X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=config%2Fqos%2Fmakeqosscripts.pl;h=aadd959ec068fd0cd548323b0691d8e141013eeb;hp=0861ca4bd09e8cbcef7c81d15f51a74094e7d76e;hb=b389d73110b6584ff58ad6db570de046d1ed8fab;hpb=f013ab2b65d639808ce857511e9dc7f99f916957

diff --git a/config/qos/makeqosscripts.pl b/config/qos/makeqosscripts.pl
index 0861ca4bd0..aadd959ec0 100644
--- a/config/qos/makeqosscripts.pl
+++ b/config/qos/makeqosscripts.pl
@@ -1,11 +1,23 @@
 #!/usr/bin/perl
-#
-# IPFire Scripts
-#
-# This code is distributed under the terms of the GPL
-#
-# (c) The IPFire Team
-#
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
 
 use strict;
 # enable only the following on debugging purpose
@@ -46,6 +58,7 @@ my $subclassfile = "/var/ipfire/qos/subclasses";
 my $level7file = "/var/ipfire/qos/level7config";
 my $portfile = "/var/ipfire/qos/portconfig";
 my $tosfile = "/var/ipfire/qos/tosconfig";
+my $fqcodel_options = "limit 800 quantum 500";
 
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 
@@ -58,11 +71,11 @@ $qossettings{'DEF_INC_SPD'} = '';
 $qossettings{'DEFCLASS_INC'} = '';
 $qossettings{'DEFCLASS_OUT'} = '';
 $qossettings{'ACK'} = '';
-$qossettings{'MTU'} = '1492';
 $qossettings{'RED_DEV'} = `cat /var/ipfire/red/iface`;
 $qossettings{'IMQ_DEV'} = 'imq0';
 $qossettings{'TOS'} = '';
 $qossettings{'VALID'} = 'yes';
+$qossettings{'IMQ_MODE'} = 'PREROUTING';
 
 &General::readhash("${General::swroot}/qos/settings", \%qossettings);
 
@@ -98,6 +111,11 @@ print <<END
 # RED INTERFACE: 	$qossettings{'RED_DEV'}
 # IMQ DEVICE:		$qossettings{'IMQ_DEV'}
 
+eval \$(/usr/local/bin/readhash /var/ipfire/main/settings)
+if [ "\$RRDLOG" == "" ]; then
+	RRDLOG=/var/log/rrd
+fi
+
 case "\$1" in
 
   status)
@@ -142,11 +160,8 @@ case "\$1" in
 	### INIT KERNEL
 	modprobe sch_htb
 
-	### SET QUEUE LENGTH & MTU - has just to be tested!!! IMPORTANT
-	ip link set dev $qossettings{'RED_DEV'} qlen $qossettings{'QLENGTH'}
-	ip link set dev $qossettings{'RED_DEV'} mtu $qossettings{'MTU'}
-
 	### ADD HTB QDISC FOR $qossettings{'RED_DEV'}
+	tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1
 	tc qdisc add dev $qossettings{'RED_DEV'} root handle 1: htb default $qossettings{'DEFCLASS_OUT'}
 
 	### MAIN RATE LIMIT
@@ -205,7 +220,7 @@ foreach $classentry (sort @classes)
 	if ($qossettings{'RED_DEV'} eq $classline[0]) {
 		$qossettings{'DEVICE'} = $classline[0];
 		$qossettings{'CLASS'} = $classline[1];
-		print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: sfq perturb $qossettings{'SFQ_PERTUB'}\n";
+		print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n";
 	}
 }
 foreach $subclassentry (sort @subclasses) {
@@ -213,7 +228,7 @@ foreach $subclassentry (sort @subclasses) {
 	if ($qossettings{'RED_DEV'} eq $subclassline[0]) {
 		$qossettings{'DEVICE'} = $subclassline[0];
 		$qossettings{'SCLASS'} = $subclassline[2];
-		print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: sfq perturb $qossettings{'SFQ_PERTUB'}\n";
+		print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 1:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n";
 	}
 }
 print "\n\t### FILTER TRAFFIC INTO CLASSES\n";
@@ -237,43 +252,49 @@ foreach $subclassentry (sort @subclasses) {
 }
 print <<END
 
+	### add l7-filter to PREROUTING chain to see all traffic
+	iptables -t mangle -A PREROUTING -m layer7 --l7proto unset
+
 	### ADD QOS-OUT CHAIN TO THE MANGLE TABLE IN IPTABLES
 	iptables -t mangle -N QOS-OUT
 	iptables -t mangle -N QOS-TOS
 	iptables -t mangle -I POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT
 	iptables -t mangle -A POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS
 
