/4 not /2 :-)

[svn/Prometheus-QoS/.git] / prometheus.c

/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
/* Prometheus QoS - you can "steal fire" from your ISP         */\r
/* "fair-per-IP" quality of service (QoS) utility              */\r
/* requires Linux 2.4.x or 2.6.x with HTB support              */\r
/* Copyright(C) 2005-2013 Michael Polak, Arachne Aerospace     */\r
/* iptables-restore support Copyright(C) 2007-2008 ludva       */\r
/* Credit: CZFree.Net,Martin Devera,Netdave,Aquarius,Gandalf  */\r
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
\r
/* Modified by: xChaos, 20130124\r
                 ludva, 20080415\r
 \r
   Prometheus QoS is free software; you can redistribute it and/or\r
   modify it under the terms of the GNU General Public License as \r
   published by the Free Software Foundation; either version 2.1 of \r
   the License, or (at your option) any later version.\r
\r
   Prometheus QoS is distributed in the hope that it will be useful,\r
   but WITHOUT ANY WARRANTY; without even the implied warranty of\r
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\r
   General Public License for more details.\r
\r
   You should have received a copy of the GNU General Public License\r
   along with Prometheus Qos; if not, write to the Free Software\r
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA \r
   \r
   GNU General Public License is located in file COPYING */\r
\r
#include "cll1-0.6.2.h"\r
#include "ipstruct.h"\r
\r
const char *version = "0.8.3-i";\r
\r
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
/* Versions: 0.8.3 is development release, 0.8.4 will be "stable"  */\r
/* Official Trac URL: https://dev.arachne.cz/svn/prometheus        */\r
/* Official SVN URL: https://dev.arachne.cz/repos/prometheus       */\r
/* BTC donations account: 19rriLx8vR19wGefPaMhakqnCYNYwjLvxq       */\r
/* CZK donations account: 2900242944/2010 (transparent account)    */\r
/* Warning: unofficial Github mirror is not supported by author!  */\r
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */\r
\r
const char *stats_html_signature = "<span class=\"small\">Statistics generated by Prometheus QoS version %s<br />GPL+Copyright(C)2005-2013 Michael Polak, <a target=\"_blank\" href=\"http://www.arachne.cz/\">Arachne Labs</a></span>\n";\r
\r
#define STRLEN 512\r
#undef DEBUG\r
\r
/* ======= All path names are defined here (for RPM patch) =======  */\r
\r
const char               *tc = "/sbin/tc"; /* requires tc with HTB support */\r
const char         *iptables = "/sbin/iptables"; /* requires iptables utility */\r
const char        *ip6tables = "/sbin/ip6tables"; /* requires iptables utility */\r
const char     *iptablessave = "/sbin/iptables-save"; /* not yet required */\r
const char  *iptablesrestore = "/sbin/iptables-restore";  /* requires iptables-restore */\r
const char    *ip6tablessave = "/sbin/ip6tables-save"; /* not yet required */\r
const char *ip6tablesrestore = "/sbin/ip6tables-restore";  /* requires iptables-restore */\r
const char               *ls = "/bin/ls"; /* this is not user configurable :-) */\r
\r
char          *config = "/etc/prometheus/prometheus.conf"; /* main configuration file */\r
char           *hosts = "/etc/prometheus/hosts"; /* per-IP bandwidth definition file */\r
char    *iptablesfile = "/var/spool/prometheus.iptables"; /* temporary file for iptables-restore*/\r
char   *ip6tablesfile = "/var/spool/prometheus.ip6tables"; /* temporary file for ip6tables-restore*/\r
char          *credit = "/var/lib/misc/prometheus.credit"; /* credit log file */\r
char        *classmap = "/var/lib/misc/prometheus.classes"; /* credit log file */\r
char            *html = "/var/www/traffic.html"; /* hall of fame - html version */\r
char         *preview = "/var/www/preview.html"; /* hall of fame preview - html version */\r
char    *json_traffic = "/var/www/logs/traffic.json"; /* hall of fame - json version */\r
char    *json_preview = "/var/www/logs/preview.json"; /* hall of fame preview - json version */\r
char          *cmdlog = "/var/log/prometheuslog"; /* command log filename */\r
char         *log_dir = "/var/www/logs/"; /* log directory pathname, ended with slash */\r
