GIT.Harvie.CZ / svn / Prometheus-QoS / .git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
should be completely fixed now
[svn/Prometheus-QoS/.git] / prometheus.c
... / ...
CommitLineData
1/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
2/* Prometheus QoS - you can "steal fire" from your ISP */\r
3/* "fair-per-IP" quality of service (QoS) utility */\r
4/* requires Linux 2.4.x or 2.6.x with HTB support */\r
5/* Copyright(C) 2005-2013 Michael Polak, Arachne Aerospace */\r
6/* iptables-restore support Copyright(C) 2007-2008 ludva */\r
7/* Credit: CZFree.Net,Martin Devera,Netdave,Aquarius,Gandalf */\r
8/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
9\r
10/* Modified by: xChaos, 20130124\r
11 ludva, 20080415\r
12 \r
13 Prometheus QoS is free software; you can redistribute it and/or\r
14 modify it under the terms of the GNU General Public License as \r
15 published by the Free Software Foundation; either version 2.1 of \r
16 the License, or (at your option) any later version.\r
17\r
18 Prometheus QoS is distributed in the hope that it will be useful,\r
19 but WITHOUT ANY WARRANTY; without even the implied warranty of\r
20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU\r
21 General Public License for more details.\r
22\r
23 You should have received a copy of the GNU General Public License\r
24 along with Prometheus Qos; if not, write to the Free Software\r
25 Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA \r
26 \r
27 GNU General Public License is located in file COPYING */\r
28\r
29#include "cll1-0.6.2.h"\r
30#include "ipstruct.h"\r
31\r
32const char *version = "0.8.3-i";\r
33\r
34/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
35/* Versions: 0.8.3 is development release, 0.8.4 will be "stable" */\r
36/* Official Trac URL: https://dev.arachne.cz/svn/prometheus */\r
37/* Official SVN URL: https://dev.arachne.cz/repos/prometheus */\r
38/* BTC donations account: 19rriLx8vR19wGefPaMhakqnCYNYwjLvxq */\r
39/* CZK donations account: 2900242944/2010 (transparent account) */\r
40/* Warning: unofficial Github mirror is not supported by author! */\r
41/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
42\r
43const char *stats_html_signature = "<span class=\"small\">Statistics generated by Prometheus QoS version %s<br />GPL+Copyright(C)2005-2013 Michael Polak, <a target=\"_blank\" href=\"http://www.arachne.cz/\">Arachne Labs</a></span>\n";\r
44\r
45#define STRLEN 512\r
46#undef DEBUG\r
47\r
48/* ======= All path names are defined here (for RPM patch) ======= */\r
49\r
50const char *tc = "/sbin/tc"; /* requires tc with HTB support */\r
51const char *iptables = "/sbin/iptables"; /* requires iptables utility */\r
52const char *ip6tables = "/sbin/ip6tables"; /* requires iptables utility */\r
53const char *iptablessave = "/sbin/iptables-save"; /* not yet required */\r
54const char *iptablesrestore = "/sbin/iptables-restore"; /* requires iptables-restore */\r
55const char *ip6tablessave = "/sbin/ip6tables-save"; /* not yet required */\r
56const char *ip6tablesrestore = "/sbin/ip6tables-restore"; /* requires iptables-restore */\r
57const char *ls = "/bin/ls"; /* this is not user configurable :-) */\r
58\r
59char *config = "/etc/prometheus/prometheus.conf"; /* main configuration file */\r
60char *hosts = "/etc/prometheus/hosts"; /* per-IP bandwidth definition file */\r
61char *iptablesfile = "/var/spool/prometheus.iptables"; /* temporary file for iptables-restore*/\r
62char *ip6tablesfile = "/var/spool/prometheus.ip6tables"; /* temporary file for ip6tables-restore*/\r
63char *credit = "/var/lib/misc/prometheus.credit"; /* credit log file */\r
64char *classmap = "/var/lib/misc/prometheus.classes"; /* credit log file */\r
65char *html = "/var/www/traffic.html"; /* hall of fame - html version */\r
66char *preview = "/var/www/preview.html"; /* hall of fame preview - html version */\r
67char *json_traffic = "/var/www/logs/traffic.json"; /* hall of fame - json version */\r
68char *json_preview = "/var/www/logs/preview.json"; /* hall of fame preview - json version */\r
69char *cmdlog = "/var/log/prometheuslog"; /* command log filename */\r
70char *log_dir = "/var/www/logs/"; /* log directory pathname, ended with slash */\r
71char *log_url = "/logs/"; /* log directory relative URI prefix (partial URL) */\r
72char *html_log_dir = "/var/www/logs/html/";\r
73\r
74char *jquery_url = "http://code.jquery.com/jquery-latest.js";\r
75char *lms_url = "/lms/?m=customerinfo&amp;id=";\r
76int use_jquery_popups = TRUE;\r
77int row_odd_even = 0; /*<tr class="odd/even"> */\r
78 \r
79/* === Configuraration file values defaults - stored in global variables ==== */\r
80\r
81int filter_type = 1; /*1 mark, 2 classify*/\r
82char *final_chain = "DROP"; /* REJECT would be better, but it is impossible in mangle */\r
83char *mark = "MARK";\r
84char *mark_iptables = "MARK --set-mark ";\r
85int dry_run = FALSE; /* preview - use puts() instead of system() */\r
86char *iptablespreamble = "*mangle\n:PREROUTING ACCEPT [0:0]\n:POSTROUTING ACCEPT [0:0]\n:INPUT ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]";\r
87char *ip6preamble = "-A FORWARD -p ipv6-icmp -j ACCEPT\n-A POSTROUTING -p ipv6-icmp -j ACCEPT\n-A FORWARD -s fe80::/10 -j ACCEPT\n-A FORWARD -d ff00::/8 -j ACCEPT\n-A POSTROUTING -s fe80::/10 -j ACCEPT\n-A POSTROUTING -d ff00::/8 -j ACCEPT";\r
88FILE *iptables_file = NULL;\r
89FILE *ip6tables_file = NULL;\r
90int enable_credit = TRUE; /* enable credit file */\r
