I have this shaping script that is supposed to penalise downloads larger than 10mb by downgrading their connection speed.
If I test with one connection the penalty is in effect and the download speed is lowered to set value. If I open a new download in paralel, the penalty download rate is shared between the two penalised connections. My goal is to offer a guaranteed penalty rate, not a shared one. Any ideas what am I doing wrong?
dev=eth0
rate_full=100000mbit
conn_rate_limit=10mbit
conn_rate_ceil=20mbit
conn_rate_burst=30mbit
htb_class=10
max_byte=10485760
tc qdisc del dev $dev root > /dev/null 2>&1
tc qdisc add dev $dev root handle 1: htb
tc class add dev $dev parent 1: classid 1:1 htb rate $rate_full
tc class add dev $dev parent 1: classid 1:$htb_class htb rate $conn_rate_limit ceil $conn_rate_ceil burst $conn_rate_burst
tc filter add dev $dev parent 1: prio 0 protocol ip handle $htb_class fw flowid 1:$htb_class
#after 10 megabyte a connection is considered a download
iptables -t mangle -A OUTPUT -p tcp -m connbytes --connbytes $max_byte: --connbytes-dir both --connbytes-mode bytes -j MARK --set-mark $htb_class
