bugfix

[svn/Prometheus-QoS/.git] / prometheus.c

/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
/* Prometheus QoS - you can "steal fire" from your ISP         */\r
/* "fair-per-IP" quality of service (QoS) utility              */\r
/* requires Linux 2.4.x or 2.6.x with HTB support              */\r
/* Copyright(C) 2005-2015 Michael Polak, Arachne Aerospace     */\r
/* iptables-restore support Copyright(C) 2007-2008 ludva       */\r
/* Credit: CZFree.Net,Martin Devera,Netdave,Aquarius,Gandalf  */\r
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
\r
/* Modified by: xChaos, 20150331\r
                 ludva, 20080415\r
 \r
   Prometheus QoS is free software; you can redistribute it and/or\r
   modify it under the terms of the GNU General Public License as \r
   published by the Free Software Foundation; either version 2.1 of \r
   the License, or (at your option) any later version.\r
\r
   Prometheus QoS is distributed in the hope that it will be useful,\r
   but WITHOUT ANY WARRANTY; without even the implied warranty of\r
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\r
   General Public License for more details.\r
\r
   You should have received a copy of the GNU General Public License\r
   along with Prometheus Qos; if not, write to the Free Software\r
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA \r
   \r
   GNU General Public License is located in file COPYING */\r
\r
#include "cll1-0.6.2.h"\r
#include "ipstruct.h"\r
\r
const char *version = "0.8.5-c";\r
\r
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
/* Versions: 0.8.3 is development release, 0.8.4 will be "stable"  */\r
/* Official Trac URL: https://dev.arachne.cz/svn/prometheus        */\r
/* Official SVN URL: https://dev.arachne.cz/repos/prometheus       */\r
/* BTC donations account: 19rriLx8vR19wGefPaMhakqnCYNYwjLvxq       */\r
/* CZK donations account: 2900242944/2010 (transparent account)    */\r
/* Warning: unofficial Github mirror is not supported by author!  */\r
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
\r
const char *stats_html_signature = "<span class=\"small\">Statistics generated by Prometheus QoS version %s<br />GPL+Copyright(C)2005-2015 Michael Polak, <a target=\"_blank\" href=\"http://www.arachne.cz/\">Arachne Labs</a></span>\n";\r
\r
#define STRLEN 512\r
#undef DEBUG\r
\r
/* ======= All path names are defined here (for RPM patch) =======  */\r
\r
const char               *tc = "/sbin/tc"; /* requires tc with HTB support */\r
const char         *iptables = "/sbin/iptables"; /* requires iptables utility */\r
const char        *ip6tables = "/sbin/ip6tables"; /* requires iptables utility */\r
const char     *iptablessave = "/sbin/iptables-save"; /* not yet required */\r
const char  *iptablesrestore = "/sbin/iptables-restore";  /* requires iptables-restore */\r
const char    *ip6tablessave = "/sbin/ip6tables-save"; /* not yet required */\r
const char *ip6tablesrestore = "/sbin/ip6tables-restore";  /* requires iptables-restore */\r
const char               *ls = "/bin/ls"; /* this is not user configurable :-) */\r
\r
char          *config = "/etc/prometheus/prometheus.conf"; /* main configuration file */\r
char           *hosts = "/etc/prometheus/hosts"; /* per-IP bandwidth definition file */\r
char      *macrosfile = "/etc/prometheus/prometheus.macros"; /* rewrite rules for most common tariffs */\r
char    *iptablesfile = "/var/spool/prometheus.iptables"; /* temporary file for iptables-restore*/\r
char   *ip6tablesfile = "/var/spool/prometheus.ip6tables"; /* temporary file for ip6tables-restore*/\r
char          *credit = "/var/lib/misc/prometheus.credit"; /* credit log file */\r
char        *classmap = "/var/lib/misc/prometheus.classes"; /* credit log file */\r
char            *html = "/var/www/traffic.html"; /* hall of fame - html version */\r
char         *preview = "/var/www/preview.html"; /* hall of fame preview - html version */\r
char    *json_traffic = "/var/www/logs/traffic.json"; /* hall of fame - json version */\r
char    *json_preview = "/var/www/logs/preview.json"; /* hall of fame preview - json version */\r
char          *cmdlog = "/var/log/prometheuslog"; /* command log filename */\r
char         *log_dir = "/var/www/logs/"; /* log directory pathname, ended with slash */\r
char         *log_url = "/logs/"; /* log directory relative URI prefix (partial URL) */\r
char    *html_log_dir = "/var/www/logs/html/";\r
\r
char      *jquery_url = "http://code.jquery.com/jquery-latest.js";\r
char         *lms_url = "/lms/?m=customerinfo&amp;id=";\r
int use_jquery_popups = TRUE;\r
int      row_odd_even = 0; /*<tr class="odd/even"> */\r
 \r
/* === Configuraration file values defaults - stored in global variables ==== */\r
\r
int        filter_type = 1; /*1 mark, 2 classify*/\r
char      *final_chain = "DROP"; /* REJECT would be better, but it is impossible in mangle */\r
char             *mark = "MARK";\r
char    *mark_iptables = "MARK --set-mark ";\r
int            dry_run = FALSE; /* preview - use puts() instead of system() */\r
char *iptablespreamble = "*mangle\n:PREROUTING ACCEPT [0:0]\n:POSTROUTING ACCEPT [0:0]\n:INPUT ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]";\r
char      *ip6preamble = "-A FORWARD -p ipv6-icmp -j ACCEPT\n-A POSTROUTING -p ipv6-icmp -j ACCEPT\n-A FORWARD -s fe80::/10 -j ACCEPT\n-A FORWARD -d ff00::/8 -j ACCEPT\n-A POSTROUTING -s fe80::/10 -j ACCEPT\n-A POSTROUTING -d ff00::/8 -j ACCEPT";\r
FILE    *iptables_file = NULL;\r
FILE   *ip6tables_file = NULL;\r
int      enable_credit = TRUE; /* enable credit file */\r
int         use_credit = FALSE; /* use credit file (if enabled)*/\r
char            *title = "Hall of Fame - Greatest Suckers"; /* hall of fame title */\r
int       hall_of_fame = TRUE; /* enable hall of fame */\r
char              *lan = "eth0"; /* LAN interface */\r
char       *lan_medium = "100Mbit"; /* 10Mbit/100Mbit ethernet */\r
char              *wan = "eth1"; /* WAN/ISP interface */\r
char        *ip6prefix = NULL; /* Prefix for global /48 IPv6 subnet */\r