91int use_credit = FALSE; /* use credit file (if enabled)*/\r
92char *title = "Hall of Fame - Greatest Suckers"; /* hall of fame title */\r
93int hall_of_fame = TRUE; /* enable hall of fame */\r
94char *lan = "eth0"; /* LAN interface */\r
95char *lan_medium = "100Mbit"; /* 10Mbit/100Mbit ethernet */\r
96char *wan = "eth1"; /* WAN/ISP interface */\r
97char *ip6prefix = NULL; /* Prefix for global /48 IPv6 subnet */\r
98char *wan_medium = "100Mbit"; /* 10Mbit/100Mbit ethernet */\r
99char *qos_leaf = "sfq perturb 5"; /* leaf discipline */\r
100char *qos_free_zone = NULL; /* QoS free zone */\r
101int qos_proxy = TRUE; /* include proxy port to QoS */\r
102int found_lmsid = FALSE; /* show links to users in LMS information system */\r
103int include_upload = TRUE; /* upload+download=total traffic */\r
104char *proxy_ip = "192.168.1.1/32"; /* our IP with proxy port */\r
105int proxy_port = 3128; /* proxy port number */\r
106long long int line = 1024; /* WAN/ISP download in kbps */\r
107long long int up = 1024; /* WAN/ISP upload in kbps */\r
108int free_min = 256; /* minimum guaranted bandwidth for all undefined hosts */\r
109int free_max = 512; /* maximum allowed bandwidth for all undefined hosts */\r
110int qos_free_delay = 0; /* seconds to sleep before applying new QoS rules */\r
111int digital_divide = 2; /* controls digital divide weirdness ratio, 1...3 */ \r
112int max_nesting = 3; /* maximum nesting of HTB clases, built-in maximum seems to be 4 */\r
113int htb_r2q = 256; /* should work for leaf values 512 kbps to 8 Mbps */\r
114int burst = 8; /* HTB burst (in kbits) */\r
115int burst_main = 64;\r
116int burst_group = 32;\r
117int magic_treshold = 8; /* reduce ceil by X*magic_treshhold kbps (hard shaping) */\r
118int keywordcount = 0;\r
119int class_count = 0;\r
120int ip_count = 0;\r
121/* not yet implemented:\r
122int fixed_packets = 0; maximum number of pps per IP address (not class!) \r
123int packet_limit = 5; maximum number of pps to htn CEIL, not rate !!! \r
124*/\r
125FILE *log_file = NULL;\r
126char *kwd = "via-prometheus"; /* /etc/hosts comment, eg. #qos-64-128 */\r
127\r
128const int highest_priority = 0; /* highest HTB priority (HTB built-in value is 0) */\r
129const int lowest_priority = 7; /* lowest HTB priority (HTB built-in value is 7) */\r
130const int idxtable_treshold1 = 24; /* this is no longer configurable */\r
131const int idxtable_treshold2 = 12; /* this is no longer configurable */\r
132const int idxtable_bitmask1 = 3; /* this is no longer configurable */\r
133const int idxtable_bitmask2 = 3; /* this is no longer configurable */\r
134\r
135struct IP *ips = NULL, *ip, *sharedip;\r
136struct Group *groups = NULL, *group;\r
137struct Keyword *keyword, *defaultkeyword=NULL, *keywords=NULL;\r
138\r
139void help(void);\r
140/* implemented in help.c */
141\r
142void get_traffic_statistics(const char *whichiptables, int ipv6);\r
143/* implemented in parseiptables.c */\r
144\r
145void parse_ip_log(int argc, char **argv);\r
146/* implemented in parselog.c */\r
147\r
148void parse_hosts(char *hosts);\r
149/* implemented in parsehosts.c */\r
150\r
151void write_json_traffic(char *json);\r
152/* implemented in json.c */\r
153\r
154void write_htmlandlogs(char *html, char *d, int total, int just_preview);\r
155/* implemented in htmlandlogs.c */\r
156\r
157const char *tr_odd_even(void)\r
158{\r
159 row_odd_even = 1 - row_odd_even;\r
160 if(row_odd_even)\r
161 {\r
162 return "<tr class=\"even\">\n";\r
163 }\r
164 else\r
165 {\r
166 return "<tr class=\"odd\">\n";\r
167 }\r
168}\r
169\r
170/* ==== This is C<<1 stuff - learn C<<1 first! https://dev.arachne.cz/svn/cll1h ==== */\r
171/* (except that this code uses obsolete, archaic version of this header file...) */\r
172\r
173struct Index\r
174{\r
175 char *addr;\r
176 char *id;\r
177 struct Index *parent;\r
178 int bitmask;\r
179 int children;\r
180 int ipv6;\r
181 list(Index);\r
182} *idxs=NULL, *idx, *metaindex;\r
183\r
184\r
185/* ====== iptables indexes are used to reduce complexity to log8(N) ===== */\r
186\r
187char *index_id(char *ip, int bitmask);\r
188/* function implemented in ipv4subnets.c */\r
189\r
190char *subnet_id(char *ip, int bitmask);\r
191/* function implemented in ipv4subnets.c */\r
192\r
193char *index6_id(char *ip, int bitmask);\r
194/* function implemented in ipv6subnets.c */\r
195\r
196char *subnet6_id(char *ip, int bitmask);\r
197/* function implemented in ipv6subnets.c */\r
198\r
199/* ================= Let's parse configuration file here ================ */\r
200\r
201void reject_config_and_exit(char *filename)\r
202{\r
203 printf("Configuration file %s rejected - abnormal exit.",filename);\r
204 exit(-1);\r
205}\r
206\r
207void get_config(char *config_filename)\r
208{\r
209 char *cnf="mark";\r
210 \r
211 printf("Configured keywords: ");\r
212 parse(config_filename)\r
213 {\r
214 option("keyword",kwd);\r
215 if(kwd)\r
216 {\r
217 printf("%s ",kwd);\r
218\r
219 create(keyword,Keyword);\r
220 keyword->key=kwd;\r
221 keyword->asymetry_ratio=1; /* ratio for ADSL-like upload */\r
222 keyword->asymetry_fixed=0; /* fixed treshold for ADSL-like upload */\r
223 keyword->data_limit=8; /* hard shaping: apply magic_treshold if max*data_limit MB exceeded */\r
224 keyword->data_prio=4; /* soft shaping (qos): reduce HTB prio if max*data_prio MB exceeded */\r
225 keyword->fixed_limit=0; /* fixed data limit for setting lower HTB ceil */\r
226 keyword->fixed_prio=0; /* fixed data limit for setting lower HTB prio */\r
