#!/bin/sh

###Traffic Shaping for Travel Connections External Network Links###

###########
#Variables#
###########

tc="/sbin/tc" #Location of TC

ethernet_dev="eth0"

ipsec_dev="ipsec0"

#######################################
#How much bandwidth should we allocate# 
#to the following services?           #
#######################################

total_bw="1540kbit" #can be "kbit, or mbit"

http_bw="512kbit"

ssh_bw="512kbit"

smtp_bw="256kbit"

############
#I'm using HTB, for information 
#read http://lartc.org/howto/lartc.qdisc.classful.html
############

###delete stuff

tc qdisc del dev eth0 root
tc qdisc del dev ipsec0 root

#########################
#Ethernet Device Shaping#
#########################

$tc qdisc add dev $ethernet_dev root handle 1: htb default 40

###total bandwidth###
$tc class add dev $ethernet_dev parent 1: classid 1:1 htb rate $total_bw burst 15k

###Services####
$tc class add dev $ethernet_dev parent 1:1 classid 1:10 htb rate $http_bw
$tc class add dev $ethernet_dev parent 1:1 classid 1:20 htb rate $ssh_bw ceil $total_bw burst 15k
$tc class add dev $ethernet_dev parent 1:1 classid 1:30 htb rate $smtp_bw ceil $total_bw burst 15k

###default###
$tc class add dev $ethernet_dev parent 1:1 classid 1:40 htb rate 1kbit ceil $total_bw burst 15k

###fairness###
$tc qdisc add dev $ethernet_dev parent 1:10 handle 10: sfq perturb 10
$tc qdisc add dev $ethernet_dev parent 1:20 handle 20: sfq perturb 10
$tc qdisc add dev $ethernet_dev parent 1:30 handle 30: sfq perturb 10
$tc qdisc add dev $ethernet_dev parent 1:40 handle 40: sfq perturb 10

###filter rules###
U32="tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32"

$U32 match ip dport 80 0xffff flowid 1:10
$U32 match ip dport 22 0xffff flowid 1:20
$U32 match ip sport 25 0xffff flowid 1:30

#########################
#IPSEC Device Shaping   #
#########################

$tc qdisc add dev $ipsec_dev root handle 2: htb default 40

###total bandwidth###
$tc class add dev $ipsec_dev parent 2: classid 2:1 htb rate $total_bw burst 15k

###Services####
$tc class add dev $ipsec_dev parent 2:1 classid 2:10 htb rate $http_bw burst 15k
$tc class add dev $ipsec_dev parent 2:1 classid 2:20 htb rate $ssh_bw ceil $total_bw burst 15k
$tc class add dev $ipsec_dev parent 2:1 classid 2:30 htb rate $smtp_bw ceil $total_bw burst 15k

###default###
$tc class add dev $ipsec_dev parent 2:1 classid 2:40 htb rate 1kbit ceil $total_bw burst 15k

###fairness###
$tc qdisc add dev $ipsec_dev parent 2:10 handle 10: sfq perturb 10
$tc qdisc add dev $ipsec_dev parent 2:20 handle 20: sfq perturb 10
$tc qdisc add dev $ipsec_dev parent 2:30 handle 30: sfq perturb 10
$tc qdisc add dev $ipsec_dev parent 2:40 handle 40: sfq perturb 10

###filter rules###
U32="tc filter add dev ipsec0 protocol ip parent 2:0 prio 1 u32"

$U32 match ip dport 80 0xffff flowid 2:10
$U32 match ip dport 22 0xffff flowid 2:20
$U32 match ip sport 22 0xffff flowid 2:20
$U32 match ip sport 25 0xffff flowid 2:30