1 (edited by OpenLogic 2012-03-09 16:32:26)

Topic: Limiting Upload for users + Squid + Chillispot

Hi,
I've got OpenWRT 10.3.1 on my TL-WR1043ND with ExtRoot on 3,5" USB Drive.
I have here also Chillispot + Radius + Sql server + SQUID.

I can limit Chillispot users upload/download per user using "WISPr-Bandwidth-Max-Up/Down", but I want to limit all users in total.

My main network is using br-lan interface, the br-hotspot interface is for hotspot users.
The tun0 interface is created by Chillispot.

Its all working, but I have problem with limiting user upload.
From the hotspot the upload should be 128kbit, but it reaches the 256kbit (the max upload for the WAN/eth0.2 interface)...
When I check packet logs (saved with  iptables...  -j LOG) I see them with prefix "IMQ br-hotspot:", but some how those packets are not limited.

This is my simple script.

#!/bin/bash

insmod cls_fw > /dev/null                                     
insmod sch_hfsc > /dev/null                                        
insmod sch_sfq > /dev/null                                        
insmod sch_red > /dev/null
insmod sch_htb > /dev/null
insmod cls_u32 > /dev/null

LAN=br-lan
DOWNLOAD=1536
UPLOAD=256

LAN2=tun0
DOWNLOAD2=512
UPLOAD2=128

#DOWNLOAD FOR MY LAN (its working)
tc qdisc del dev $LAN root
tc qdisc add dev $LAN root handle 1: htb
tc class add dev $LAN parent 1: classid 1:1 htb rate $[DOWNLOAD]kbit
tc qdisc add dev $LAN parent 1:1 handle 2: sfq perturb 10
iptables -t mangle -A POSTROUTING -d 172.16.104.0/24 -j CLASSIFY --set-class 1:1

#DOWNLOAD FOR HOTSPOT (its working)
tc qdisc del dev $LAN2 root
tc qdisc add dev $LAN2 root handle 1: htb
tc class add dev $LAN2 parent 1: classid 1:1 htb rate $[DOWNLOAD2]kbit
tc qdisc add dev $LAN2 parent 1:1 handle 2: sfq perturb 10
iptables -t mangle -A POSTROUTING -d 192.168.182.0/24 -j CLASSIFY --set-class 1:1
#tc filter add dev $LAN2 parent 1: protocol ip u32 match ip dst 192.168.182.0/24 flowid 1:1


#UPLOAD FOR WAN INTERFACE (there should be QOS)  (its working)
tc qdisc del dev eth0.2 root
tc qdisc add dev eth0.2 root handle 1: htb
tc class add dev eth0.2 parent 1: classid 1:1 htb rate $[UPLOAD]kbit
tc qdisc add dev eth0.2 parent 1:1 handle 2: sfq perturb 10
iptables -t mangle -A POSTROUTING -o eth0.2 -j CLASSIFY --set-class 1:1


#UPLOAD RESTRICTION FOR ALL HOTSPOT USERS (its not working)
tc qdisc del dev imq0 root
ip link set imq0 up
tc qdisc add dev imq0 root handle 1: htb
tc class add dev imq0 parent 1: classid 1:1 htb rate $[UPLOAD2]kbit
tc qdisc add dev imq0 parent 1:1 handle 2: sfq
tc filter add dev imq0 parent 1:0 protocol ip prio 1 u32 match ip src 192.168.182.0/24 flowid 1:1
iptables -t mangle -A PREROUTING -i br-hotspot -j LOG --log-prefix "IMQ br-hotspot: " --log-level 7
iptables -t mangle -A PREROUTING -i br-hotspot -j IMQ --todev 0

#This is test for LAN USERS (not Hotspot, and it works) (its working if uncommented, limiting br-lan upload to $UPLOAD2)
#tc filter add dev imq0 parent 1:0 protocol ip prio 1 u32 match ip src 172.16.104.0/24 flowid 1:1
#iptables -t mangle -A PREROUTING -i br-lan -j IMQ --todev 0

BTW.:
Does this script work?
http://wiki.openwrt.org/doc/howto/packet.scheduler/packet.scheduler.example2

It looks like this:

...
IP_USER1=10.0.0.1
IF_DSL=pppoe-dsl
IPTMOD="$IPT -t mangle -A POSTROUTING -o $IF_DSL"
$TC class add dev $IF_DSL parent 1:1 classid 1:10 htb rate 250kbit #-- 25% to user1
$IPTMOD -s $IP_USER1 -j CLASSIFY --set-class 1:10
...

I am almost 100% sure that:

iptables -t mangle -A POSTROUTING -o pppoe-dsl -s 10.0.0.1 -j CLASSIFY --set-class 1:10

will never work.
Why?
Because Postrouting of the wan interface its after NAT and source will never be 10.0.0.1. The source will be the WAN Ip address.

I feel dumb now, wasted few days fighting with upload for hotspot users.
Hope you can help me.