char       *wan_medium = "100Mbit"; /* 10Mbit/100Mbit ethernet */\r
char         *qos_leaf = "sfq perturb 5"; /* leaf discipline */\r
char    *qos_free_zone = NULL; /* QoS free zone */\r
/* int          qos_proxy = TRUE; include proxy port to QoS */\r
int        found_lmsid = FALSE; /* show links to users in LMS information system */\r
int     include_upload = TRUE; /* upload+download=total traffic */\r
/* char         *proxy_ip = "192.168.1.1/32";  our IP with proxy port */\r
/* int         proxy_port = 3128; proxy port number */\r
long long int     line = 1024; /* WAN/ISP download in kbps */\r
long long int       up = 1024; /* WAN/ISP upload in kbps */\r
int           free_min = 256; /* minimum guaranted bandwidth for all undefined hosts */\r
int           free_max = 512; /* maximum allowed bandwidth for all undefined hosts */\r
int      overlimit_min = 256; /* minimum guaranted bandwidth for all undefined hosts */\r
int      overlimit_max = 512; /* maximum allowed bandwidth for all undefined hosts */\r
int     qos_free_delay = 0; /* seconds to sleep before applying new QoS rules */\r
int     digital_divide = 2; /* controls digital divide weirdness ratio, 1...3 */ \r
int        max_nesting = 5; /* /include/uapi/linux/pkt_sched.h: #define TC_HTB_MAXDEPTH 8 [... - 3 parent classes] */\r
int            htb_r2q = 256; /* should work for leaf values 512 kbps to 8 Mbps */\r
int              burst = 8; /* HTB burst (in kbits) */\r
int         burst_main = 64;\r
int        burst_group = 32;\r
int     magic_treshold = 8; /* reduce ceil by X*magic_treshhold kbps (hard shaping) */\r
int       keywordcount = 0;\r
int        class_count = 0;\r
int           ip_count = 0;\r
FILE         *log_file = NULL;\r
char              *kwd = "via-prometheus"; /* /etc/hosts comment, eg. #qos-64-128 */\r
\r
const int highest_priority   = 0; /* highest HTB priority (HTB built-in value is 0) */\r
const int lowest_priority    = 7; /* lowest HTB priority /include/uapi/linux/pkt_sched.h: #define TC_HTB_NUMPRIO 8 */\r
const int idxtable_treshold1 = 24;      /* this is no longer configurable */\r
const int idxtable_treshold2 = 12;      /* this is no longer configurable */\r
const int idxtable_bitmask1  = 3;        /* this is no longer configurable */\r
const int idxtable_bitmask2  = 3;        /* this is no longer configurable */\r
\r
struct IP *ips = NULL, *networks = NULL, *ip, *sharedip;\r
struct Group *groups = NULL, *group;\r
struct Keyword *keyword, *defaultkeyword=NULL, *keywords = NULL;\r
struct Macro *macro, *macros = NULL;\r
\r
#define FREE_CLASS      3\r
#define OVERLIMIT_CLASS 4\r
\r
void help(void);\r
/* implemented in help.c */
\r
void get_traffic_statistics(const char *whichiptables, int ipv6);\r
/* implemented in parseiptables.c */\r
\r
void parse_ip_log(int argc, char **argv);\r
/* implemented in parselog.c */\r
\r
void parse_hosts(char *hosts);\r
/* implemented in parsehosts.c */\r
\r
void write_json_traffic(char *json);\r
/* implemented in json.c */\r
\r
void write_htmlandlogs(char *html, char *d, int total, int just_preview);\r
/* implemented in htmlandlogs.c */\r
\r
void analyse_topology(char *traceroute);\r
/* implemented in networks.c */\r
\r
char *parse_datafile_line(char *str);\r
/* implemented in utils.c */\r
\r
time_t get_mtime(const char *path);\r
/* implemented in utils.c */\r
\r
const char *tr_odd_even(void)\r
{\r
 row_odd_even = 1 - row_odd_even;\r
 if(row_odd_even)\r
 {\r
  return "<tr class=\"even\">\n";\r
 }\r
 else\r
 {\r
  return "<tr class=\"odd\">\n";\r
 }\r
}\r
\r
/* ==== This is C<<1 stuff - learn C<<1 first! https://dev.arachne.cz/svn/cll1h ==== */\r
/* (except that this code uses obsolete, archaic version of this header file...)     */\r
\r
struct Index\r
{\r
 char *addr;\r
 char *id;\r
 struct Index *parent;\r
 int bitmask;\r
 int children;\r
 int ipv6;\r
 list(Index);\r
} *idxs=NULL, *idx, *metaindex;\r
\r
\r
/* ====== iptables indexes are used to reduce complexity to log8(N) ===== */\r
\r
char *index_id(char *ip, int bitmask);\r
/* function implemented in ipv4subnets.c */\r
\r
char *subnet_id(char *ip, int bitmask);\r
/* function implemented in ipv4subnets.c */\r
\r
char *index6_id(char *ip, int bitmask);\r
/* function implemented in ipv6subnets.c */\r
\r
char *subnet6_id(char *ip, int bitmask);\r
/* function implemented in ipv6subnets.c */\r
\r
/* ================= Let's parse configuration file here ================ */\r
\r
void reject_config_and_exit(char *filename)\r
{\r
 printf("Configuration file %s rejected - abnormal exit.",filename);\r
 exit(-1);\r
}\r
\r
void get_config(char *config_filename)\r
{\r
 char *cnf="mark";\r
 \r
 printf("Configured keywords: ");\r
 parse(config_filename)\r
 {\r
  option("keyword",kwd);\r
  if(kwd)\r
  {\r
   printf("%s ",kwd);\r
\r
   create(keyword,Keyword);\r
   keyword->key = kwd;\r
   keyword->asymetry_ratio = 1;          /* ratio for ADSL-like upload */\r
   keyword->asymetry_fixed = 0;          /* fixed treshold for ADSL-like upload */\r
   keyword->data_limit = 8;              /* hard shaping: apply magic_treshold if max*data_limit MB exceeded */\r
   keyword->data_prio = 4;               /* soft shaping (qos): reduce HTB prio if max*data_prio MB exceeded */\r
   keyword->fixed_limit = 0;             /* fixed data limit for setting lower HTB ceil */\r
   keyword->fixed_prio = 0;              /* fixed data limit for setting lower HTB prio */\r
   keyword->reserve_min = 8;	         /* bonus for nominal HTB rate bandwidth (in kbps) */\r
   keyword->reserve_max = 0;	         /* malus for nominal HTB ceil (in kbps) */\r
   keyword->default_prio = highest_priority+1;\r
   keyword->download_aggregation = keyword->upload_aggregation = 0; /* disable by default */\r
   keyword->html_color = "000000";\r
   keyword->ip_count = 0;\r
   keyword->leaf_discipline = "";\r
   keyword->allowed_avgmtu = 0;\r
\r
   push(keyword, keywords);\r
   if(!defaultkeyword)\r
   {\r
    defaultkeyword = keyword;\r
   }\r
   keywordcount++;\r
   \r
   kwd=NULL;\r
  }\r
  else\r
  {\r
    for_each(keyword,keywords)\r
    {\r
     int l=strlen(keyword->key);\r
\r