+	### Don't change mark on traffic for the ipsec tunnel
+	iptables -t mangle -A QOS-OUT -m mark --mark 50 -j RETURN
+
 	### MARK ACKs
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags SYN,RST SYN -j TOS --set-tos 4
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags SYN,RST SYN -j MARK --set-mark $qossettings{'ACK'}
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags SYN,RST SYN -j RETURN
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j TOS --set-tos 4
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j MARK --set-mark $qossettings{'ACK'}
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags SYN,RST SYN -j RETURN
 
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p icmp -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'}
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p icmp -m length --length 40:100 -j RETURN
+	iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'}
+	iptables -t mangle -A QOS-OUT -p icmp -m length --length 40:100 -j RETURN
 
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --syn -m length --length 40:68 -j TOS --set-tos 4
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --syn -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'}
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --syn -m length --length 40:68 -j RETURN
+	iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j TOS --set-tos 4
+	iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'}
+	iptables -t mangle -A QOS-OUT -p tcp --syn -m length --length 40:68 -j RETURN
 
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j TOS --set-tos 4
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'}
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j TOS --set-tos 4
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j MARK --set-mark $qossettings{'ACK'}
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL SYN,ACK -m length --length 40:68 -j RETURN
 
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j TOS --set-tos 4
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'}
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j TOS --set-tos 4
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j MARK --set-mark $qossettings{'ACK'}
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK -m length --length 40:100 -j RETURN
 
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL RST -j TOS --set-tos 4
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL RST -j MARK --set-mark $qossettings{'ACK'}
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL RST -j RETURN
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j TOS --set-tos 4
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j MARK --set-mark $qossettings{'ACK'}
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL RST -j RETURN
 
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK,RST -j TOS --set-tos 4
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK,RST -j MARK --set-mark $qossettings{'ACK'}
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK,RST -j RETURN
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j TOS --set-tos 4
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j MARK --set-mark $qossettings{'ACK'}
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,RST -j RETURN
 
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK,FIN -j TOS --set-tos 4
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK,FIN -j MARK --set-mark $qossettings{'ACK'}
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -p tcp --tcp-flags ALL ACK,FIN -j RETURN
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j TOS --set-tos 4
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j MARK --set-mark $qossettings{'ACK'}
+	iptables -t mangle -A QOS-OUT -p tcp --tcp-flags ALL ACK,FIN -j RETURN
 
 	### SET TOS
 END
@@ -285,8 +306,8 @@ END
 		$qossettings{'TOS'} = abs $tosruleline[2] * 2;
   		if ( $tosruleline[1] eq $qossettings{'RED_DEV'} )
   		{
-			print "\tiptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n";
-			print "\tiptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -m tos --tos $qossettings{'TOS'} -j RETURN\n";
+			print "\tiptables -t mangle -A QOS-OUT -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n";
+			print "\tiptables -t mangle -A QOS-OUT -m tos --tos $qossettings{'TOS'} -j RETURN\n";
 		}
 	}
 
@@ -303,7 +324,7 @@ print "\n\t### SET PORT-RULES\n";
 			$qossettings{'QPORT'} = $portruleline[4];
 			$qossettings{'DIP'} = $portruleline[5];
 			$qossettings{'DPORT'} = $portruleline[6];
-			print "\tiptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} ";
+			print "\tiptables -t mangle -A QOS-OUT ";
 			if ($qossettings{'QIP'} ne ''){
 				print "-s $qossettings{'QIP'} ";
 			}
@@ -311,9 +332,9 @@ print "\n\t### SET PORT-RULES\n";
 				print "-d $qossettings{'DIP'} ";
 			}
 			print "-p $qossettings{'PPROT'} ";
-			if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){
-				print "-m multiport ";
-			}
+#			if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){
+#				print "-m multiport ";
+#			}
 			if ($qossettings{'QPORT'} ne ''){
 				print "--sport $qossettings{'QPORT'} ";
 			}
@@ -321,7 +342,7 @@ print "\n\t### SET PORT-RULES\n";
 				print "--dport $qossettings{'DPORT'} ";
 			}
 			print "-j MARK --set-mark $qossettings{'CLASS'}\n";
-			print "\tiptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} ";
+			print "\tiptables -t mangle -A QOS-OUT ";
 			if ($qossettings{'QIP'} ne ''){
 				print "-s $qossettings{'QIP'} ";
 			}
@@ -329,9 +350,9 @@ print "\n\t### SET PORT-RULES\n";
 				print "-d $qossettings{'DIP'} ";
 			}
 			print "-p $qossettings{'PPROT'} ";
-			if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){
-				print "-m multiport ";
-			}
+#			if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){
+#				print "-m multiport ";
+#			}
 			if ($qossettings{'QPORT'} ne ''){
 				print "--sport $qossettings{'QPORT'} ";
 			}
@@ -357,7 +378,7 @@ END
 			$qossettings{'L7PROT'} = $l7ruleline[2];
 			$qossettings{'QIP'} = $l7ruleline[3];
 			$qossettings{'DIP'} = $l7ruleline[4];
-  			print "\tiptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} ";
+  			print "\tiptables -t mangle -A QOS-OUT ";
 			if ($qossettings{'QIP'} ne ''){
 				print "-s $qossettings{'QIP'} ";
 			}
@@ -365,7 +386,7 @@ END
 				print "-d $qossettings{'DIP'} ";
 			}
 			print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j MARK --set-mark $qossettings{'CLASS'}\n";
-  			print "\tiptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} ";
+  			print "\tiptables -t mangle -A QOS-OUT ";
 			if ($qossettings{'QIP'} ne ''){
 				print "-s $qossettings{'QIP'} ";
 			}
@@ -379,7 +400,7 @@ END
 print <<END
 
