tc and SIP phone

Hi

I have a problem with a tc script.
It is make from http://lartc.org/howto/lartc.cookboo...nat.intro.html
and I have add some parts. The #download# part and the #Now prioritize sip
packets:# part. My problem is when I download with ftp and the SIP phone
rings. Then the trafic from the download of ftp takes to much speed. It
slows down but not enough. How can it been fix?
The upload works fine.
The script is runing on a linux router/firewall and behind a LAN with
clients and a SIP phone.

Jens

CEIL=90
DOWNLINK=232
tc qdisc add dev eth1 root handle 1: htb default 15
tc class add dev eth1 parent 1: classid 1:1 htb rate ${CEIL}kbit ceil
${CEIL}kbit
tc class add dev eth1 parent 1:1 classid 1:10 htb rate ${CEIL}kbit ceil
${CEIL}kbit prio 0
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 1kbit ceil
${CEIL}kbit prio 1
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 1kbit ceil
${CEIL}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 1kbit ceil
${CEIL}kbit prio 2
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 1kbit ceil
${CEIL}kbit prio 3
tc class add dev eth1 parent 1:1 classid 1:15 htb rate 0.1kbit ceil
${CEIL}kbit prio 3
tc qdisc add dev eth1 parent 1:12 handle 120: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 130: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 140: sfq perturb 10
tc qdisc add dev eth1 parent 1:15 handle 150: sfq perturb 10

tc filter add dev eth1 parent 1:0 protocol ip prio 1 handle 1 fw classid
1:10
tc filter add dev eth1 parent 1:0 protocol ip prio 2 handle 2 fw classid
1:11
tc filter add dev eth1 parent 1:0 protocol ip prio 3 handle 3 fw classid
1:12
tc filter add dev eth1 parent 1:0 protocol ip prio 4 handle 4 fw classid
1:13
tc filter add dev eth1 parent 1:0 protocol ip prio 5 handle 5 fw classid
1:14
tc filter add dev eth1 parent 1:0 protocol ip prio 6 handle 6 fw classid
1:15

########## downlink #############
# slow downloads down to somewhat less than the real speed to prevent
# queuing at our ISP. Tune to see how high you can set it.
# ISPs tend to have *huge* queues to make sure big downloads are fast
#
# attach ingress policer:

tc qdisc add dev $DEV handle ffff: ingress

# filter *everything* to it (0.0.0.0/0), drop everything that's
# coming in too fast:

tc filter add dev $DEV parent ffff: protocol ip prio 50 u32 match ip src \
0.0.0.0/0 police rate ${DOWNLINK}kbit burst 10k drop flowid :1

iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x1
iptables -t mangle -A PREROUTING -p icmp -j RETURN

iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK
--set-mark 0x1
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK
--set-mark 0x5
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK
--set-mark 0x6
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN

#Now prioritize sip packets:
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5060 -j MARK
--set-mark 0x1
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5060 -j RETURN

iptables -t mangle -A PREROUTING -p udp -m udp --sport 5004:5007 -j MARK
--set-mark 0x1
iptables -t mangle -A PREROUTING -p udp -m udp --sport 5004:5007 -j RETURN

#Now prioritize ssh packets:
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j MARK --set-mark
0x1
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j RETURN

# A good idea is to prioritize packets to begin tcp connections, those with
SYN flag set:
#iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN
-j MARK --set-mark 0x1
#iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN
-j RETURN

# And so on. When we are done adding rules to PREROUTING in mangle, we
terminate the PREROUTING table with:
iptables -t mangle -A PREROUTING -j MARK --set-mark 0x6


Jens