     if(!strncmp(keyword->key,_,l) && strlen(_)>l+2)\r
     {\r
      char *tmptr=_; /*  <---- l+1 ----> */\r
      _+=l+1;        /*  via-prometheus-asymetry-ratio, etc. */\r
      foption("asymetry-ratio", keyword->asymetry_ratio);\r
      ioption("asymetry-treshold", keyword->asymetry_fixed);\r
      ioption("magic-relative-limit", keyword->data_limit);\r
      ioption("magic-relative-prio", keyword->data_prio);\r
      loption("magic-fixed-limit", keyword->fixed_limit);\r
      loption("magic-fixed-prio", keyword->fixed_prio);\r
      ioption("htb-default-prio", keyword->default_prio);\r
      ioption("htb-rate-bonus", keyword->reserve_min);\r
      ioption("htb-ceil-malus", keyword->reserve_max);\r
      ioption("download-aggregation", keyword->download_aggregation);\r
      ioption("upload-aggregation", keyword->upload_aggregation);\r
      option("leaf-discipline", keyword->leaf_discipline);\r
      option("html-color", keyword->html_color);\r
      ioption("allowed-avgmtu" ,keyword->allowed_avgmtu);\r
      _=tmptr;\r
      \r
      if(keyword->data_limit || keyword->fixed_limit || \r
         keyword->data_prio || keyword->fixed_prio)\r
      {\r
       use_credit=1;        \r
      }\r
     }\r
    }\r
  }\r
\r
  option("tc",tc);\r
  option("iptables",iptables);\r
  option("iptables-save",iptablessave);\r
  option("iptables-restore",iptablesrestore);\r
  option("ip6tables",ip6tables);\r
  option("ip6tables-save",ip6tablessave);\r
  option("ip6tables-restore",ip6tablesrestore);\r
  option("iptables-in-filename",iptablesfile);\r
  option("ip6tables-in-filename",ip6tablesfile);\r
  option("hosts",hosts);\r
  option("lan-interface",lan);\r
  option("wan-interface",wan);\r
  option("ip6-prefix",ip6prefix);\r
  option("lan-medium",lan_medium);\r
  option("wan-medium",wan_medium);\r
  lloption("wan-download",line);\r
  lloption("wan-upload",up);\r
  ioption("hall-of-fame-enable",hall_of_fame);\r
  option("hall-of-fame-title",title);\r
  option("hall-of-fame-filename",html);\r
  option("json-filename",json_traffic);\r
  option("hall-of-fame-preview",preview);\r
  option("json-preview",json_preview);\r
  option("log-filename",cmdlog);\r
  option("credit-filename",credit);\r
  option("classmap-filename",classmap);\r
  ioption("credit-enable",enable_credit);\r
  option("log-traffic-directory",log_dir);\r
  option("log-traffic-html-directory",html_log_dir);\r
  option("log-traffic-url-path",log_url);\r
  option("jquery-url",jquery_url);\r
  option("lms-url",lms_url);\r
  ioption("use-jquery-popups",use_jquery_popups);\r
  option("qos-free-zone",qos_free_zone);\r
  ioption("qos-free-delay",qos_free_delay);\r
/*  ioption("qos-proxy-enable",qos_proxy); */\r
/*  option("qos-proxy-ip",proxy_ip);*/\r
  option("htb-leaf-discipline",qos_leaf);\r
/*  ioption("qos-proxy-port",proxy_port); */\r
  ioption("free-rate",free_min);\r
  ioption("free-ceil",free_max);\r
  ioption("overlimit-rate",overlimit_min);\r
  ioption("overlimit-ceil",overlimit_max);\r
  ioption("htb-burst",burst);\r
  ioption("htb-burst-main",burst_main);\r
  ioption("htb-burst-group",burst_group);\r
  ioption("htb-nesting-limit",max_nesting);\r
  ioption("htb-r2q",htb_r2q);\r
  ioption("magic-include-upload",include_upload);\r
  ioption("magic-treshold",magic_treshold);  \r
  option("filter-type", cnf);  \r
/* not yet implemented:\r
  ioption("magic-fixed-packets",fixed_packets);\r
  ioption("magic-relative-packets",packet_limit);\r
*/\r
 }\r
 fail\r
 { \r
  perror(config_filename);\r
  puts("Warning - using built-in defaults instead ...");\r
 }\r
 done; /* ugly macro end */\r
 printf("\n");\r
 \r
 /* leaf discipline for keywords */\r
 for_each(keyword,keywords)\r
 {\r
  if(!strcmpi(keyword->leaf_discipline, ""))\r
  {\r
   keyword->leaf_discipline = qos_leaf;\r
  }\r
 }\r
\r
 if(strcmpi(cnf, "mark"))\r
 {\r
  filter_type = 2;\r
  mark = "CLASSIFY";\r
  mark_iptables = "CLASSIFY --set-class 1:";\r
 }\r
 else\r
 {\r
  filter_type = 1;\r
  mark = "MARK";\r
  mark_iptables = "MARK --set-mark ";\r
 }\r
\r
 /* are supplied values meaningful ?*/\r
 if(line<=0 || up<=0)\r
 {\r
  puts("Illegal value of LAN or WAN bandwidth: 0 kbps.");\r
  reject_config_and_exit(config_filename);\r
 }\r
}\r
\r
 \r
/* ========== This function executes, logs OR ALSO prints command ========== */\r
\r
void safe_run(char *cmd)\r
{\r
 if(dry_run)\r
 {\r
  printf("\n=>%s\n",cmd);\r
 }\r
 else\r
 {\r
  system(cmd);\r
 }\r
 if(log_file)\r
 {\r
  fprintf(log_file,"%s\n",cmd);\r
 }\r
}\r
\r
void iptables_save_line(char *line, int ipv6)\r
{\r
 if(ipv6)\r
 {\r
  fprintf(ip6tables_file,"%s\n",line);\r
 }\r
 else\r
 {\r
  fprintf(iptables_file,"%s\n",line);\r
 }\r
}\r
\r
void run_iptables_restore(void)\r
{\r
 char *restor;\r
 string(restor,STRLEN);\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Running %s <%s ...\n", iptablesrestore, iptablesfile);\r
 /*-----------------------------------------------------------------*/\r
\r
 iptables_save_line("COMMIT", FALSE);\r
 fclose(iptables_file);\r
 if(dry_run) \r
 {\r
  parse(iptablesfile)\r
  {\r
   printf("%s\n",_);\r
  }\r
  done; /* ugly macro end */\r
 }\r
\r
 sprintf(restor,"%s <%s",iptablesrestore, iptablesfile);\r
 safe_run(restor);\r
\r
 if(ip6prefix)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  printf("Running %s <%s ...\n", ip6tablesrestore, ip6tablesfile);\r
  /*-----------------------------------------------------------------*/\r
  iptables_save_line("COMMIT", TRUE);\r
  fclose(ip6tables_file);\r
  if(dry_run) \r
  {\r
   parse(ip6tablesfile)\r
   {\r
    printf("%s\n",_);\r
   }\r
   done; /* ugly macro end */\r
  }\r
  sprintf(restor,"%s <%s",ip6tablesrestore, ip6tablesfile);\r
  safe_run(restor);\r
 }\r
 free(restor);\r
}\r
\r
/**/\r
\r
char *parse_datafile_line(char *str);\r
time_t get_mtime(const char *path);\r
\r
/*-----------------------------------------------------------------*/\r
/* Are you looking for int main(int argc, char **argv) ? :-))      */\r
/*-----------------------------------------------------------------*/\r
\r
program\r
{\r
