT -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark $MARKPRIO4

iptables -t mangle -A OUTPUT -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark $MARKPRIO5

```

BANDWIDTH SHAPING

```

#!/bin/bash

echo Dump Current Rules

tc qdisc del dev eth0 root

echo Create Rules

tc qdisc add dev eth0 root handle 1:0 htb default 14

tc class add dev eth0 parent 1:0 classid 1:1 htb rate 300kbit ceil 300kbit

tc class add dev eth0 parent 1:1 classid 1:11 htb rate 64kbit ceil 300kbit prio 1

tc class add dev eth0 parent 1:1 classid 1:12 htb rate 100kbit ceil 300kbit prio 2

tc class add dev eth0 parent 1:1 classid 1:13 htb rate 64kbit ceil 300kbit prio 3

tc class add dev eth0 parent 1:1 classid 1:14 htb rate 64kbit ceil 300kbit prio 4

tc class add dev eth0 parent 1:1 classid 1:15 htb rate 8kbit ceil 300kbit prio 5

tc filter add dev eth0 parent 1:0 protocol ip prio 1 handle 1 fw classid 1:11

tc filter add dev eth0 parent 1:0 protocol ip prio 2 handle 2 fw classid 1:12

tc filter add dev eth0 parent 1:0 protocol ip prio 3 handle 3 fw classid 1:13

tc filter add dev eth0 parent 1:0 protocol ip prio 4 handle 4 fw classid 1:14

tc filter add dev eth0 parent 1:0 protocol ip prio 5 handle 5 fw classid 1:15

```

Once you have run this, the simply issue this command and watch to see your packets are working like specified:

```
watch tc -s class show dev eth0
```

Pages I referenced:

This Howto

Gentoo Wiki

HTB Linux queuing discipline manual - user guide

----------

## nixnux

Excellent Howto, worked great for me.  One thing I'm trying to figure out is how to identify between the outgoing data in a BitTorrent application and the outgoing ACKs.  I limit the upstream just great...It works awesome.  Only problem is the downstream on a torrent goes way down.  I'm assuming the outgoing ACKs are getting limited along with the outgoing data.  Any one know how to distinguish between the two?

Thanks

----------

## ultraViolet

Hi all !

I have read this very interesting thread with attention, because I have tried in the past to control p2p traffic in this way :

if there is a connection etablished, p2p fall at 0 as input and output.

The matter was mainly that I am sharing my connection with other people which doesnt respect the rules I have etablished, like only use p2p clients allowing to be stopped from my 'workstation'. It can be seen as autoritative, but I am the one who pay for it. I am a gamer and I can't support to see my ping falling down for p2p traffic, when I can spare some night time to play.

I have tried marking p2p traffic via ipp2p. The result was positive, but not sufficient. According to what I have read, l7 seems to be efficient too, but the fact is that it only block bandwith, not the number of connection etablished for example.

My question will so be this one : Do you think it is pertinent to use ipp2p and l7 at the same time to detect the most p2p packet as possible ?

Any help would be appreciated, and would allow my users to keep their free connection...  :Wink: 

----------

## ssmaxss

I whant to lower priority of incoming bittorent traffic (For fast surfnig while downloading via bittorrent). I whant to find bittorrent packets by using ipp2p (ports are dynamic, and maybe I will use ed2k). How can I do it? I whant a simple and clear "Gentoo way".

----------

## Falchion

Supposedly I patched my iptables....

Can I filter my LAN connection so that I can make sure that both the ip & internet explorer use a limited bandwidth?

I did use tc filter add dev eth0 parent 1: protocol ip u32 match ip sport 80 0xffff flowid 1:20 & also for port 8080 + 3128.

It worked great. HOWEVER, it also filter the game online patch and I don't want that. I just want to filter internet explorer.

Does the patch work if my client is WinXP? and can I actually filter internet explorer for each computer differently? I want IE on comp1 to use 56kb/s, IE on comp2 56kb/s, IE on comp3 56kb/s, etc.

I tried adding iexplore/iexplore.exe without any patch and it says that it can't find the program specified because I don't have it if I type ps -A.

Please help me on this. Thanks.

----------

## Moloch

 *nixnux wrote:*   

> Excellent Howto, worked great for me.  One thing I'm trying to figure out is how to identify between the outgoing data in a BitTorrent application and the outgoing ACKs.  I limit the upstream just great...It works awesome.  Only problem is the downstream on a torrent goes way down.  I'm assuming the outgoing ACKs are getting limited along with the outgoing data.  Any one know how to distinguish between the two?
> 
> Thanks

 Yes, I use seperate ACK queues for each of of my categories. Say for example you have 

