special class for overlimit packets (will be configurable)

git-svn-id: https://dev.arachne.cz/repos/prometheus/trunk@236 251d49ef-1d17-4917-a970-b30cf55b089b

diff --git a/parsehosts.c b/parsehosts.c
index 9ae1d811f827bf9971e642a8015fffef70b256da..7e12a41b34d1280821ef1c916e417675fade4b4a 100644 (file)
--- a/parsehosts.c
+++ b/parsehosts.c
@@ -259,8 +259,9 @@ void parse_hosts(char *hosts)
       }\r
      }\r
 \r
       }\r
      }\r
 \r

-     /* MTU is 1450 bytes = 11600 bits ~= 12 kbit, max is in kb/s */\r
-     ip->pps_limit = ip->max/12;\r
+     /* MTU is 1450 bytes = 11600 bits ~= 12 kbit, max is in kb/s \r
+        average pkt 1/2 MTU = 6 kbit*/\r
+     ip->pps_limit = ip->max/6;\r

      if(ip->pps_limit > 10000) /* this limit seems to be hardcoded in iptables */\r
      {\r
       ip->pps_limit = 0; /* do not apply packet limits */\r
      if(ip->pps_limit > 10000) /* this limit seems to be hardcoded in iptables */\r
      {\r
       ip->pps_limit = 0; /* do not apply packet limits */\r

diff --git a/prometheus.c b/prometheus.c
index c3ae02cd9bc88c60708f2441afa5283c4cb9fc64..dea239a2e9366b429790ce9389f976486fe23a03 100644 (file)
--- a/prometheus.c
+++ b/prometheus.c
@@ -132,6 +132,9 @@ struct IP *ips = NULL, *networks = NULL, *ip, *sharedip;
 struct Group *groups = NULL, *group;\r
 struct Keyword *keyword, *defaultkeyword=NULL, *keywords=NULL;\r
 \r
 struct Group *groups = NULL, *group;\r
 struct Keyword *keyword, *defaultkeyword=NULL, *keywords=NULL;\r
 \r

+#define FREE_CLASS      3\r
+#define OVERLIMIT_CLASS 4\r
+\r

 void help(void);\r
 /* implemented in help.c */
 \r
 void help(void);\r
 /* implemented in help.c */
 \r


@@ -669,6 +672,7 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
    sprintf(str,"-A FORWARD -d %s -o %s -j ACCEPT", qos_free_zone, wan);\r
    iptables_save_line(str, FALSE); /* this is currently supported only for IPv4 */\r
    \r
    sprintf(str,"-A FORWARD -d %s -o %s -j ACCEPT", qos_free_zone, wan);\r
    iptables_save_line(str, FALSE); /* this is currently supported only for IPv4 */\r
    \r

+/*\r

    if(qos_proxy)\r
    {\r
     iptables_save_line(":post_noproxy - [0:0]", FALSE);\r
    if(qos_proxy)\r
    {\r
     iptables_save_line(":post_noproxy - [0:0]", FALSE);\r


@@ -681,10 +685,12 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
 \r
     chain="post_noproxy";    \r
    }\r
 \r
     chain="post_noproxy";    \r
    }\r

+\r

    else\r
    {\r
    else\r
    {\r

-    chain="POSTROUTING";\r
-   }\r
+*/\r
+   chain = "POSTROUTING";\r
+//   }\r

     \r
    sprintf(str,"-A %s -s %s -o %s -j ACCEPT", chain, qos_free_zone, lan);\r
    iptables_save_line(str, FALSE);\r
     \r
    sprintf(str,"-A %s -s %s -o %s -j ACCEPT", chain, qos_free_zone, lan);\r
    iptables_save_line(str, FALSE);\r


@@ -1127,7 +1133,7 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
    chain_postrouting="POSTROUTING";\r
   }\r
 \r
    chain_postrouting="POSTROUTING";\r
   }\r
 \r

-  /* packet limits - this will be optional in future, hardcoded for now */\r
+  /* packet limits - this will be optional in future */\r

   if(ip->pps_limit)\r
   {\r
    sprintf(limit_pkts, "-m limit --limit %d/s --limit-burst %d ", \r
   if(ip->pps_limit)\r
   {\r
    sprintf(limit_pkts, "-m limit --limit %d/s --limit-burst %d ", \r


@@ -1148,6 +1154,7 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
                lan, mark_iptables, ip->mark);\r
   iptables_save_line(str, ip->v6);\r
 \r
                lan, mark_iptables, ip->mark);\r
   iptables_save_line(str, ip->v6);\r
 \r