 	### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS
-	iptables -t mangle -A QOS-OUT -o $qossettings{'RED_DEV'} -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_OUT'}
+	iptables -t mangle -A QOS-OUT -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_OUT'}
 
 	###
 	### $qossettings{'IMQ_DEV'}
@@ -390,14 +411,11 @@ print <<END
 		insmod ipt_IMQ
 		sleep 2
 	fi
-	modprobe imq numdevs=1
+	modprobe imq numdevs=1 numqueues=\$(grep -c "^processor" /proc/cpuinfo || echo 1)
 	ip link set $qossettings{'IMQ_DEV'} up
 
-	### SET QUEUE LENGTH & MTU - has just to be tested!!! IMPORTANT
-	ip link set dev $qossettings{'IMQ_DEV'} qlen $qossettings{'QLENGTH'}
-	# ip link set dev $qossettings{'IMQ_DEV'} mtu $qossettings{'MTU'}
-
 	### ADD HTB QDISC FOR $qossettings{'IMQ_DEV'}
+	tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1
 	tc qdisc add dev $qossettings{'IMQ_DEV'} root handle 2: htb default $qossettings{'DEFCLASS_INC'}
 
 	### MAIN RATE LIMIT
@@ -456,7 +474,7 @@ foreach $classentry (sort @classes)
 	if ($qossettings{'IMQ_DEV'} eq $classline[0]) {
 		$qossettings{'DEVICE'} = $classline[0];
 		$qossettings{'CLASS'} = $classline[1];
-		print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: sfq perturb $qossettings{'SFQ_PERTUB'}\n";
+		print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'CLASS'} handle $qossettings{'CLASS'}: fq_codel $fqcodel_options\n";
 	}
 }
 foreach $subclassentry (sort @subclasses) {
@@ -464,7 +482,7 @@ foreach $subclassentry (sort @subclasses) {
 	if ($qossettings{'IMQ_DEV'} eq $subclassline[0]) {
 		$qossettings{'DEVICE'} = $subclassline[0];
 		$qossettings{'SCLASS'} = $subclassline[2];
-		print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: sfq perturb $qossettings{'SFQ_PERTUB'}\n";
+		print "\ttc qdisc add dev $qossettings{'DEVICE'} parent 2:$qossettings{'SCLASS'} handle $qossettings{'SCLASS'}: fq_codel $fqcodel_options\n";
 	}
 }
 print "\n\t### FILTER TRAFFIC INTO CLASSES\n";
@@ -486,10 +504,33 @@ foreach $subclassentry (sort @subclasses) {
 		print "\ttc filter add dev $qossettings{'DEVICE'} parent 2:0 prio 0 protocol ip handle $qossettings{'SCLASS'} fw flowid 2:$qossettings{'SCLASS'}\n";
 	}
 }
+
+if ( $qossettings{'IMQ_MODE'} eq 'POSTROUTING' )
+{
 print <<END
 