```
iptables -A tcpost -t mangle -o $INTERFACE -p tcp --dport $port -j CLASSIFY --set-class 1:32
```

Then I would have an almost identical line

```
ACKS='--tcp-flags SYN,RST,ACK ACK -m length --length :255'

iptables -A tcpost -t mangle -o $INTERFACE -p tcp --dport $port $ACKS -j CLASSIFY --set-class 1:31
```

 Where class 1:31 is a higher priority than 1:32.

So this uses the same port as the previous but the length of the packet must be from 0 to 255 and have the SYN,RST,ACK ACK TCP flags. This seems to work great for me. Even when I have a lot of bittorrents seeding. I can start downloading a torrent and it will slow down my seeding upload which allows the download to go much quicker. This works great for anything that uses TCP. Obviously this won't work with UDP.

Another trick for those trying to limit bittorrent traffic where you have the bittorrent client on another computer than the firewall. You could assign another IP address to the client machine. For example in in /etc/conf.d/net may look like 

```
config_eth0=( "192.168.0.5/24" "192.168.0.200/24")
```

Then on your firewall tell it to match based upon that IP address

```
iptables -A tcpost -t mangle -o $INTERFACE -p tcp --source 192.168.0.200 -j CLASSIFY --set-class 1:74
```

Back on the client machine you can then configure the bittorrent client to bind to 192.168.0.200 rather thant the primary one or all interfaces. If the client doesn't support binding to an interface you can use iptables on the client machine (assuming it's running Linux of course) to force connections based upon user or program name to use 192.168.0.200. This looks like 

```
iptables -A POSTROUTING -m owner --uid-owner bittorrent -j SNAT --to-source 192.168.0.200
```

 Make sure port forwarding on the firewall is setup to forward bittorrent ports to 192.168.0.200.

This may not be the best way to do things, but it seems to work very well for me.

----------

## depontius

 *Parasietje wrote:*   

> http://www.szabilinux.hu/bandwidth/
> 
> This URL is worth checking out. Download bandwidth limiting works like a charm on my router. If you run a squid proxy, you may have problems limiting download traffic if you use transparent proxying.
> 
> Use Delaying Pools for squid bandhwith limiting. (Line 2849 in squid.conf)

 

I'm looking to save $$$ by moving from cable to DSL, but first I want to "simulate" the move, by bandwidth-limiting. The first entry on this thread indicates that input bandwidth limiting is difficult, but the link you give seems to do it simply. (I haven't tried it yet, just read the link.) All of my LAN traffic passes through my server/router, so I do have a simple throttle point to do this.

I may have 2 DSL plans available, one saving $$$ and one saving $$. The cheap side of me would like to look at the low-bandwidth plan. I already run emerge sync from cron on my server, and my other systems sync to that. I'm also running http-replicator, so I have caching and provisions to move things into the wee hours, in order to avoid waiting and contention. I'm concerned about interactive bandwidth.

Is this a sane thing to do?

What are the "weight" factors? From what I can see, in my case the weights don't really matter, since I'm making all systems peers sharing one link. Correct?

----------

## johnny_martins00

hi. great howto! im trying something like your howto but with some subclasses. my question is if in one class i can declare 3 subclasses like :

