Posts | Tags | Archive

Limit download speed by IP or MAC address

Preamble

This article will focus on setting strict speed limits on misbehaving devices on your network. This can be a housemate incessantly torrenting, your kid downloading movies on iTunes, or anyone else clogging up your network with their overzealous bandwidth gobbling.

If you're looking for help with the QOS (quality of service) settings that come baked into most router firmwares, this article is not for you.

This article assumes you have a router running OpenWRT, DD-WRT, Tomato, or any other firmware that uses tc to manipulate traffic control settings.

Procedure

First, you'll need to get shell access to the router. With most custom router firmwares, this is as easy as selecting a radio button. Other firmwares might give you the ability to enter commands via a web interface. Whatever works.

Once you have shell access, follow the steps below. Note that bits of the commands you might want to change are included in brackets.

  1. Using ifconfig, find the interface to apply the limits to. You'll want to use either the internal or external default gateway (the interfaces all the packets go though). Keep in mind which interface you use as the filtering rules will be reversed.

    • Internal gateway: to src = uploading, to dst = downloading
    • External gateway: to src = downloading, to dst = uploading
  2. Remove all existing rules on the interface (interface = br0)

    1
    tc qdisc del dev br0 root
    
  3. Set up the connection (Ex: connection speed = 20mbit)

    1
    tc qdisc add dev br0 root handle 1: cbq avpkt 1000 bandwidth 20mbit
    
  4. Add the limiting rule (Ex: speed limit = 10mbit)

    1
    tc class add dev br0 parent 1: classid 1:1 cbq rate 10mbit allot 1500 prio 5 bounded isolated
    
  5. Filtering - Add the users to apply to rule to

    • By src IP (Ex: IP = 192.168.1.100)

      1
      tc filter add dev br0 parent 1: protocol ip prio 16 u32 match ip src 192.168.1.100 flowid 1:1
      
    • By dst IP (Ex: IP = 192.168.1.100)

      1
      tc filter add dev br0 parent 1: protocol ip prio 16 u32 match ip dst 192.168.1.100 flowid 1:1
      
    • By src MAC (Ex: MAC = M0-M1-M2-M3-M4-M5)

      1
      tc filter add dev br0 parent 1: protocol ip prio 5 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF at -4 match u32 0xM0M1M2M3 0xFFFFFFFF at -8 flowid 1:1
      
    • By dst MAC (Ex: MAC = M0-M1-M2-M3-M4-M5)

      1
      tc filter add dev br0 parent 1: protocol ip prio 5 u32 match u16 0x0800 0xFFFF at -2 match u32 0xM2M3M4M5 0xFFFFFFFF at -12 match u16 0xM0M1 0xFFFF at -14 flowid 1:1
      

Sources

  • http://lartc.org/lartc.html
  • http://www.docum.org/faq/cache/62.html

Preventing Wine from registering mimetypes

When installing Wine for Linux, the install script insists on associating all text files with its built-in notepad.exe

As someone who uses Vim almost exculsively, this is definitely not the desired behaviour.

To stop this from happening, run the following command before installing Wine.

1
export WINEDLLOVERRIDES='winemenubuilder.exe=a'

This sets the path of the winemenubuilder library (the library that creates mimetype associations) to something invalid, preventing the associations from being made when Wine installs.

Once Wine is installed, it won't try to associate notepad.exe again. However, if needed, the library can be properly disabled via the libraries tab of wineconf.


Changes to the blog and website

I used to run this site on two different platforms. There was a static landing page hosted on my server, and a blog hosted on Blogger.

While the landing page was reasonably nice-looking (screenshot here), the blog looked terrible. Free Blogger templates are generally not the nicest-looking things to look at and the one I used was no exception.

More importantly though, the Blogger composer made really hard to generate nice-looking articles. For just writing text posts, it wasn't bad (aside from the crazy HTML it generated), but for inserting code snippits or doing any kind of advanced formatting it was incredibly frustrating.

A few weeks ago I finally decided to deal with the situation. My general plan was to find a static site generator that allowed for writing posts in Markdown syntax and use it to create a website that would host some static content as well as the blog.

Static sites are exactly what they sound like. Just some static HTML files for a webserver to serve to clients. No fancy frameworks, databases, or server-side processing involved. This is advantageous primarily because it makes site blazing fast and very light on server resources.

After looking at a few static site generators, I decided to go with Pelican. Pelican is a Python-based static site generator that uses the awesome Jinja2 templating library and understands content written in a number of formats, including Markdown. It's extremely easy to set up and requires only a single command to regenerate the entire site.

Transferring content from the old blog into the *.md files that Pelican reads was also really simple. Pelican includes a tool called pelican-import that allows for reading in data from a variety of sources. I used this tool to pull all my previous posts down from the RSS feed of the old blog.

After fixing up the imported data (the import tool is good, but not perfect), I started looking into templates.

Like with Blogger themes, I was having a hard time finding anything I liked, until I came across a template called svbhack. It had a nice page layout and the general aesthetic was good, but needed a fair bit of tweaking. I forked the repository (+1 for open-source) and over the next few weeks used my limited HTML and CSS knowledge to transform it into the one you see today.

There are still a bunch of things I want to change/fix/add, but at this point I feel that the site is ready to be released. The code for the template and the site is all freely availible on GitHub.

If you have any comments or suggestions I'd love to hear them!

© Carey Metcalfe. Built using Pelican. Theme is subtle by Carey Metcalfe. Based on svbhack by Giulio Fidente.