 	### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES
 	iptables -t mangle -N QOS-INC
+	iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN
+	iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN
+	iptables -t mangle -A POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN
+	iptables -t mangle -A POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0
+	iptables -t mangle -I FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC
+	iptables -t mangle -A FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS
+
+	### SET TOS
+END
+;
+}
+else
+{
+print <<END
+
+	### ADD QOS-INC CHAIN TO THE MANGLE TABLE IN IPTABLES
+	iptables -t mangle -N QOS-INC
+	iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN
+	iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN
+	iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN
 	iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0
 	iptables -t mangle -I PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC
 	iptables -t mangle -A PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS
@@ -497,6 +538,8 @@ print <<END
 	### SET TOS
 END
 ;
+}
+
   	foreach $tosruleentry (sort @tosrules)
   	{
   		@tosruleline = split( /\;/, $tosruleentry );
@@ -504,8 +547,8 @@ END
 		$qossettings{'TOS'} = abs $tosruleline[2] * 2;
   		if ( $tosruleline[1] eq $qossettings{'IMQ_DEV'} )
   		{
-			print "\tiptables -t mangle -A QOS-INC -i $qossettings{'RED_DEV'} -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n";
-			print "\tiptables -t mangle -A QOS-INC -i $qossettings{'RED_DEV'} -m tos --tos $qossettings{'TOS'} -j RETURN\n";
+			print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j MARK --set-mark $qossettings{'CLASS'}\n";
+			print "\tiptables -t mangle -A QOS-INC -m tos --tos $qossettings{'TOS'} -j RETURN\n";
 		}
 
 	}
@@ -523,7 +566,7 @@ print "\n\t### SET PORT-RULES\n";
 			$qossettings{'QPORT'} = $portruleline[4];
 			$qossettings{'DIP'} = $portruleline[5];
 			$qossettings{'DPORT'} = $portruleline[6];
-			print "\tiptables -t mangle -A QOS-INC -i $qossettings{'RED_DEV'} ";
+			print "\tiptables -t mangle -A QOS-INC ";
 			if ($qossettings{'QIP'} ne ''){
 				print "-s $qossettings{'QIP'} ";
 			}
@@ -531,9 +574,9 @@ print "\n\t### SET PORT-RULES\n";
 				print "-d $qossettings{'DIP'} ";
 			}
 			print "-p $qossettings{'PPROT'} ";
-			if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){
-				print "-m multiport ";
-			}
+#			if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){
+#				print "-m multiport ";
+#			}
 			if ($qossettings{'QPORT'} ne ''){
 				print "--sport $qossettings{'QPORT'} ";
 			}
@@ -541,7 +584,7 @@ print "\n\t### SET PORT-RULES\n";
 				print "--dport $qossettings{'DPORT'} ";
 			}
 			print "-j MARK --set-mark $qossettings{'CLASS'}\n";
-			print "\tiptables -t mangle -A QOS-INC -i $qossettings{'RED_DEV'} ";
+			print "\tiptables -t mangle -A QOS-INC ";
 			if ($qossettings{'QIP'} ne ''){
 				print "-s $qossettings{'QIP'} ";
 			}
@@ -549,9 +592,9 @@ print "\n\t### SET PORT-RULES\n";
 				print "-d $qossettings{'DIP'} ";
 			}
 			print "-p $qossettings{'PPROT'} ";
-			if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){
-				print "-m multiport ";
-			}
+#			if (($qossettings{'QPORT'} ne '') || ($qossettings{'DPORT'} ne '')){
+#				print "-m multiport ";
+#			}
 			if ($qossettings{'QPORT'} ne ''){
 				print "--sport $qossettings{'QPORT'} ";
 			}
@@ -577,7 +620,7 @@ END
 			$qossettings{'L7PROT'} = $l7ruleline[2];
 			$qossettings{'QIP'} = $l7ruleline[3];
 			$qossettings{'DIP'} = $l7ruleline[4];
-  			print "\tiptables -t mangle -A QOS-INC -i $qossettings{'RED_DEV'} ";
+  			print "\tiptables -t mangle -A QOS-INC ";
 			if ($qossettings{'QIP'} ne ''){
 				print "-s $qossettings{'QIP'} ";
 			}
@@ -585,7 +628,7 @@ END
 				print "-d $qossettings{'DIP'} ";
 			}
 			print "-m layer7 --l7dir /etc/l7-protocols/protocols --l7proto $qossettings{'L7PROT'} -j MARK --set-mark $qossettings{'CLASS'}\n";
-  			print "\tiptables -t mangle -A QOS-INC -i $qossettings{'RED_DEV'} ";
+  			print "\tiptables -t mangle -A QOS-INC ";
 			if ($qossettings{'QIP'} ne ''){
 				print "-s $qossettings{'QIP'} ";
 			}
@@ -598,7 +641,7 @@ END
 
 print <<END
 	### REDUNDANT: SET ALL NONMARKED PACKETS TO DEFAULT CLASS
-	iptables -t mangle -A QOS-INC -i $qossettings{'RED_DEV'} -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_INC'}
+	iptables -t mangle -A QOS-INC -m mark --mark 0 -j MARK --set-mark $qossettings{'DEFCLASS_INC'}
 