 int i=0;                    /* just plain old Fortran style integer :-) */\r
 FILE *f=NULL;               /* everything is just stream of bytes... */\r
 char *str, *ptr, *d;        /* LET A$=B$ :-) */\r
 char *substring, *limit_pkts;\r
\r
 int parent        = 1;\r
 int just_networks = FALSE;  \r
 int just_flush    = FALSE;       /* deactivates all previous actions */\r
 int nodelay       = FALSE;\r
 int just_preview  = FALSE;       /* preview - generate just stats */\r
 int start_shaping = FALSE;       /* apply FUP - requires classmap file */\r
 int stop_shaping  = FALSE;       /* lift FUP - requires classmap file */\r
 int reduce_ceil     = 0;           /* allow only rate+(ceil-rate)/2, /4, etc. */\r
 int just_logs     = FALSE;       /* just parse logs */\r
 int run           = FALSE;\r
 int total         = 0;\r
 \r
 char *chain_forward, *chain_postrouting;\r
 char *althosts=NULL;\r
  \r
 printf("\n\\r
Prometheus QoS - \"fair-per-IP\" Quality of Service setup utility.\n\\r
Version %s - Copyright (C)2005-2015 Michael Polak, Arachne Labs\n\\r
iptables-restore & burst tunning & classify modification by Ludva\n\\r
Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);\r
\r
 /*----- Boring... we have to check command line options first: ----*/   \r
 arguments\r
 {\r
  argument("-c") { nextargument(config); }\r
  argument("-h") { nextargument(althosts);}\r
  argument("-d") { run=TRUE; dry_run=TRUE; }\r
  argument("-f") { run=TRUE; just_flush=TRUE; }\r
  argument("-9") { run=TRUE; just_flush=9; }\r
  argument("-p") { run=TRUE; just_preview=TRUE; }\r
  argument("-q") { run=TRUE; just_preview=TRUE; stop_shaping=TRUE; }\r
  argument("-2") { run=TRUE; just_preview=TRUE; reduce_ceil=2; }\r
  argument("-4") { run=TRUE; just_preview=TRUE; reduce_ceil=4; }\r
  argument("-s") { run=TRUE; just_preview=TRUE; start_shaping=TRUE; }\r
  argument("-r") { run=TRUE; }\r
  argument("-n") { run=TRUE; nodelay=TRUE; }\r
  argument("-a") { run=TRUE; just_networks=TRUE; }\r
  argument("-l") { just_logs=TRUE; }\r
  argument("-m") { just_logs=TRUE; }\r
  argument("-y") { just_logs=TRUE; }\r
  argument("-?") { help(); exit(0); }\r
  argument("--help") { help(); exit(0); }\r
  argument("-v") { exit(0); } \r
  argument("--version") { exit(0); } \r
 }\r
 \r
 if(dry_run)\r
 {\r
  puts("*** THIS IS JUST DRY RUN ! ***\n");\r
 }\r
\r
 date(d); /* this is typical cll1.h macro - prints current date */\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Parsing configuration file %s ...\n", config);\r
 /*-----------------------------------------------------------------*/\r
 get_config(config);\r
 \r
 if(just_logs)\r
 {\r
  parse_ip_log(argc,argv);\r
  exit(0);\r
 }\r
 else if(not run)\r
 {\r
  help();\r
  exit(0);\r
 }\r
\r
 if(althosts)\r
 {\r
  hosts = althosts;\r
 }\r
\r
 if(just_flush<9)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  puts("Parsing iptables verbose output ...");\r
  /*-----------------------------------------------------------------*/\r
  get_traffic_statistics(iptables, FALSE);\r
  if(ip6prefix)\r
  {\r
   /*-----------------------------------------------------------------*/\r
   puts("Parsing ip6tables verbose output ...");\r
   /*-----------------------------------------------------------------*/  \r
   get_traffic_statistics(ip6tables, TRUE);\r
  }\r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 /* cll1.h - let's allocate brand new character buffer...           */\r
 /*-----------------------------------------------------------------*/\r
 string(str, STRLEN); \r
 string(limit_pkts, STRLEN);\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Parsing macro definition file %s ...\n", macrosfile);\r
 /*-----------------------------------------------------------------*/\r
 parse(macrosfile)\r
 {\r
  ptr = parse_datafile_line(_);\r
  if(ptr)\r
  {\r
   create(macro, Macro);\r
   macro->rewrite_from = _;\r
   macro->rewrite_to = ptr;\r
   push(macro, macros);\r
   printf("%s -> %s\n", macro->rewrite_from, macro->rewrite_to);\r
  }\r
 }\r
 done; /* ugly macro end */\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Parsing class defintion file %s ...\n", hosts);\r
 /*-----------------------------------------------------------------*/\r
 parse_hosts(hosts);\r
 if(just_networks)\r
 {\r
  analyse_topology("/usr/sbin/traceroute -n -m 10 -w 2 %s.%d");\r
  exit(-1); \r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 puts("Resolving shared connections ...");\r
 /*-----------------------------------------------------------------*/\r
 for_each(ip, ips) if(ip->sharing)\r
 {\r
  for_each(sharedip, ips) if(eq(sharedip->name, ip->sharing))\r
  {\r
   sharedip->traffic += ip->traffic;\r
   sharedip->traffic_down += ip->direct;\r
   sharedip->traffic_up += ip->upload;\r
   ip->traffic = 0;\r
   ip->mark = sharedip->mark; \r
   ip->lmsid = sharedip->lmsid;\r
   ip->pps_limit = sharedip->pps_limit; /* no other way to do this */\r
\r
   /* Ugly hack: append IPv4 addresses of sharedip to IPv6 uplinks */\r
   ptr = strchr(ip->addr, '+');\r
   if(ptr && ptr-ip->addr > 1 && !sharedip->v6)\r
   {\r
    *(--ptr) = 0;\r
    concatenate(ip->addr, sharedip->addr, ptr);\r
    ip->name = ip->addr = ptr;\r
    ptr = strchr(ip->addr, '.');\r
    while(ptr && *ptr)\r
    {\r
     *ptr = ':';\r
     ptr = strchr(ptr, '.');\r
    }\r
    ip->mask += 64;\r
   }\r
\r
   break;\r
  }\r
  if(not sharedip)\r
  {\r
   printf("Unresolved shared connection: %s %s sharing-%s\n",\r
          ip->addr, ip->name, ip->sharing);\r
  }\r
 }\r
\r
 if(enable_credit && just_flush<9)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  printf("Parsing credit file %s ...\n", credit);\r
  /*-----------------------------------------------------------------*/\r
  parse(credit)\r
  {\r
   ptr = parse_datafile_line(_);\r
   if(ptr)\r
   {\r
    if_exists(ip,ips,eq(ip->addr,_))\r
    {\r
     sscanf(ptr,"%Lu",&(ip->credit));\r
    }\r
   }\r
  }\r
  done; /* ugly macro end */\r
 }\r
\r
\r
 if(!just_preview)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  puts("Initializing iptables and tc classes ...");\r