227 keyword->reserve_min=8; /* bonus for nominal HTB rate bandwidth (in kbps) */\r
228 keyword->reserve_max=0; /* malus for nominal HTB ceil (in kbps) */\r
229 keyword->default_prio=highest_priority+1;\r
230 keyword->html_color="000000";\r
231 keyword->ip_count=0;\r
232 keyword->leaf_discipline="";\r
233\r
234 push(keyword,keywords);\r
235 if(!defaultkeyword)\r
236 {\r
237 defaultkeyword=keyword;\r
238 }\r
239 keywordcount++;\r
240 \r
241 kwd=NULL;\r
242 }\r
243 else\r
244 {\r
245 for_each(keyword,keywords)\r
246 {\r
247 int l=strlen(keyword->key);\r
248\r
249 if(!strncmp(keyword->key,_,l) && strlen(_)>l+2)\r
250 {\r
251 char *tmptr=_; /* <---- l+1 ----> */\r
252 _+=l+1; /* via-prometheus-asymetry-ratio, etc. */\r
253 ioption("asymetry-ratio",keyword->asymetry_ratio);\r
254 ioption("asymetry-treshold",keyword->asymetry_fixed);\r
255 ioption("magic-relative-limit",keyword->data_limit);\r
256 ioption("magic-relative-prio",keyword->data_prio);\r
257 loption("magic-fixed-limit",keyword->fixed_limit);\r
258 loption("magic-fixed-prio",keyword->fixed_prio);\r
259 ioption("htb-default-prio",keyword->default_prio);\r
260 ioption("htb-rate-bonus",keyword->reserve_min);\r
261 ioption("htb-ceil-malus",keyword->reserve_max);\r
262 option("leaf-discipline",keyword->leaf_discipline);\r
263 option("html-color",keyword->html_color);\r
264 _=tmptr;\r
265 \r
266 if(keyword->data_limit || keyword->fixed_limit || \r
267 keyword->data_prio || keyword->fixed_prio)\r
268 {\r
269 use_credit=1; \r
270 }\r
271 }\r
272 }\r
273 }\r
274\r
275 option("tc",tc);\r
276 option("iptables",iptables);\r
277 option("iptables-save",iptablessave);\r
278 option("iptables-restore",iptablesrestore);\r
279 option("ip6tables",ip6tables);\r
280 option("ip6tables-save",ip6tablessave);\r
281 option("ip6tables-restore",ip6tablesrestore);\r
282 option("iptables-in-filename",iptablesfile);\r
283 option("ip6tables-in-filename",ip6tablesfile);\r
284 option("hosts",hosts);\r
285 option("lan-interface",lan);\r
286 option("wan-interface",wan);\r
287 option("ip6-prefix",ip6prefix);\r
288 option("lan-medium",lan_medium);\r
289 option("wan-medium",wan_medium);\r
290 lloption("wan-download",line);\r
291 lloption("wan-upload",up);\r
292 ioption("hall-of-fame-enable",hall_of_fame);\r
293 option("hall-of-fame-title",title);\r
294 option("hall-of-fame-filename",html);\r
295 option("json-filename",json_traffic);\r
296 option("hall-of-fame-preview",preview);\r
297 option("json-preview",json_preview);\r
298 option("log-filename",cmdlog);\r
299 option("credit-filename",credit);\r
300 option("classmap-filename",classmap);\r
301 ioption("credit-enable",enable_credit);\r
302 option("log-traffic-directory",log_dir);\r
303 option("log-traffic-html-directory",html_log_dir);\r
304 option("log-traffic-url-path",log_url);\r
305 option("jquery-url",jquery_url);\r
306 option("lms-url",lms_url);\r
307 ioption("use-jquery-popups",use_jquery_popups);\r
308 option("qos-free-zone",qos_free_zone);\r
309 ioption("qos-free-delay",qos_free_delay);\r
310 ioption("qos-proxy-enable",qos_proxy);\r
311 option("qos-proxy-ip",proxy_ip);\r
312 option("htb-leaf-discipline",qos_leaf);\r
313 ioption("qos-proxy-port",proxy_port);\r
314 ioption("free-rate",free_min);\r
315 ioption("free-ceil",free_max);\r
316 ioption("htb-burst",burst);\r
317 ioption("htb-burst-main",burst_main);\r
318 ioption("htb-burst-group",burst_group);\r
319 ioption("htb-nesting-limit",max_nesting);\r
320 ioption("htb-r2q",htb_r2q);\r
321 ioption("magic-include-upload",include_upload);\r
322 ioption("magic-treshold",magic_treshold); \r
323 option("filter-type", cnf); \r
324/* not yet implemented:\r
325 ioption("magic-fixed-packets",fixed_packets);\r
326 ioption("magic-relative-packets",packet_limit);\r
327*/\r
328 }\r
329 fail\r
330 { \r
331 perror(config_filename);\r
332 puts("Warning - using built-in defaults instead ...");\r
333 }\r
334 done; /* ugly macro end */\r
335 printf("\n");\r
336 \r
337 /* leaf discipline for keywords */\r
338 for_each(keyword,keywords)\r
339 {\r
340 if(!strcmpi(keyword->leaf_discipline, ""))\r
341 {\r
342 keyword->leaf_discipline = qos_leaf;\r
343 }\r
344 }\r
345\r
346 if(strcmpi(cnf, "mark"))\r
347 {\r
348 filter_type = 2;\r
349 mark = "CLASSIFY";\r
350 mark_iptables = "CLASSIFY --set-class 1:";\r
351 }\r
352 else\r
353 {\r
354 filter_type = 1;\r
355 mark = "MARK";\r
356 mark_iptables = "MARK --set-mark ";\r
357 }\r
358\r
359 /* are supplied values meaningful ?*/\r
360 if(line<=0 || up<=0)\r
361 {\r
362 puts("Illegal value of LAN or WAN bandwidth: 0 kbps.");\r
363 reject_config_and_exit(config_filename);\r
364 }\r
365}\r
366\r
367 \r
368/* ========== This function executes, logs OR ALSO prints command ========== */\r
369\r
370void safe_run(char *cmd)\r
371{\r
372 if(dry_run)\r
373 {\r
374 printf("\n=>%s\n",cmd);\r
375 }\r
376 else\r
377 {\r
378 system(cmd);\r
379 }\r
380 if(log_file)\r
381 {\r
382 fprintf(log_file,"%s\n",cmd);\r
383 }\r
384}\r
385\r
386void iptables_save_line(char *line, int ipv6)\r
387{\r
388 if(ipv6)\r
389 {\r
390 fprintf(ip6tables_file,"%s\n",line);\r
391 }\r
392 else\r
393 {\r
394 fprintf(iptables_file,"%s\n",line);\r
395 }\r
396}\r
397\r
398void run_iptables_restore(void)\r
399{\r
400 char *restor;\r
401 string(restor,STRLEN);\r
402\r
403 /*-----------------------------------------------------------------*/\r
404 printf("Running %s <%s ...\n", iptablesrestore, iptablesfile);\r