 	### SETTING TOS BITS
 END
@@ -628,34 +671,58 @@ END
 print <<END
 
 	## STARTING COLLECTOR
-	/usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1
-	/usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1
+	( sleep 10 && /usr/local/bin/qosd $qossettings{'RED_DEV'} >/dev/null 2>&1) &
+	( sleep 10 && /usr/local/bin/qosd $qossettings{'IMQ_DEV'} >/dev/null 2>&1) &
+
+	for i in \$(ls \$RRDLOG/class_*.rrd); do
+		rrdtool update \$i \$(date +%s):
+	done
 
 	echo "Quality of Service was successfully started!"
 	exit 0
   ;;
   clear|stop)
 	### RESET EVERYTHING TO A KNOWN STATE
-	killall -9 qosd
+	killall qosd >/dev/null 2>&1
+	(sleep 3 && killall -9 qosd &>/dev/null) &
 	# DELETE QDISCS
-	tc qdisc del dev $qossettings{'RED_DEV'} root
-	tc qdisc del dev $qossettings{'IMQ_DEV'} root
+	tc qdisc del dev $qossettings{'RED_DEV'} root >/dev/null 2>&1
+	tc qdisc add root dev $qossettings{'RED_DEV'} fq_codel >/dev/null 2>&1
+	tc qdisc del dev $qossettings{'IMQ_DEV'} root >/dev/null 2>&1
+	tc qdisc add root dev $qossettings{'IMQ_DEV'} fq_codel >/dev/null 2>&1
 	# STOP IMQ-DEVICE
-	ip link set $qossettings{'IMQ_DEV'} down
-	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0
-	rmmod imq
+	ip link set $qossettings{'IMQ_DEV'} down >/dev/null 2>&1
+	iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1
+	iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1
+	iptables -t mangle --delete POSTROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1
+	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ah -j RETURN >/dev/null 2>&1
+	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p esp -j RETURN >/dev/null 2>&1
+	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -p ip -j RETURN >/dev/null 2>&1
+	iptables -t mangle --delete POSTROUTING -m mark ! --mark 0 ! -o $qossettings{'RED_DEV'} -j IMQ --todev 0 >/dev/null 2>&1
+	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j IMQ --todev 0  >/dev/null 2>&1
+	# rmmod imq # this crash on 2.6.25.xx
 	# REMOVE & FLUSH CHAINS
-	iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT
-	iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS
-	iptables -t mangle --flush  QOS-OUT
-	iptables -t mangle --delete-chain QOS-OUT
-	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC
-	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS
-	iptables -t mangle --flush  QOS-INC
-	iptables -t mangle --delete-chain QOS-INC
-	iptables -t mangle --flush  QOS-TOS
-	iptables -t mangle --delete-chain QOS-TOS
-	rmmod sch_htb
+	iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-OUT >/dev/null 2>&1
+	iptables -t mangle --delete POSTROUTING -o $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1
+	iptables -t mangle --flush  QOS-OUT >/dev/null 2>&1
+	iptables -t mangle --delete-chain QOS-OUT >/dev/null 2>&1
+	iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1
+	iptables -t mangle --delete FORWARD -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1
+	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-INC >/dev/null 2>&1
+	iptables -t mangle --delete PREROUTING -i $qossettings{'RED_DEV'} -j QOS-TOS >/dev/null 2>&1
+	iptables -t mangle --flush  QOS-INC >/dev/null 2>&1
+	iptables -t mangle --delete-chain QOS-INC >/dev/null 2>&1
+	iptables -t mangle --flush  QOS-TOS >/dev/null 2>&1
+	iptables -t mangle --delete-chain QOS-TOS >/dev/null 2>&1
+	# remove l7-filter
+	iptables -t mangle --delete PREROUTING -m layer7 --l7proto unset
+
+	rmmod sch_htb >/dev/null 2>&1
+
+	for i in \$(ls \$RRDLOG/class_*.rrd); do
+		rrdtool update \$i \$(date +%s):
+	done
+
 	echo "Quality of Service was successfully cleared!"
   ;;
   gen|generate)