  /*-----------------------------------------------------------------*/\r
  \r
  iptables_file = fopen(iptablesfile, "w");\r
  if(iptables_file == NULL)\r
  {\r
    perror(iptablesfile);\r
    exit(-1);\r
  }\r
  iptables_save_line(iptablespreamble, FALSE);\r
\r
  if(ip6prefix)\r
  {\r
   ip6tables_file = fopen(ip6tablesfile, "w");\r
   if(ip6tables_file == NULL)\r
   {\r
     perror(ip6tablesfile);\r
     exit(-1);\r
   }\r
   iptables_save_line(iptablespreamble, TRUE);\r
   iptables_save_line(ip6preamble, TRUE);\r
  }\r
\r
  run_iptables_restore();\r
  \r
  log_file = fopen(cmdlog, "w");\r
  if(log_file == NULL) \r
  {\r
    perror(cmdlog);\r
    exit(-1);\r
  }  \r
  \r
  sprintf(str,"%s qdisc del dev %s root 2>/dev/null",tc,lan);\r
  safe_run(str);\r
\r
  sprintf(str,"%s qdisc del dev %s root 2>/dev/null",tc,wan);\r
  safe_run(str);\r
  \r
  iptables_file=fopen(iptablesfile,"w");\r
  iptables_save_line(iptablespreamble, FALSE);\r
  if(ip6prefix)\r
  {\r
   ip6tables_file=fopen(ip6tablesfile,"w");\r
   iptables_save_line(iptablespreamble, TRUE);\r
   iptables_save_line(ip6preamble, TRUE);\r
  }\r
\r
  if(qos_free_zone && *qos_free_zone!='0') /* this is currently supported only for IPv4 */\r
  {\r
   char *chain;\r
   \r
   sprintf(str,"-A FORWARD -d %s -o %s -j ACCEPT", qos_free_zone, wan);\r
   iptables_save_line(str, FALSE); /* this is currently supported only for IPv4 */\r
   \r
/*\r
   if(qos_proxy)\r
   {\r
    iptables_save_line(":post_noproxy - [0:0]", FALSE);\r
    sprintf(str,"-A POSTROUTING ! -p tcp -o %s -j post_noproxy", lan);\r
    iptables_save_line(str , FALSE);\r
    sprintf(str,"-A POSTROUTING ! -s %s -o %s -j post_noproxy", proxy_ip, lan);\r
    iptables_save_line(str, FALSE);\r
    sprintf(str,"-A POSTROUTING -s %s -p tcp ! --sport %d -o %s -j post_noproxy", proxy_ip, proxy_port, lan);\r
    iptables_save_line(str, FALSE);\r
\r
    chain="post_noproxy";    \r
   }\r
\r
   else\r
   {\r
*/\r
   chain = "POSTROUTING";\r
//   }\r
    \r
   sprintf(str,"-A %s -s %s -o %s -j ACCEPT", chain, qos_free_zone, lan);\r
   iptables_save_line(str, FALSE);\r
  }\r
  \r
  if(ip_count > idxtable_treshold1 && !just_flush)\r
  {\r
   int idxcount=0, bitmask=32-idxtable_bitmask1;\r
   char *subnet, *buf;\r
   /*-----------------------------------------------------------------*/\r
   printf("Detected %d addresses - indexing iptables rules to improve performance...\n",ip_count);\r
   /*-----------------------------------------------------------------*/\r
\r
   iptables_save_line(":post_common - [0:0]", FALSE);\r
   iptables_save_line(":forw_common - [0:0]", FALSE);\r
   if(ip6prefix)\r
   {\r
    iptables_save_line(":post_common - [0:0]", TRUE);\r
    iptables_save_line(":forw_common - [0:0]", TRUE);\r
   }\r
\r
   for_each(ip,ips) if(ip->addr && *(ip->addr) && !eq(ip->addr,"0.0.0.0/0")) \r
   {\r
    if(ip->v6)\r
    {\r
     buf=index6_id(ip->addr,bitmask+32);\r
    }\r
    else\r
    {\r
     buf=index_id(ip->addr, bitmask);\r
    }\r
    \r
    if_exists(idx,idxs,eq(idx->id,buf))\r
    {\r
     idx->children++;\r
    }\r
    else\r
    {\r
     create(idx,Index);\r
     idx->addr = ip->addr;\r
     idx->id = buf;\r
     idx->bitmask = bitmask+32*ip->v6;\r
     idx->parent = NULL;\r
     idx->children = 0;\r
     idx->ipv6 = ip->v6;\r
     idxcount++;\r
     push(idx,idxs);\r
    }\r
   }\r
\r
   /* brutal perfomance optimalization */\r
   while(idxcount > idxtable_treshold2 && bitmask > 2*idxtable_bitmask2)\r
   {\r
    bitmask -= idxtable_bitmask2;\r
    idxcount = 0;\r
\r
    for_each(idx,idxs) if(idx->parent == NULL)\r
    {\r
     if(idx->ipv6)\r
     {\r
      buf = index6_id(idx->addr, bitmask+32);\r
     }\r
     else\r
     {\r
      buf = index_id(idx->addr, bitmask);\r
     }\r
     if_exists(metaindex,idxs,eq(metaindex->id,buf))\r
     {\r
      metaindex->children++;\r
     }\r
     else\r
     {\r
      create(metaindex,Index);\r
      metaindex->addr = idx->addr;\r
      metaindex->id = buf;\r
      metaindex->bitmask = bitmask+32*idx->ipv6;\r
      metaindex->parent = NULL;\r
      metaindex->children = 0;\r
      metaindex->ipv6 = idx->ipv6;\r
      idxcount++;\r
      push(metaindex,idxs);\r
     }\r
     idx->parent=metaindex;\r
    }\r
   }\r
\r
   /* this should slightly optimize throughput ... */\r
   sort(idx,idxs,desc_order_by,children);\r
   sort(idx,idxs,order_by,bitmask);\r
\r
   i=0;\r
   for_each(idx,idxs)\r
   {\r
    if(idx->ipv6)\r
    {\r
     subnet=subnet6_id(idx->addr, idx->bitmask);\r
    }\r
    else\r
    {\r
     subnet=subnet_id(idx->addr, idx->bitmask);\r
    }\r
    printf("%d: %s/%d\n", ++i, subnet, idx->bitmask);\r
       \r
    sprintf(str,":post_%s - [0:0]", idx->id);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    sprintf(str,":forw_%s - [0:0]", idx->id);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    if(idx->parent)\r
    {\r
     string(buf,strlen(idx->parent->id)+6);\r
     sprintf(buf,"post_%s", idx->parent->id);\r
    }\r
    else\r
    {\r
     buf="POSTROUTING";\r
    }\r
\r
    sprintf(str,"-A %s -d %s/%d -o %s -j post_%s", buf, subnet, idx->bitmask, lan, idx->id);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    sprintf(str,"-A %s -d %s/%d -o %s -j post_common", buf, subnet, idx->bitmask, lan);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    if(idx->parent)\r
    {\r
     string(buf,strlen(idx->parent->id)+6);\r
     sprintf(buf,"forw_%s",idx->parent->id);\r
    }\r
    else\r
    {\r
     buf="FORWARD";\r
    }\r
\r
    sprintf(str,"-A %s -s %s/%d -o %s -j forw_%s", buf, subnet, idx->bitmask, wan, idx->id);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    sprintf(str,"-A %s -s %s/%d -o %s -j forw_common", buf, subnet, idx->bitmask, wan);\r
    iptables_save_line(str, idx->ipv6);\r
   }\r
   printf("Total indexed iptables chains created: %d\n", i);\r
\r
   sprintf(str,"-A FORWARD -o %s -j forw_common", wan);\r
   iptables_save_line(str, FALSE);\r
   \r
   sprintf(str,"-A POSTROUTING -o %s -j post_common", lan);\r
   iptables_save_line(str, FALSE);\r
\r
   if(ip6prefix)\r
   {\r