405 /*-----------------------------------------------------------------*/\r
406\r
407 iptables_save_line("COMMIT", FALSE);\r
408 fclose(iptables_file);\r
409 if(dry_run) \r
410 {\r
411 parse(iptablesfile)\r
412 {\r
413 printf("%s\n",_);\r
414 }\r
415 done; /* ugly macro end */\r
416 }\r
417\r
418 sprintf(restor,"%s <%s",iptablesrestore, iptablesfile);\r
419 safe_run(restor);\r
420\r
421 if(ip6prefix)\r
422 {\r
423 /*-----------------------------------------------------------------*/\r
424 printf("Running %s <%s ...\n", ip6tablesrestore, ip6tablesfile);\r
425 /*-----------------------------------------------------------------*/\r
426 iptables_save_line("COMMIT", TRUE);\r
427 fclose(ip6tables_file);\r
428 if(dry_run) \r
429 {\r
430 parse(ip6tablesfile)\r
431 {\r
432 printf("%s\n",_);\r
433 }\r
434 done; /* ugly macro end */\r
435 }\r
436 sprintf(restor,"%s <%s",ip6tablesrestore, ip6tablesfile);\r
437 safe_run(restor);\r
438 }\r
439 free(restor);\r
440}\r
441\r
442char *parse_datafile_line(char *str)\r
443{\r
444 char *ptr=strchr(str,' ');\r
445\r
446 if(ptr)\r
447 {\r
448 *ptr=0;\r
449 ptr++;\r
450 return ptr;\r
451 } \r
452 else \r
453 {\r
454 return NULL;\r
455 }\r
456}\r
457\r
458\r
459/*-----------------------------------------------------------------*/\r
460/* Are you looking for int main(int argc, char **argv) ? :-)) */\r
461/*-----------------------------------------------------------------*/\r
462\r
463program\r
464{\r
465 int i=0; /* just plain old Fortran style integer :-) */\r
466 FILE *f=NULL; /* everything is just stream of bytes... */\r
467 char *str, *ptr, *d; /* LET A$=B$ :-) */\r
468 char *substring;\r
469\r
470 int parent = 1;\r
471 int just_flush = FALSE; /* deactivates all previous actions */\r
472 int nodelay = FALSE;\r
473 int just_preview = FALSE; /* preview - generate just stats */\r
474 int start_shaping = FALSE; /* apply FUP - requires classmap file */\r
475 int just_logs = FALSE; /* just parse logs */\r
476 int run = FALSE;\r
477 int total = 0;\r
478 \r
479 char *chain_forward, *chain_postrouting;\r
480 char *althosts=NULL;\r
481 \r
482 printf("\n\\r
483Prometheus QoS - \"fair-per-IP\" Quality of Service setup utility.\n\\r
484Version %s - Copyright (C)2005-2013 Michael Polak, Arachne Labs\n\\r
485iptables-restore & burst tunning & classify modification by Ludva\n\\r
486Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);\r
487\r
488 /*----- Boring... we have to check command line options first: ----*/ \r
489 arguments\r
490 {\r
491 argument("-c") { nextargument(config); }\r
492 argument("-h") { nextargument(althosts);}\r
493 argument("-d") { run=TRUE; dry_run=TRUE; }\r
494 argument("-f") { run=TRUE; just_flush=TRUE; }\r
495 argument("-9") { run=TRUE; just_flush=9; }\r
496 argument("-p") { run=TRUE; just_preview=TRUE; }\r
497 argument("-s") { run=TRUE; just_preview=TRUE; start_shaping=TRUE; }\r
498 argument("-r") { run=TRUE; }\r
499 argument("-n") { run=TRUE; nodelay=TRUE; }\r
500 argument("-l") { just_logs=TRUE; }\r
501 argument("-m") { just_logs=TRUE; }\r
502 argument("-y") { just_logs=TRUE; }\r
503 argument("-?") { help(); exit(0); }\r
504 argument("--help") { help(); exit(0); }\r
505 argument("-v") { exit(0); } \r
506 argument("--version") { exit(0); } \r
507 }\r
508 \r
509 if(dry_run)\r
510 {\r
511 puts("*** THIS IS JUST DRY RUN ! ***\n");\r
512 }\r
513\r
514 date(d); /* this is typical cll1.h macro - prints current date */\r
515\r
516 /*-----------------------------------------------------------------*/\r
517 printf("Parsing configuration file %s ...\n", config);\r
518 /*-----------------------------------------------------------------*/\r
519 get_config(config);\r
520 \r
521 if(just_logs)\r
522 {\r
523 parse_ip_log(argc,argv);\r
524 exit(0);\r
525 }\r
526 else if(not run)\r
527 {\r
528 help();\r
529 exit(0);\r
530 }\r
531\r
532 if(althosts)\r
533 {\r
534 hosts=althosts;\r
535 }\r
536\r
537 if(just_flush<9)\r
538 {\r
539 /*-----------------------------------------------------------------*/\r
540 puts("Parsing iptables verbose output ...");\r
541 /*-----------------------------------------------------------------*/\r
542 get_traffic_statistics(iptables, FALSE);\r
543 if(ip6prefix)\r
544 {\r
545 /*-----------------------------------------------------------------*/\r
546 puts("Parsing ip6tables verbose output ...");\r
547 /*-----------------------------------------------------------------*/ \r
548 get_traffic_statistics(ip6tables, TRUE);\r
549 }\r
550 }\r
551\r
552 /*-----------------------------------------------------------------*/\r
553 printf("Parsing class defintion file %s ...\n", hosts);\r
554 /*-----------------------------------------------------------------*/\r
555 parse_hosts(hosts);\r
556\r
557 /*-----------------------------------------------------------------*/\r
558 /* cll1.h - let's allocate brand new character buffer... */\r
559 /*-----------------------------------------------------------------*/\r
560 string(str,STRLEN); \r
561\r
562 /*-----------------------------------------------------------------*/\r
563 puts("Resolving shared connections ...");\r
564 /*-----------------------------------------------------------------*/\r
565 for_each(ip,ips) if(ip->sharing)\r
566 {\r
567 for_each(sharedip,ips) if(eq(sharedip->name, ip->sharing))\r
568 {\r
569 sharedip->traffic += ip->traffic;\r
570 ip->traffic = 0;\r
571 ip->mark = sharedip->mark; \r
572 ip->lmsid = sharedip->lmsid;\r
573 break;\r
574 }\r
575 if(not sharedip)\r
576 {\r