+/*\r

   if(qos_proxy)\r
   {\r
    sprintf(str, "-A %s -s %s -p tcp --sport %d -d %s/%d -o %s -j %s%d",\r
   if(qos_proxy)\r
   {\r
    sprintf(str, "-A %s -s %s -p tcp --sport %d -d %s/%d -o %s -j %s%d",\r


@@ -1155,11 +1162,21 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
                 32*(1+ip->v6), lan, mark_iptables, ip->mark);\r
    iptables_save_line(str, ip->v6);\r
   }\r
                 32*(1+ip->v6), lan, mark_iptables, ip->mark);\r
    iptables_save_line(str, ip->v6);\r
   }\r

-\r
+*/\r

   sprintf(str, "-A %s -d %s/%d -o %s %s-j ACCEPT",\r
                chain_postrouting, ip->addr, 32*(1+ip->v6), lan, limit_pkts);\r
   iptables_save_line(str, ip->v6);\r
 \r
   sprintf(str, "-A %s -d %s/%d -o %s %s-j ACCEPT",\r
                chain_postrouting, ip->addr, 32*(1+ip->v6), lan, limit_pkts);\r
   iptables_save_line(str, ip->v6);\r
 \r

+  /* classify overlimit packets to separate overlimit class */\r
+  sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",\r
+               chain_postrouting, ip->addr, 32*(1+ip->v6),\r
+               lan, mark_iptables, OVERLIMIT_CLASS);\r
+  iptables_save_line(str, ip->v6);\r
+\r
+  sprintf(str, "-A %s -d %s/%d -o %s -j ACCEPT",\r
+               chain_postrouting, ip->addr, 32*(1+ip->v6), lan);\r
+  iptables_save_line(str, ip->v6);\r
+\r

   /* -------------------------------------------------------- mark upload */\r
   sprintf(str, "-A %s -s %s/%d -o %s -j %s%d", \r
                chain_forward, ip->addr, 32*(1+ip->v6), wan, mark_iptables, ip->mark);\r
   /* -------------------------------------------------------- mark upload */\r
   sprintf(str, "-A %s -s %s/%d -o %s -j %s%d", \r
                chain_forward, ip->addr, 32*(1+ip->v6), wan, mark_iptables, ip->mark);\r


@@ -1169,6 +1186,15 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
                chain_forward, ip->addr, 32*(1+ip->v6), wan, limit_pkts);\r
   iptables_save_line(str, ip->v6);\r
 \r
                chain_forward, ip->addr, 32*(1+ip->v6), wan, limit_pkts);\r
   iptables_save_line(str, ip->v6);\r
 \r

+  /* classify overlimit packets to separate overlimit class */\r
+  sprintf(str, "-A %s -s %s/%d -o %s -j %s%d", \r
+               chain_forward, ip->addr, 32*(1+ip->v6), wan, mark_iptables, OVERLIMIT_CLASS);\r
+  iptables_save_line(str, ip->v6);\r
+\r
+  sprintf(str, "-A %s -s %s/%d -o %s -j ACCEPT",\r
+               chain_forward, ip->addr, 32*(1+ip->v6), wan);\r
+  iptables_save_line(str, ip->v6);\r
+\r

   if(ip->min)\r
   {\r
    /* -------------------------------------------------------- download class */\r
   if(ip->min)\r
   {\r
    /* -------------------------------------------------------- download class */\r


@@ -1255,23 +1281,25 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
   final_chain = "ACCEPT";\r
  }\r
 \r
   final_chain = "ACCEPT";\r
  }\r
 \r

+/*\r

  if(qos_proxy)\r
  {\r
   if(free_min) \r
   {\r
    sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s%d",\r
                 chain_postrouting,proxy_ip,proxy_port,lan,mark_iptables, 3);\r
  if(qos_proxy)\r
  {\r
   if(free_min) \r
   {\r
    sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s%d",\r
                 chain_postrouting,proxy_ip,proxy_port,lan,mark_iptables, 3);\r

-   iptables_save_line(str, FALSE); /* only for IPv4 */\r
+   iptables_save_line(str, FALSE); // only for IPv4\r

   }\r
   sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s",\r
                chain_postrouting,proxy_ip,proxy_port,lan,final_chain);\r
   }\r
   sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s",\r
                chain_postrouting,proxy_ip,proxy_port,lan,final_chain);\r

-  iptables_save_line(str, FALSE); /* only for IPv4 */\r
+  iptables_save_line(str, FALSE); // only for IPv4\r