    sprintf(str,"-A FORWARD -o %s -j forw_common", wan);\r
    iptables_save_line(str, TRUE);\r
    \r
    sprintf(str,"-A POSTROUTING -o %s -j post_common", lan);\r
    iptables_save_line(str, TRUE);\r
   }\r
  }\r
 }\r
\r
 if(just_flush)\r
 {\r
  fclose(iptables_file);\r
  if(log_file)\r
  { \r
   fclose(log_file);\r
  }\r
  puts("Just flushed iptables and tc classes - now exiting ...");\r
  exit(0);\r
 }\r
\r
 if(!just_preview)\r
 {\r
  if(!dry_run && !nodelay && qos_free_delay)\r
  {\r
   printf("Flushed iptables and tc classes - now sleeping for %d seconds...\n",qos_free_delay);\r
   sleep(qos_free_delay);\r
  }\r
\r
  sprintf(str,"%s qdisc add dev %s root handle 1: htb r2q %d default 1",\r
              tc,lan,htb_r2q);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1: classid 1:2 htb rate %s ceil %s burst %dk prio %d",\r
               tc,lan,lan_medium,lan_medium,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1:2 classid 1:1 htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d",\r
                tc,lan,line,line,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str,"%s qdisc add dev %s root handle 1: htb r2q %d default 1",tc,wan,htb_r2q);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1: classid 1:2 htb rate %s ceil %s burst %dk prio %d",\r
               tc,wan,wan_medium,wan_medium,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1:2 classid 1:1 htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d",\r
               tc,wan,up,up,burst_main,highest_priority);\r
  safe_run(str);\r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 puts("Locating heavy downloaders and generating root classes ...");\r
 /*-----------------------------------------------------------------*/\r
 sort(ip,ips,desc_order_by,traffic); \r
\r
 /*-----------------------------------------------------------------*/\r
 /* sub-scope - local variables */  \r
 {\r
  long long int rate = line;\r
  long long int max = line;\r
  int group_count = 0;\r
  FILE *credit_file = NULL;\r
  \r
  if(!just_preview && !dry_run && enable_credit)\r
  {\r
   credit_file = fopen(credit,"w");\r
  }\r
    \r
  for_each(group,groups)\r
  {\r
   if(!just_preview)\r
   {\r
    //download\r
    sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d #down desired %d", \r
                 tc, lan, parent, group->id, rate, max, burst_group, highest_priority+1, group->desired);\r
    safe_run(str);\r
    \r
    //upload\r
    sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d #up desired %d", \r
                 tc, wan, parent, group->id, rate*up/line, max*up/line, burst_group, highest_priority+1, group->desired);\r
    safe_run(str);\r
   }\r
   \r
   if(group_count++ < max_nesting)\r
   {\r
    parent = group->id;\r
   }\r
   \r
   rate -= digital_divide*group->min;\r
   if(rate < group->min)\r
   {\r
    rate = group->min;\r
   }\r
    \r
   /*shaping of aggresive downloaders, with credit file support */\r
   if(use_credit)\r
   {\r
    int group_rate = group->min, priority_sequence = lowest_priority;\r
    \r
    for_each(ip, ips) if(ip->min == group->min && ip->max > ip->min)\r
    {\r
     ip->realquota=ip->credit+(ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20));\r
     if(     ip->keyword->data_limit \r
         and not ip->fixedprio \r
         and ip->traffic > ip->realquota )\r
     {\r
      if(group_rate < ip->max)\r
      {\r
       ip->max = group_rate;\r
      }\r
      group_rate+=magic_treshold;\r
      ip->prio=lowest_priority;\r
      if(ip->prio<highest_priority+2)\r
      {\r
       ip->prio=highest_priority+2;\r
      }\r
     }\r
     else\r
     {\r
      if(    ip->keyword->data_prio \r
          && !ip->fixedprio \r
          && (   ip->traffic >   ip->credit + (ip->min*ip->keyword->data_prio+(ip->keyword->fixed_prio<<20))) )\r
      {\r
       ip->prio=priority_sequence--;\r
       if(ip->prio<highest_priority+1)\r
       {\r
        ip->prio=highest_priority+1;\r
       }\r
      }\r
     \r
      if(credit_file)\r
      {\r
       unsigned long long lcredit=0;\r
       \r
       if((ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20))>ip->traffic)\r
       {\r
        lcredit=(ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20))-ip->traffic;\r
       }\r
       fprintf(credit_file,"%s %Lu\n",ip->addr,lcredit);\r
      }\r
     }\r
    }        \r
   }\r
  }\r
  if(credit_file)\r
  {\r
   fclose(credit_file);\r
  }\r
 }\r
\r
 if(just_preview)\r
 {\r
  if(start_shaping || stop_shaping || reduce_ceil)\r
  {\r
   time_t how_much_seconds = time(NULL) - get_mtime(classmap); /* sice start of daily aggregation session */\r
   printf("Reading %s (%ld seconds old) and applying Fair Use Policy and Aggregation rules... \n", classmap, how_much_seconds);\r
     \r
   parse(classmap)\r
   {\r
    ptr=strchr(_,' ');\r
    if(ptr)\r
    {\r
     *ptr=0;\r
     ptr++;\r
     if_exists(ip,ips,eq(ip->addr,_))\r
     {\r
      int unshape_this_ip = stop_shaping;\r
      long avg_mbps_down = ip->traffic_down * 8 / how_much_seconds; \r
      long avg_mbps_up = ip->traffic_up * 8 / how_much_seconds;\r
      int min_mbps = ip->min>>10;\r
      int agreg = 1, print_stats = 1;\r
      \r
      if(min_mbps < 1)\r
      {\r
       min_mbps = 1;\r
      }\r
      \r
      if(ip->keyword->download_aggregation)\r
      {\r
       if(min_mbps <= avg_mbps_down)\r
       {\r
        unshape_this_ip = 0;\r
        agreg = (int)((float)(avg_mbps_down+1)/min_mbps+.5);\r
        ip->max /= agreg;\r
        printf("Download aggregation 1:%d for %s (min: %lu Mbps avg: %ld Mbps)\n", agreg, ip->name, min_mbps, avg_mbps_down);\r
       }\r
       else\r
       {\r
        unshape_this_ip = 1;\r
       }\r
      }\r
      else if(ip->keyword->upload_aggregation)\r
      {\r
       if(min_mbps <= avg_mbps_up)\r
       {\r
        unshape_this_ip = 0;\r
        agreg = (int)((float)(avg_mbps_up+1)/min_mbps+.5);\r
        ip->max /= agreg;\r
        printf("Upload aggregation 1:%d for %s: (min: %lu Mbps avg: %ld Mbps)\n", agreg, ip->name, min_mbps, avg_mbps_up);\r
       }\r