577 printf("Unresolved shared connection: %s %s sharing-%s\n",\r
578 ip->addr, ip->name, ip->sharing);\r
579 }\r
580 }\r
581\r
582 if(enable_credit && just_flush<9)\r
583 {\r
584 /*-----------------------------------------------------------------*/\r
585 printf("Parsing credit file %s ...\n", credit);\r
586 /*-----------------------------------------------------------------*/\r
587 parse(credit)\r
588 {\r
589 ptr=parse_datafile_line(_);\r
590 if(ptr)\r
591 {\r
592 if_exists(ip,ips,eq(ip->addr,_))\r
593 {\r
594 sscanf(ptr,"%Lu",&(ip->credit));\r
595 }\r
596 }\r
597 }\r
598 done; /* ugly macro end */\r
599 }\r
600\r
601 if(!just_preview)\r
602 {\r
603 /*-----------------------------------------------------------------*/\r
604 puts("Initializing iptables and tc classes ...");\r
605 /*-----------------------------------------------------------------*/\r
606 \r
607 iptables_file = fopen(iptablesfile, "w");\r
608 if(iptables_file == NULL)\r
609 {\r
610 perror(iptablesfile);\r
611 exit(-1);\r
612 }\r
613 iptables_save_line(iptablespreamble, FALSE);\r
614\r
615 if(ip6prefix)\r
616 {\r
617 ip6tables_file = fopen(ip6tablesfile, "w");\r
618 if(ip6tables_file == NULL)\r
619 {\r
620 perror(ip6tablesfile);\r
621 exit(-1);\r
622 }\r
623 iptables_save_line(iptablespreamble, TRUE);\r
624 iptables_save_line(ip6preamble, TRUE);\r
625 }\r
626\r
627 run_iptables_restore();\r
628 \r
629 log_file = fopen(cmdlog, "w");\r
630 if(log_file == NULL) \r
631 {\r
632 perror(cmdlog);\r
633 exit(-1);\r
634 } \r
635 \r
636 sprintf(str,"%s qdisc del dev %s root 2>/dev/null",tc,lan);\r
637 safe_run(str);\r
638\r
639 sprintf(str,"%s qdisc del dev %s root 2>/dev/null",tc,wan);\r
640 safe_run(str);\r
641 \r
642 iptables_file=fopen(iptablesfile,"w");\r
643 iptables_save_line(iptablespreamble, FALSE);\r
644 if(ip6prefix)\r
645 {\r
646 ip6tables_file=fopen(ip6tablesfile,"w");\r
647 iptables_save_line(iptablespreamble, TRUE);\r
648 iptables_save_line(ip6preamble, TRUE);\r
649 }\r
650\r
651 if(qos_free_zone && *qos_free_zone!='0') /* this is currently supported only for IPv4 */\r
652 {\r
653 char *chain;\r
654 \r
655 sprintf(str,"-A FORWARD -d %s -o %s -j ACCEPT", qos_free_zone, wan);\r
656 iptables_save_line(str, FALSE); /* this is currently supported only for IPv4 */\r
657 \r
658 if(qos_proxy)\r
659 {\r
660 iptables_save_line(":post_noproxy - [0:0]", FALSE);\r
661 sprintf(str,"-A POSTROUTING ! -p tcp -o %s -j post_noproxy", lan);\r
662 iptables_save_line(str , FALSE);\r
663 sprintf(str,"-A POSTROUTING ! -s %s -o %s -j post_noproxy", proxy_ip, lan);\r
664 iptables_save_line(str, FALSE);\r
665 sprintf(str,"-A POSTROUTING -s %s -p tcp ! --sport %d -o %s -j post_noproxy", proxy_ip, proxy_port, lan);\r
666 iptables_save_line(str, FALSE);\r
667\r
668 chain="post_noproxy"; \r
669 }\r
670 else\r
671 {\r
672 chain="POSTROUTING";\r
673 }\r
674 \r
675 sprintf(str,"-A %s -s %s -o %s -j ACCEPT", chain, qos_free_zone, lan);\r
676 iptables_save_line(str, FALSE);\r
677 }\r
678 \r
679 if(ip_count > idxtable_treshold1 && !just_flush)\r
680 {\r
681 int idxcount=0, bitmask=32-idxtable_bitmask1;\r
682 char *subnet, *buf;\r
683 /*-----------------------------------------------------------------*/\r
684 printf("Detected %d addresses - indexing iptables rules to improve performance...\n",ip_count);\r
685 /*-----------------------------------------------------------------*/\r
686\r
687 iptables_save_line(":post_common - [0:0]", FALSE);\r
688 iptables_save_line(":forw_common - [0:0]", FALSE);\r
689 if(ip6prefix)\r
690 {\r
691 iptables_save_line(":post_common - [0:0]", TRUE);\r
692 iptables_save_line(":forw_common - [0:0]", TRUE);\r
693 }\r
694\r
695 for_each(ip,ips) if(ip->addr && *(ip->addr) && !eq(ip->addr,"0.0.0.0/0")) \r
696 {\r
697 if(ip->v6)\r
698 {\r
699 buf=index6_id(ip->addr,bitmask+32);\r
700 }\r
701 else\r
702 {\r
703 buf=index_id(ip->addr, bitmask);\r
704 }\r
705 \r
706 if_exists(idx,idxs,eq(idx->id,buf))\r
707 {\r
708 idx->children++;\r
709 }\r
710 else\r
711 {\r
712 create(idx,Index);\r
713 idx->addr = ip->addr;\r
714 idx->id = buf;\r
715 idx->bitmask = bitmask+32*ip->v6;\r
716 idx->parent = NULL;\r
717 idx->children = 0;\r
718 idx->ipv6 = ip->v6;\r
719 idxcount++;\r
720 push(idx,idxs);\r
721 }\r
722 }\r
723\r
724 /* brutal perfomance optimalization */\r
725 while(idxcount > idxtable_treshold2 && bitmask > 2*idxtable_bitmask2)\r
726 {\r
727 bitmask -= idxtable_bitmask2;\r
728 idxcount = 0;\r
729\r
730 for_each(idx,idxs) if(idx->parent == NULL)\r
731 {\r
732 if(idx->ipv6)\r
733 {\r
734 buf = index6_id(idx->addr, bitmask+32);\r
735 }\r
736 else\r
737 {\r
738 buf = index_id(idx->addr, bitmask);\r
739 }\r
740 if_exists(metaindex,idxs,eq(metaindex->id,buf))\r
741 {\r
742 metaindex->children++;\r
743 }\r
744 else\r
745 {\r
746 create(metaindex,Index);\r
747 metaindex->addr = idx->addr;\r
748 metaindex->id = buf;\r
749 metaindex->bitmask = bitmask+32*idx->ipv6;\r
750 metaindex->parent = NULL;\r
751 metaindex->children = 0;\r
752 metaindex->ipv6 = idx->ipv6;\r
753 idxcount++;\r
754 push(metaindex,idxs);\r
755 }\r
756 idx->parent=metaindex;\r
757 }\r
758 }\r
759\r
760 /* this should slightly optimize throughput ... */\r
761 sort(idx,idxs,desc_order_by,children);\r
762 sort(idx,idxs,order_by,bitmask);\r
763\r
764 i=0;\r
765 for_each(idx,idxs)\r
766 {\r
767 if(idx->ipv6)\r
768 {\r
769 subnet=subnet6_id(idx->addr, idx->bitmask);\r
770 }\r
771 else\r
772 {\r
773 subnet=subnet_id(idx->addr, idx->bitmask);\r
774 }\r
775 printf("%d: %s/%d\n", ++i, subnet, idx->bitmask);\r