```

localhost johnny # tc class add dev eth0 parent 1: classid 1:1 htb rate 120kbit burst 6k

localhost johnny # tc class add dev eth0 parent 1:1 classid 1:10 htb rate 100kbit burst 6k prio 1

localhost johnny # tc class add dev eth0 parent 1:1 classid 1:20 htb rate  10kbit burst 6k prio 2

localhost johnny # tc class add dev eth0 parent 1:1 classid 1:30 htb rate  10kbit burst 6k prio 3

now i want to declare 3 subclasses of class 10

localhost johnny # tc class add dev eth0 parent 1:10 classid 1:100 htb rate  60kbit

localhost johnny # tc class add dev eth0 parent 1:10 classid 1:200 htb rate  40kbit

localhost johnny # tc class add dev eth0 parent 1:10 classid 1:300 htb rate 20kbit

localhost johnny # tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

localhost johnny # tc qdisc add dev eth0 parent 1:100 handle 1000: sfq perturb 10

localhost johnny # tc qdisc add dev eth0 parent 1:200 handle 2000: sfq perturb 10

localhost johnny # tc qdisc add dev eth0 parent 1:300 handle 3000: sfq perturb 10

localhost johnny # tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

localhost johnny # tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

localhost johnny # tc class show dev eth0

class htb 1:1 root rate 120000bit ceil 120000bit burst 6Kb cburst 1749b

class htb 1:10 parent 1:1 rate 100000bit ceil 100000bit burst 6Kb cburst 1725b

class htb 1:100 parent 1:10 leaf 1000: prio 0 rate 60000bit ceil 60000bit burst 1674b cburst 1674b

class htb 1:20 parent 1:1 leaf 20: prio 2 rate 10000bit ceil 10000bit burst 6Kb cburst 1612b

class htb 1:200 parent 1:10 leaf 2000: prio 0 rate 40000bit ceil 40000bit burst 1650b cburst 1650b

class htb 1:30 parent 1:1 leaf 30: prio 3 rate 10000bit ceil 10000bit burst 6Kb cburst 1612b

class htb 1:300 parent 1:10 leaf 3000: prio 0 rate 20000bit ceil 20000bit burst 1625b cburst 1625b

```

another thing is the tc filter command... i wanna make a filter for all the traffic http but... dont know how. i've tried this:

```

tc filter add dev eth0 parent 10:0 protocol ip prio 3 u32 \ match ip protocol 80 0xff lowid 10:100

```

but its not working....

another thing its the diferences between using tc filter and the iptables that i cant understand...

Thk, 

Regards

----------

## Xamindar

I have a problem.  I simply ran the following and haven't add any clauses to shape traffic yet:

```

tc qdisc add dev eth0 root handle 1: htb default 10

tc class add dev eth0 parent 1: classid 1:1 htb rate 120kbit burst 6k

tc class add dev eth0 parent 1:1 classid 1:10 htb rate 120kbit burst 6k prio 1

tc class add dev eth0 parent 1:1 classid 1:20 htb rate  60kbit burst 6k prio 2

tc class add dev eth0 parent 1:1 classid 1:30 htb rate  30kbit burst 6k prio 3

tc qdisc add dev eth0 parent 1:10 handle 10: sfq perturb 10

tc qdisc add dev eth0 parent 1:20 handle 20: sfq perturb 10

tc qdisc add dev eth0 parent 1:30 handle 30: sfq perturb 10

```

but for some reason as soon as I add these not only does my outgoing slow to about 4k/s but so does my input!  Why is it doing this?  I checked and eth0 is indeed my outgoing interface.

----------

## Xamindar

I even tried following this guide:

http://gentoo-wiki.com/HOWTO_Packet_Shaping

and the same thing happened.  Both upload and download is being limited!  What is the deal with this?

----------

## exarkun

Also, as of kernel 2.6.14, the pid-owner, sid-owner, and cmd-owner options are no longer available in iptables.  Does anyone have a way to get this working for a specific program now?  Running p2p kills my downstream such that my connection is near useless.

Thanks.

----------

## sunilkb

Dear Author of Bandwidth Limiting post .

You mentioned in Section 7 of this post, Point 3. Would you please help me how to do TCP Window manipulation to influence the speed of network streams?

3)TCP window manipulation is an advanced and better method of influencing the speed of network streams, unfortunately AFAIK there are no open source applications that implement that for the time being. 

Thanks,

Sunil

----------