       else\r
       {\r
        unshape_this_ip = 1;\r
       }\r
      }\r
      ip->aggregated = agreg;      \r
      ip->mark = atoi(ptr);\r
      if(ip->max < ip->desired || unshape_this_ip || reduce_ceil) /* apply or disable FUP limit immediately.... */\r
      {\r
       if(unshape_this_ip)\r
       {\r
        ip->max = ip->desired;\r
        if(stop_shaping) /* all limits removed, but not printed with -s (start_shaping) switch */\r
        {\r
         printf("Removing limit for %s (%s) ", ip->name, ip->addr);\r
        }\r
        else\r
        {\r
         print_stats = 0;\r
        }\r
       }\r
       else\r
       {\r
        printf("Applying limit for %s (%s) ", ip->name, ip->addr);\r
        if(reduce_ceil)\r
        {\r
         ip->max = ip->min + (ip->desired-ip->min)/reduce_ceil;\r
        }\r
        else if(ip->max < ip->min)\r
        {\r
         ip->max = ip->min;\r
        }        \r
       }\r
       if(print_stats)\r
       {\r
        printf("(down: %dk-%dk wants %dk, ", ip->min, ip->max, ip->desired);\r
       }\r
       sprintf(str, "%s class change dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d", \r
                    tc, lan, ip->group, ip->mark,ip->min,ip->max, burst, ip->prio);\r
       safe_run(str);\r
       if(print_stats)\r
       {\r
        printf("up: %dk-%dk wants %dk)\n", (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), \r
                                           (int)((ip->desired/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed),\r
                                           (int)((ip->desired/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed));\r
       }\r
       sprintf(str,"%s class change dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                    tc, wan, ip->group, ip->mark,\r
                    (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed),\r
                    (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), burst, ip->prio);\r
       safe_run(str);\r
      }\r
     }\r
    }\r
   }\r
   fail\r
   { \r
    perror(classmap);\r
    puts("Warning - classmap file not fund, just generating preview ...");\r
    start_shaping=FALSE;\r
    stop_shaping=FALSE;\r
   }\r
   done; /* ugly macro end */\r
  }\r
  html=preview;\r
  json_traffic=json_preview;\r
 }\r
\r
 if(!dry_run && !just_flush)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  printf("Writing json traffic overview  %s ... ", json_traffic);\r
  /*-----------------------------------------------------------------*/\r
  write_json_traffic(json_traffic);\r
\r
  /*-----------------------------------------------------------------*/\r
  printf("Writing statistics into HTML page %s ...\n", html);\r
  /*-----------------------------------------------------------------*/\r
  write_htmlandlogs(html, d, total, just_preview);\r
 }\r
\r
 if(just_preview)\r
 {\r
  char swchar='p';\r
  if(start_shaping)\r
  {\r
   swchar='s';\r
  }\r
  else if(reduce_ceil)\r
  {\r
   swchar='0'+reduce_ceil; /* -2, -4 */\r
  }\r
  else if(stop_shaping)\r
  {\r
   swchar='q';\r
  }\r
\r
  printf("Statistics preview generated (-%c switch) - now exiting ...\n", swchar);\r
  exit(0);\r
 }  \r
\r
 i=0;\r
#ifdef DEBUG\r
 printf("%-22s %-15s mark\n","name","ip");\r
#endif\r
\r
 printf("Writing %s", classmap); \r
 f = fopen(classmap, "w"); \r
 if(f < 0)\r
 {\r
  perror(classmap);\r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 printf(" + generating iptables and tc classes ... ");\r
 /*-----------------------------------------------------------------*/\r
\r
 for_each(ip, ips) if(ip->mark > 0) /* works only for IPv4 so far */\r
 {\r
  if(idxs)\r
  {\r
   char *buf;\r
   duplicate(ip->addr,buf);\r
   if(ip->v6)\r
   {\r
    buf=index6_id(ip->addr,64-idxtable_bitmask1);\r
   }\r
   else\r
   {\r
    buf=index_id(ip->addr,32-idxtable_bitmask1);\r
   }\r
   \r
   string(chain_forward,6+strlen(buf));\r
   strcpy(chain_forward,"forw_");\r
   strcat(chain_forward,buf);\r
\r
   string(chain_postrouting,6+strlen(buf));\r
   strcpy(chain_postrouting,"post_");\r
   strcat(chain_postrouting,buf);\r
   \r
   free(buf);\r
  }\r
  else\r
  {\r
   chain_forward="FORWARD";\r
   chain_postrouting="POSTROUTING";\r
  }\r
\r
  /* packet limits - this will be optional in future */\r
  if(ip->pps_limit)\r
  {\r
   sprintf(limit_pkts, "-m limit --limit %d/s --limit-burst %d ", \r
                       ip->pps_limit, ip->pps_limit);\r
  }\r
  else\r
  {\r
   *limit_pkts = 0;\r
  }  \r
\r
#ifdef DEBUG\r
  printf("%-22s %-16s %04d %d/s\n", ip->name, ip->addr, ip->mark, ip->pps_limit); \r
#endif\r
\r
  /* -------------------------------------------------------- mark download */  \r
  sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",\r
               chain_postrouting, ip->addr, ip->mask,\r
               lan, mark_iptables, ip->mark);\r
  iptables_save_line(str, ip->v6);\r
\r
/*\r
  if(qos_proxy)\r
  {\r
   sprintf(str, "-A %s -s %s -p tcp --sport %d -d %s/%d -o %s -j %s%d",\r
                chain_postrouting, proxy_ip, proxy_port, ip->addr,\r
                ip->mask, lan, mark_iptables, ip->mark);\r
   iptables_save_line(str, ip->v6);\r
  }\r
*/\r
  sprintf(str, "-A %s -d %s/%d -o %s %s-j ACCEPT",\r
               chain_postrouting, ip->addr, ip->mask, lan, limit_pkts);\r
  iptables_save_line(str, ip->v6);\r
\r
  /* classify overlimit packets to separate overlimit class */\r
  sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",\r
               chain_postrouting, ip->addr, ip->mask,\r
               lan, mark_iptables, OVERLIMIT_CLASS);\r
  iptables_save_line(str, ip->v6);\r
\r
  sprintf(str, "-A %s -d %s/%d -o %s -j ACCEPT",\r
               chain_postrouting, ip->addr, ip->mask, lan);\r
  iptables_save_line(str, ip->v6);\r
\r
  /* -------------------------------------------------------- mark upload */\r
  sprintf(str, "-A %s -s %s/%d -o %s -j %s%d", \r
               chain_forward, ip->addr, ip->mask, wan, mark_iptables, ip->mark);\r
  iptables_save_line(str, ip->v6);\r
\r
  sprintf(str, "-A %s -s %s/%d -o %s %s-j ACCEPT",\r