776 \r
777 sprintf(str,":post_%s - [0:0]", idx->id);\r
778 iptables_save_line(str, idx->ipv6);\r
779\r
780 sprintf(str,":forw_%s - [0:0]", idx->id);\r
781 iptables_save_line(str, idx->ipv6);\r
782\r
783 if(idx->parent)\r
784 {\r
785 string(buf,strlen(idx->parent->id)+6);\r
786 sprintf(buf,"post_%s", idx->parent->id);\r
787 }\r
788 else\r
789 {\r
790 buf="POSTROUTING";\r
791 }\r
792\r
793 sprintf(str,"-A %s -d %s/%d -o %s -j post_%s", buf, subnet, idx->bitmask, lan, idx->id);\r
794 iptables_save_line(str, idx->ipv6);\r
795\r
796 sprintf(str,"-A %s -d %s/%d -o %s -j post_common", buf, subnet, idx->bitmask, lan);\r
797 iptables_save_line(str, idx->ipv6);\r
798\r
799 if(idx->parent)\r
800 {\r
801 string(buf,strlen(idx->parent->id)+6);\r
802 sprintf(buf,"forw_%s",idx->parent->id);\r
803 }\r
804 else\r
805 {\r
806 buf="FORWARD";\r
807 }\r
808\r
809 sprintf(str,"-A %s -s %s/%d -o %s -j forw_%s", buf, subnet, idx->bitmask, wan, idx->id);\r
810 iptables_save_line(str, idx->ipv6);\r
811\r
812 sprintf(str,"-A %s -s %s/%d -o %s -j forw_common", buf, subnet, idx->bitmask, wan);\r
813 iptables_save_line(str, idx->ipv6);\r
814 }\r
815 printf("Total indexed iptables chains created: %d\n", i);\r
816\r
817 sprintf(str,"-A FORWARD -o %s -j forw_common", wan);\r
818 iptables_save_line(str, FALSE);\r
819 \r
820 sprintf(str,"-A POSTROUTING -o %s -j post_common", lan);\r
821 iptables_save_line(str, FALSE);\r
822\r
823 if(ip6prefix)\r
824 {\r
825 sprintf(str,"-A FORWARD -o %s -j forw_common", wan);\r
826 iptables_save_line(str, TRUE);\r
827 \r
828 sprintf(str,"-A POSTROUTING -o %s -j post_common", lan);\r
829 iptables_save_line(str, TRUE);\r
830 }\r
831 }\r
832 }\r
833\r
834 if(just_flush)\r
835 {\r
836 fclose(iptables_file);\r
837 if(log_file)\r
838 { \r
839 fclose(log_file);\r
840 }\r
841 puts("Just flushed iptables and tc classes - now exiting ...");\r
842 exit(0);\r
843 }\r
844\r
845 if(!just_preview)\r
846 {\r
847 if(!dry_run && !nodelay && qos_free_delay)\r
848 {\r
849 printf("Flushed iptables and tc classes - now sleeping for %d seconds...\n",qos_free_delay);\r
850 sleep(qos_free_delay);\r
851 }\r
852\r
853 sprintf(str,"%s qdisc add dev %s root handle 1: htb r2q %d default 1",\r
854 tc,lan,htb_r2q);\r
855 safe_run(str);\r
856\r
857 sprintf(str, "%s class add dev %s parent 1: classid 1:2 htb rate %s ceil %s burst %dk prio %d",\r
858 tc,lan,lan_medium,lan_medium,burst_main,highest_priority);\r
859 safe_run(str);\r
860\r
861 sprintf(str, "%s class add dev %s parent 1:2 classid 1:1 htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d",\r
862 tc,lan,line,line,burst_main,highest_priority);\r
863 safe_run(str);\r
864\r
865 sprintf(str,"%s qdisc add dev %s root handle 1: htb r2q %d default 1",tc,wan,htb_r2q);\r
866 safe_run(str);\r
867\r
868 sprintf(str, "%s class add dev %s parent 1: classid 1:2 htb rate %s ceil %s burst %dk prio %d",\r
869 tc,wan,wan_medium,wan_medium,burst_main,highest_priority);\r
870 safe_run(str);\r
871\r
872 sprintf(str, "%s class add dev %s parent 1:2 classid 1:1 htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d",\r
873 tc,wan,up,up,burst_main,highest_priority);\r
874 safe_run(str);\r
875 }\r
876\r
877 /*-----------------------------------------------------------------*/\r
878 puts("Locating heavy downloaders and generating root classes ...");\r
879 /*-----------------------------------------------------------------*/\r
880 sort(ip,ips,desc_order_by,traffic); \r
881\r
882 /*-----------------------------------------------------------------*/\r
883 /* sub-scope - local variables */ \r
884 {\r
885 long long int rate = line;\r
886 long long int max = line;\r
887 int group_count = 0;\r
888 FILE *credit_file = NULL;\r
889 \r
890 if(!just_preview && !dry_run && enable_credit)\r
891 {\r
892 credit_file = fopen(credit,"w");\r
893 }\r
894 \r
895 for_each(group,groups)\r
896 {\r
897 if(!just_preview)\r
898 {\r
899 //download\r
900 sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d #down desired %d", \r
901 tc, lan, parent, group->id, rate, max, burst_group, highest_priority+1, group->desired);\r
902 safe_run(str);\r
903 \r
904 //upload\r
905 sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d #up desired %d", \r
906 tc, wan, parent, group->id, rate*up/line, max*up/line, burst_group, highest_priority+1, group->desired);\r
907 safe_run(str);\r
908 }\r
909 \r
910 if(group_count++ < max_nesting)\r
911 {\r
912 parent = group->id;\r
913 }\r
914 \r
915 rate -= digital_divide*group->min;\r
916 if(rate < group->min)\r
917 {\r
918 rate = group->min;\r
919 }\r
920 \r
921 /*shaping of aggresive downloaders, with credit file support */\r
922 if(use_credit)\r
923 {\r
924 int group_rate = group->min, priority_sequence = lowest_priority;\r
925 \r
926 for_each(ip, ips) if(ip->min == group->min && ip->max > ip->min)\r
927 {\r
928 ip->realquota=ip->credit+(ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20));\r
929 if( ip->keyword->data_limit \r
930 and not ip->fixedprio \r
931 and ip->traffic > ip->realquota )\r
932 {\r
933 if(group_rate < ip->max)\r
934 {\r
935 ip->max = group_rate;\r
936 }\r
937 group_rate+=magic_treshold;\r
938 ip->prio=lowest_priority;\r
939 if(ip->prio<highest_priority+2)\r
940 {\r
941 ip->prio=highest_priority+2;\r
942 }\r
943 }\r
944 else\r
945 {\r
946 if( ip->keyword->data_prio \r
947 && !ip->fixedprio \r
948 && ( ip->traffic>ip->credit\r
949 + (ip->min*ip->keyword->data_prio+(ip->keyword->fixed_prio<<20))) )\r
