Re: [IPCop-devel] Traffic Shaping for 2.0.

[Olaf W. <wei...@ip...>]

On 2010-11-16 01:19, David W Studeman wrote:
> It appears as though traffic shaping differs very little from that of
> 1.4 as far as the web gui goes. I believe that port ranges are supposed
> to work while using the 2.6 kernel. In such a case port ranges would be
> added as such startport:endport. An example would be that I want all
> ports from 10000 to 20000 to have high priority for VOIP RTP traffic so
> I would enter it 10000:20000.
>
> What I have already is a script I found in an Australian forum by a user
> named syn-tax (which I fine tuned by hand to look perfect when viewing
> in the web gui) which will manually add an entire range one line at a
> time to /var/ipcop/shaping/config. The script works fine on 1.9.x just
> as well as 1.4.x as of current. In my case, I end up with a 160KB file
> with over 10000 entries (the 10000-20000 plus SIP etc). As near as I can
> tell, this works fine but ranges would be a lot cleaner if possible.

IIRC tc does not allow port ranges, so there is a reason to prohibit 
port ranges in the GUI.

If you modify this:
Index: html/cgi-bin/shaping.cgi
===================================================================
--- html/cgi-bin/shaping.cgi    (revision 5136)
+++ html/cgi-bin/shaping.cgi    (working copy)
@@ -84,7 +84,7 @@
  if ($shapingsettings{'ACTION'} eq $Lang::tr{'add'}) {
      unless ($shapingsettings{'SERVICE_PROT'} =~ /^(tcp|udp)$/)  { 
$errormessage = $Lang::tr{'invalid input'}; }
      unless ($shapingsettings{'SERVICE_PRIO'} =~ /^(10|20|30)$/) { 
$errormessage = $Lang::tr{'invalid input'}; }
-    unless (&General::validport($shapingsettings{'SERVICE_PORT'})) { 
$errormessage = $Lang::tr{'invalid port'}; }
+    unless (&General::validportrange($shapingsettings{'SERVICE_PORT'}, 
'dest') eq '') { $errormessage = $Lang::tr{'invalid port'}; }

      if (!$errormessage) {
          if ($shapingsettings{'EDITING'} eq 'no') {


Shaping will allow port ranges just as firewall/services does.
restartshaping then throws errors though (Illegal "match"), indicating 
tc does not like it.

The solution for ranges would be to use MARKing via iptables and then 
filter on MARKs.


> Is the plan to stick with wondershaper?

Unless someone suggests (and implements) something better: yes.


Olaf