               chain_forward, ip->addr, ip->mask, wan, limit_pkts);\r
  iptables_save_line(str, ip->v6);\r
\r
  /* classify overlimit packets to separate overlimit class */\r
  sprintf(str, "-A %s -s %s/%d -o %s -j %s%d", \r
               chain_forward, ip->addr, ip->mask, wan, mark_iptables, OVERLIMIT_CLASS);\r
  iptables_save_line(str, ip->v6);\r
\r
  sprintf(str, "-A %s -s %s/%d -o %s -j ACCEPT",\r
               chain_forward, ip->addr, ip->mask, wan);\r
  iptables_save_line(str, ip->v6);\r
\r
  if(ip->min)\r
  {\r
   /* -------------------------------------------------------- download class */\r
#ifdef DEBUG\r
   printf("(down: %dk-%dk ", ip->min, ip->max); \r
#endif\r
\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d", \r
                tc, lan, ip->group, ip->mark, ip->min, ip->max, burst, ip->prio);\r
   safe_run(str);\r
\r
   if(strcmpi(ip->keyword->leaf_discipline, "none"))\r
   {\r
    sprintf(str, "%s qdisc add dev %s parent 1:%d handle %d %s", \r
                 tc, lan, ip->mark, ip->mark, ip->keyword->leaf_discipline); /*qos_leaf*/\r
    safe_run(str);\r
   }\r
\r
   if(filter_type == 1)\r
   {\r
    sprintf(str, "%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d",\r
                 tc, lan, ip->mark, ip->mark);\r
    safe_run(str);\r
   }\r
\r
   /* -------------------------------------------------------- upload class */\r
#ifdef DEBUG\r
   printf("up: %dk-%dk)\n", (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), \r
                            (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed));\r
#endif\r
\r
   sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, wan, ip->group, ip->mark,\r
                (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed),\r
                (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), burst, ip->prio);\r
   safe_run(str);\r
   \r
   if(strcmpi(ip->keyword->leaf_discipline, "none"))\r
   {\r
    sprintf(str, "%s qdisc add dev %s parent 1:%d handle %d %s",\r
                 tc, wan, ip->mark, ip->mark, ip->keyword->leaf_discipline); /*qos_leaf*/\r
    safe_run(str);\r
   }   \r
\r
   if(filter_type == 1)\r
   {\r
    sprintf(str, "%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d",\r
                 tc, wan, ip->mark, ip->mark);\r
    safe_run(str);\r
   }\r
  \r
   if(f > 0)\r
   {\r
    fprintf(f, "%s %d\n", ip->addr, ip->mark);\r
   }\r
  }\r
  else\r
  {\r
#ifdef DEBUG\r
   printf("(sharing %s)\n", ip->sharing);\r
#endif\r
  }\r
  i++;\r
 }\r
 if(f > 0)\r
 {\r
  puts("done.");\r
  fclose(f);\r
 }\r
 \r
 if(idxs)\r
 {\r
  chain_forward = "forw_common";\r
  chain_postrouting = "post_common";\r
 }\r
 else\r
 {\r
  chain_forward = "FORWARD";\r
  chain_postrouting = "POSTROUTING";\r
 }\r
\r
 if(free_min)\r
 {\r
  final_chain = "ACCEPT";\r
 }\r
\r
/*\r
 if(qos_proxy)\r
 {\r
  if(free_min) \r
  {\r
   sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s%d",\r
                chain_postrouting,proxy_ip,proxy_port,lan,mark_iptables, 3);\r
   iptables_save_line(str, FALSE); // only for IPv4\r
  }\r
  sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s",\r
               chain_postrouting,proxy_ip,proxy_port,lan,final_chain);\r
  iptables_save_line(str, FALSE); // only for IPv4\r
 }\r
*/\r
\r
 if(free_min)\r
 {\r
  sprintf(str, "-A %s -o %s -j %s%d",\r
               chain_postrouting, lan, mark_iptables, FREE_CLASS);\r
  iptables_save_line(str, FALSE); /* only for IPv4 */\r
 }\r
\r
 sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
 iptables_save_line(str, FALSE);\r
 if(ip6prefix)\r
 {\r
  sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
  iptables_save_line(str, TRUE);\r
 }\r
\r
 if(free_min)\r
 {\r
  sprintf(str,"-A %s -o %s -j %s%d", chain_forward, wan, mark_iptables, FREE_CLASS);\r
  iptables_save_line(str, FALSE); /* only for IPv4 */\r
 }\r
\r
 sprintf(str,"-A %s -o %s -j %s", chain_forward, wan, final_chain);\r
 iptables_save_line(str, FALSE);\r
 if(ip6prefix)\r
 {\r
  sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
  iptables_save_line(str, TRUE);\r
 }\r
\r
 if(free_min) /* allocate free bandwith if it is not zero... */ \r
 {\r
   /*-----------------------------------------------------------------*/\r
   puts("Generating free bandwith class ...");\r
   /*-----------------------------------------------------------------*/\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, lan, parent, FREE_CLASS, free_min, free_max,burst, lowest_priority);\r
   safe_run(str);\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, wan, parent, FREE_CLASS, free_min, free_max, burst, lowest_priority);\r
   safe_run(str);\r
   /* tc SFQ */\r
   if(strcmpi(qos_leaf, "none"))\r
   {\r
     sprintf(str,"%s qdisc add dev %s parent 1:%d handle %d %s", tc, lan, FREE_CLASS, FREE_CLASS, qos_leaf);\r
     safe_run(str);\r
   \r
     sprintf(str,"%s qdisc add dev %s parent 1:%d handle %d %s", tc, wan, FREE_CLASS, FREE_CLASS, qos_leaf);\r
     safe_run(str);\r
   }   \r
   /* tc handle 1 fw flowid */\r
   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d", tc, lan, FREE_CLASS, FREE_CLASS);\r
   safe_run(str);\r
\r
   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d", tc, wan, FREE_CLASS, FREE_CLASS);\r
   safe_run(str);\r
\r
   /*-----------------------------------------------------------------*/\r
   puts("Generating bandwith class for overlimit packets...");\r
   /*-----------------------------------------------------------------*/\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, lan, parent, OVERLIMIT_CLASS, overlimit_min, overlimit_max, burst, lowest_priority);\r
   safe_run(str);\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, wan, parent, OVERLIMIT_CLASS, overlimit_min, overlimit_max, burst, lowest_priority);\r
   safe_run(str);\r
 }\r
 printf("Total IP count: %d\n", i);\r
 run_iptables_restore();\r
 if(log_file)\r
 {\r
  fclose(log_file);\r
 }\r
 return 0;\r
 /* that's all folks, thank you for reading it all the way up to this point ;-) */\r
 /* bad luck C<<1 is not yet finished, I promise no sprintf() next time... */\r
}\r