950 {\r
951 ip->prio=priority_sequence--;\r
952 if(ip->prio<highest_priority+1)\r
953 {\r
954 ip->prio=highest_priority+1;\r
955 }\r
956 }\r
957 \r
958 if(credit_file)\r
959 {\r
960 unsigned long long lcredit=0;\r
961 \r
962 if((ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20))>ip->traffic)\r
963 {\r
964 lcredit=(ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20))-ip->traffic;\r
965 }\r
966 fprintf(credit_file,"%s %Lu\n",ip->addr,lcredit);\r
967 }\r
968 }\r
969 } \r
970 }\r
971 }\r
972 if(credit_file)\r
973 {\r
974 fclose(credit_file);\r
975 }\r
976 }\r
977\r
978 if(just_preview)\r
979 {\r
980 if(start_shaping)\r
981 {\r
982 printf("Reading %s and applying Fair Use Policy rules ... \n", classmap);\r
983 parse(classmap)\r
984 {\r
985 ptr=strchr(_,' ');\r
986 if(ptr)\r
987 {\r
988 *ptr=0;\r
989 ptr++;\r
990 if_exists(ip,ips,eq(ip->addr,_))\r
991 {\r
992 ip->mark=atoi(ptr);\r
993 if(ip->max < ip->desired) /* apply FUP limit immediately.... */\r
994 {\r
995 printf("Applying limit for %-22s %-16s %04d ", ip->name, ip->addr, ip->mark); \r
996 printf("(down: %dk-%dk ", ip->min, ip->max); \r
997 sprintf(str, "%s class change dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d", \r
998 tc, lan, ip->group, ip->mark,ip->min,ip->max, burst, ip->prio);\r
999 safe_run(str);\r
1000 printf("up: %dk-%dk)\n", (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), \r
1001 (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed));\r
1002 sprintf(str,"%s class change dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
1003 tc, wan, ip->group, ip->mark,\r
1004 (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed),\r
1005 (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), burst, ip->prio);\r
1006 safe_run(str);\r
1007 }\r
1008 }\r
1009 }\r
1010 }\r
1011 fail\r
1012 { \r
1013 perror(classmap);\r
1014 puts("Warning - classmap file not fund, just generating preview ...");\r
1015 start_shaping=FALSE;\r
1016 }\r
1017 done; /* ugly macro end */\r
1018 }\r
1019 html=preview;\r
1020 json_traffic=json_preview;\r
1021 }\r
1022\r
1023 if(!dry_run && !just_flush)\r
1024 {\r
1025 /*-----------------------------------------------------------------*/\r
1026 printf("Writing json traffic overview %s ... ", json_traffic);\r
1027 /*-----------------------------------------------------------------*/\r
1028 write_json_traffic(json_traffic);\r
1029\r
1030 /*-----------------------------------------------------------------*/\r
1031 printf("Writing statistics into HTML page %s ...\n", html);\r
1032 /*-----------------------------------------------------------------*/\r
1033 write_htmlandlogs(html, d, total, just_preview);\r
1034 }\r
1035\r
1036 if(just_preview)\r
1037 {\r
1038 char swchar='p';\r
1039 if(start_shaping)\r
1040 {\r
1041 swchar='s';\r
1042 }\r
1043 printf("Statistics preview generated (-%c switch) - now exiting ...\n", swchar);\r
1044 exit(0);\r
1045 } \r
1046\r
1047 i=0;\r
1048#ifdef DEBUG\r
1049 printf("%-22s %-15s mark\n","name","ip");\r
1050#endif\r
1051\r
1052 printf("Writing %s", classmap); \r
1053 f = fopen(classmap, "w"); \r
1054 if(f < 0)\r
1055 {\r
1056 perror(classmap);\r
1057 }\r
1058\r
1059 /*-----------------------------------------------------------------*/\r
1060 printf(" + generating iptables and tc classes ... ");\r
1061 /*-----------------------------------------------------------------*/\r
1062\r
1063 for_each(ip, ips) if(ip->mark > 0) /* works only for IPv4 so far */\r
1064 {\r
1065 if(idxs)\r
1066 {\r
1067 char *buf;\r
1068 duplicate(ip->addr,buf);\r
1069 if(ip->v6)\r
1070 {\r
1071 buf=index6_id(ip->addr,64-idxtable_bitmask1);\r
1072 }\r
1073 else\r
1074 {\r
1075 buf=index_id(ip->addr,32-idxtable_bitmask1);\r
1076 }\r
1077 \r
1078 string(chain_forward,6+strlen(buf));\r
1079 strcpy(chain_forward,"forw_");\r
1080 strcat(chain_forward,buf);\r
1081\r
1082 string(chain_postrouting,6+strlen(buf));\r
1083 strcpy(chain_postrouting,"post_");\r
1084 strcat(chain_postrouting,buf);\r
1085 \r
1086 free(buf);\r
1087 }\r
1088 else\r
1089 {\r
1090 chain_forward="FORWARD";\r
1091 chain_postrouting="POSTROUTING";\r
1092 }\r
1093\r
1094#ifdef DEBUG\r
1095 printf("%-22s %-16s %04d ", ip->name, ip->addr, ip->mark); \r
1096#endif\r
1097\r
1098 /* -------------------------------------------------------- mark download */\r
1099 \r
1100 sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",\r
1101 chain_postrouting, ip->addr, 32*(1+ip->v6), lan, mark_iptables, ip->mark);\r
1102 /* -m limit --limit 1/s */ \r
1103 iptables_save_line(str, ip->v6);\r
1104\r
1105 if(qos_proxy)\r
1106 {\r
1107 sprintf(str, "-A %s -s %s -p tcp --sport %d -d %s/%d -o %s -j %s%d",\r
1108 chain_postrouting, proxy_ip, proxy_port, ip->addr, 32*(1+ip->v6), lan, mark_iptables, ip->mark);\r
1109 iptables_save_line(str, ip->v6);\r
1110 }\r
1111\r
1112 sprintf(str, "-A %s -d %s/%d -o %s -j ACCEPT",\r
1113 chain_postrouting, ip->addr, 32*(1+ip->v6), lan);\r
1114 iptables_save_line(str, ip->v6);\r
1115\r
1116 /* -------------------------------------------------------- mark upload */\r
1117 sprintf(str, "-A %s -s %s/%d -o %s -j %s%d", \r
1118 chain_forward, ip->addr, 32*(1+ip->v6), wan, mark_iptables, ip->mark);\r
1119 iptables_save_line(str, ip->v6);\r
1120\r
1121 sprintf(str, "-A %s -s %s/%d -o %s -j ACCEPT",\r
1122 chain_forward, ip->addr, 32*(1+ip->v6), wan);\r
1123 iptables_save_line(str, ip->v6);\r
1124\r
1125 if(ip->min)\r
1126 {\r
1127 /* -------------------------------------------------------- download class */\r