  }\r
  }\r

+*/\r

 \r
  if(free_min)\r
  {\r
   sprintf(str, "-A %s -o %s -j %s%d",\r
 \r
  if(free_min)\r
  {\r
   sprintf(str, "-A %s -o %s -j %s%d",\r

-               chain_postrouting, lan, mark_iptables, 3);\r
+               chain_postrouting, lan, mark_iptables, FREE_CLASS);\r

   iptables_save_line(str, FALSE); /* only for IPv4 */\r
  }\r
 \r
   iptables_save_line(str, FALSE); /* only for IPv4 */\r
  }\r
 \r


@@ -1285,7 +1313,7 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
 \r
  if(free_min)\r
  {\r
 \r
  if(free_min)\r
  {\r

-  sprintf(str,"-A %s -o %s -j %s%d", chain_forward, wan, mark_iptables, 3);\r
+  sprintf(str,"-A %s -o %s -j %s%d", chain_forward, wan, mark_iptables, FREE_CLASS);\r

   iptables_save_line(str, FALSE); /* only for IPv4 */\r
  }\r
 \r
   iptables_save_line(str, FALSE); /* only for IPv4 */\r
  }\r
 \r


@@ -1300,28 +1328,38 @@ Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);
  if(free_min) /* allocate free bandwith if it is not zero... */ \r
  {\r
    /*-----------------------------------------------------------------*/\r
  if(free_min) /* allocate free bandwith if it is not zero... */ \r
  {\r
    /*-----------------------------------------------------------------*/\r

-   puts("Generating free bandwith classes ...");\r
+   puts("Generating free bandwith class ...");\r

    /*-----------------------------------------------------------------*/\r
    /*-----------------------------------------------------------------*/\r

-   sprintf(str, "%s class add dev %s parent 1:%d classid 1:3 htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
-                tc, lan, parent, free_min, free_max,burst, lowest_priority);\r
+   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
+                tc, lan, parent, FREE_CLASS, free_min, free_max,burst, lowest_priority);\r

    safe_run(str);\r
    safe_run(str);\r

-   sprintf(str, "%s class add dev %s parent 1:%d classid 1:3 htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
-                tc, wan, parent, free_min, free_max, burst, lowest_priority);\r
+   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
+                tc, wan, parent, FREE_CLASS, free_min, free_max, burst, lowest_priority);\r

    safe_run(str);\r
    /* tc SFQ */\r
    if(strcmpi(qos_leaf, "none"))\r
    {\r
    safe_run(str);\r
    /* tc SFQ */\r
    if(strcmpi(qos_leaf, "none"))\r
    {\r

-     sprintf(str,"%s qdisc add dev %s parent 1:3 handle 3 %s", tc, lan, qos_leaf);\r
+     sprintf(str,"%s qdisc add dev %s parent 1:%d handle %d %s", tc, lan, FREE_CLASS, FREE_CLASS, qos_leaf);\r

      safe_run(str);\r
    \r
      safe_run(str);\r
    \r

-     sprintf(str,"%s qdisc add dev %s parent 1:3 handle 3 %s", tc, wan, qos_leaf);\r
+     sprintf(str,"%s qdisc add dev %s parent 1:%d handle %d %s", tc, wan, FREE_CLASS, FREE_CLASS, qos_leaf);\r

      safe_run(str);\r
    }   \r
    /* tc handle 1 fw flowid */\r
      safe_run(str);\r
    }   \r
    /* tc handle 1 fw flowid */\r

-   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle 3 fw flowid 1:3", tc, lan);\r
+   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d", tc, lan, FREE_CLASS, FREE_CLASS);\r
+   safe_run(str);\r
+\r
+   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d", tc, wan, FREE_CLASS, FREE_CLASS);\r

    safe_run(str);\r
 \r
    safe_run(str);\r
 \r

-   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle 3 fw flowid 1:3", tc, wan);\r
+   /*-----------------------------------------------------------------*/\r
+   puts("Generating bandwith class for overlimit packets...");\r
+   /*-----------------------------------------------------------------*/\r
+   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
+                tc, lan, parent, OVERLIMIT_CLASS, 1024, 4096, burst, lowest_priority);\r
+   safe_run(str);\r
+   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
+                tc, wan, parent, OVERLIMIT_CLASS, 1024, 4096, burst, lowest_priority);\r

    safe_run(str);\r
  }\r
  printf("Total IP count: %d\n", i);\r
    safe_run(str);\r
  }\r
  printf("Total IP count: %d\n", i);\r