1128#ifdef DEBUG\r
1129 printf("(down: %dk-%dk ", ip->min, ip->max); \r
1130#endif\r
1131\r
1132 sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d", \r
1133 tc, lan, ip->group, ip->mark,ip->min,ip->max, burst, ip->prio);\r
1134 safe_run(str);\r
1135\r
1136 if(strcmpi(ip->keyword->leaf_discipline, "none"))\r
1137 {\r
1138 sprintf(str, "%s qdisc add dev %s parent 1:%d handle %d %s", \r
1139 tc, lan, ip->mark, ip->mark, ip->keyword->leaf_discipline); /*qos_leaf*/\r
1140 safe_run(str);\r
1141 }\r
1142\r
1143 if(filter_type == 1)\r
1144 {\r
1145 sprintf(str, "%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d",\r
1146 tc, lan, ip->mark, ip->mark);\r
1147 safe_run(str);\r
1148 }\r
1149\r
1150 /* -------------------------------------------------------- upload class */\r
1151#ifdef DEBUG\r
1152 printf("up: %dk-%dk)\n", (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), \r
1153 (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed));\r
1154#endif\r
1155\r
1156 sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
1157 tc, wan, ip->group, ip->mark,\r
1158 (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed),\r
1159 (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), burst, ip->prio);\r
1160 safe_run(str);\r
1161 \r
1162 if(strcmpi(ip->keyword->leaf_discipline, "none"))\r
1163 {\r
1164 sprintf(str, "%s qdisc add dev %s parent 1:%d handle %d %s",\r
1165 tc, wan, ip->mark, ip->mark, ip->keyword->leaf_discipline); /*qos_leaf*/\r
1166 safe_run(str);\r
1167 } \r
1168\r
1169 if(filter_type == 1)\r
1170 {\r
1171 sprintf(str, "%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d",\r
1172 tc, wan, ip->mark, ip->mark);\r
1173 safe_run(str);\r
1174 }\r
1175 \r
1176 if(f > 0)\r
1177 {\r
1178 fprintf(f, "%s %d\n", ip->addr, ip->mark);\r
1179 }\r
1180 }\r
1181 else\r
1182 {\r
1183#ifdef DEBUG\r
1184 printf("(sharing %s)\n", ip->sharing);\r
1185#endif\r
1186 }\r
1187 i++;\r
1188 }\r
1189 if(f > 0)\r
1190 {\r
1191 puts("done.");\r
1192 fclose(f);\r
1193 }\r
1194 \r
1195 if(idxs)\r
1196 {\r
1197 chain_forward = "forw_common";\r
1198 chain_postrouting = "post_common";\r
1199 }\r
1200 else\r
1201 {\r
1202 chain_forward = "FORWARD";\r
1203 chain_postrouting = "POSTROUTING";\r
1204 }\r
1205\r
1206 if(free_min)\r
1207 {\r
1208 final_chain = "ACCEPT";\r
1209 }\r
1210\r
1211 if(qos_proxy)\r
1212 {\r
1213 if(free_min) \r
1214 {\r
1215 sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s%d",\r
1216 chain_postrouting,proxy_ip,proxy_port,lan,mark_iptables, 3);\r
1217 iptables_save_line(str, FALSE); /* only for IPv4 */\r
1218 }\r
1219 sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s",\r
1220 chain_postrouting,proxy_ip,proxy_port,lan,final_chain);\r
1221 iptables_save_line(str, FALSE); /* only for IPv4 */\r
1222 }\r
1223\r
1224 if(free_min)\r
1225 {\r
1226 sprintf(str, "-A %s -o %s -j %s%d",\r
1227 chain_postrouting, lan, mark_iptables, 3);\r
1228 iptables_save_line(str, FALSE); /* only for IPv4 */\r
1229 }\r
1230\r
1231 sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
1232 iptables_save_line(str, FALSE);\r
1233 if(ip6prefix)\r
1234 {\r
1235 sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
1236 iptables_save_line(str, TRUE);\r
1237 }\r
1238\r
1239 if(free_min)\r
1240 {\r
1241 sprintf(str,"-A %s -o %s -j %s%d", chain_forward, wan, mark_iptables, 3);\r
1242 iptables_save_line(str, FALSE); /* only for IPv4 */\r
1243 }\r
1244\r
1245 sprintf(str,"-A %s -o %s -j %s", chain_forward, wan, final_chain);\r
1246 iptables_save_line(str, FALSE);\r
1247 if(ip6prefix)\r
1248 {\r
1249 sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
1250 iptables_save_line(str, TRUE);\r
1251 }\r
1252\r
1253 if(free_min) /* allocate free bandwith if it is not zero... */ \r
1254 {\r
1255 /*-----------------------------------------------------------------*/\r
1256 puts("Generating free bandwith classes ...");\r
1257 /*-----------------------------------------------------------------*/\r
1258 sprintf(str, "%s class add dev %s parent 1:%d classid 1:3 htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
1259 tc, lan, parent, free_min, free_max,burst, lowest_priority);\r
1260 safe_run(str);\r
1261 sprintf(str, "%s class add dev %s parent 1:%d classid 1:3 htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
1262 tc, wan, parent, free_min, free_max, burst, lowest_priority);\r
1263 safe_run(str);\r
1264 /* tc SFQ */\r
1265 if(strcmpi(qos_leaf, "none"))\r
1266 {\r
1267 sprintf(str,"%s qdisc add dev %s parent 1:3 handle 3 %s", tc, lan, qos_leaf);\r
1268 safe_run(str);\r
1269 \r
1270 sprintf(str,"%s qdisc add dev %s parent 1:3 handle 3 %s", tc, wan, qos_leaf);\r
1271 safe_run(str);\r
1272 } \r
1273 /* tc handle 1 fw flowid */\r
1274 sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle 3 fw flowid 1:3", tc, lan);\r
1275 safe_run(str);\r
1276\r
1277 sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle 3 fw flowid 1:3", tc, wan);\r
1278 safe_run(str);\r
1279 }\r
1280 printf("Total IP count: %d\n", i);\r
1281 run_iptables_restore();\r
1282 if(log_file)\r
1283 {\r
1284 fclose(log_file);\r
1285 }\r
1286 return 0;\r
1287 /* that's all folks, thank you for reading it all the way up to this point ;-) */\r
1288 /* bad luck C<<1 is not yet finished, I promise no sprintf() next time... */\r
1289}\r
https://dev.arachne.cz/repos/prometheus/trunk (mirrored @ Sat, 20 Apr 2024 14:15:04 +0200)
This page took 0.267733 seconds and 4 git commands to generate.