char         *log_url = "/logs/"; /* log directory relative URI prefix (partial URL) */\r
char    *html_log_dir = "/var/www/logs/html/";\r
\r
char      *jquery_url = "http://code.jquery.com/jquery-latest.js";\r
char         *lms_url = "/lms/?m=customerinfo&amp;id=";\r
int use_jquery_popups = TRUE;\r
int      row_odd_even = 0; /*<tr class="odd/even"> */\r
 \r
/* === Configuraration file values defaults - stored in global variables ==== */\r
\r
int        filter_type = 1; /*1 mark, 2 classify*/\r
char      *final_chain = "DROP"; /* REJECT would be better, but it is impossible in mangle */\r
char             *mark = "MARK";\r
char    *mark_iptables = "MARK --set-mark ";\r
int            dry_run = FALSE; /* preview - use puts() instead of system() */\r
char *iptablespreamble = "*mangle\n:PREROUTING ACCEPT [0:0]\n:POSTROUTING ACCEPT [0:0]\n:INPUT ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]";\r
char      *ip6preamble = "-A FORWARD -p ipv6-icmp -j ACCEPT\n-A POSTROUTING -p ipv6-icmp -j ACCEPT\n-A FORWARD -s fe80::/10 -j ACCEPT\n-A FORWARD -d ff00::/8 -j ACCEPT\n-A POSTROUTING -s fe80::/10 -j ACCEPT\n-A POSTROUTING -d ff00::/8 -j ACCEPT";\r
FILE    *iptables_file = NULL;\r
FILE   *ip6tables_file = NULL;\r
int      enable_credit = TRUE; /* enable credit file */\r
int         use_credit = FALSE; /* use credit file (if enabled)*/\r
char            *title = "Hall of Fame - Greatest Suckers"; /* hall of fame title */\r
int       hall_of_fame = TRUE; /* enable hall of fame */\r
char              *lan = "eth0"; /* LAN interface */\r
char       *lan_medium = "100Mbit"; /* 10Mbit/100Mbit ethernet */\r
char              *wan = "eth1"; /* WAN/ISP interface */\r
char        *ip6prefix = NULL; /* Prefix for global /48 IPv6 subnet */\r
char       *wan_medium = "100Mbit"; /* 10Mbit/100Mbit ethernet */\r
char         *qos_leaf = "sfq perturb 5"; /* leaf discipline */\r
char    *qos_free_zone = NULL; /* QoS free zone */\r
int          qos_proxy = TRUE; /* include proxy port to QoS */\r
int        found_lmsid = FALSE; /* show links to users in LMS information system */\r
int     include_upload = TRUE; /* upload+download=total traffic */\r
char         *proxy_ip = "192.168.1.1/32"; /* our IP with proxy port */\r
int         proxy_port = 3128; /* proxy port number */\r
long long int     line = 1024; /* WAN/ISP download in kbps */\r
long long int       up = 1024; /* WAN/ISP upload in kbps */\r
int           free_min = 256; /* minimum guaranted bandwidth for all undefined hosts */\r
int           free_max = 512; /* maximum allowed bandwidth for all undefined hosts */\r
int     qos_free_delay = 0; /* seconds to sleep before applying new QoS rules */\r
int     digital_divide = 2; /* controls digital divide weirdness ratio, 1...3 */ \r
int        max_nesting = 3; /* maximum nesting of HTB clases, built-in maximum seems to be 4 */\r
int            htb_r2q = 256; /* should work for leaf values 512 kbps to 8 Mbps */\r
int              burst = 8; /* HTB burst (in kbits) */\r
int         burst_main = 64;\r
int        burst_group = 32;\r
int     magic_treshold = 8; /* reduce ceil by X*magic_treshhold kbps (hard shaping) */\r
int       keywordcount = 0;\r
int        class_count = 0;\r
int           ip_count = 0;\r
/* not yet implemented:\r
int      fixed_packets = 0; maximum number of pps per IP address (not class!) \r
int       packet_limit = 5; maximum number of pps to htn CEIL, not rate !!! \r
*/\r
FILE         *log_file = NULL;\r
char              *kwd = "via-prometheus"; /* /etc/hosts comment, eg. #qos-64-128 */\r
\r
const int highest_priority   = 0; /* highest HTB priority (HTB built-in value is 0) */\r
const int lowest_priority    = 7; /* lowest HTB priority (HTB built-in value is 7) */\r
const int idxtable_treshold1 = 24;      /* this is no longer configurable */\r
const int idxtable_treshold2 = 12;      /* this is no longer configurable */\r
const int idxtable_bitmask1  = 3;        /* this is no longer configurable */\r
const int idxtable_bitmask2  = 3;        /* this is no longer configurable */\r
\r
struct IP *ips = NULL, *ip, *sharedip;\r
struct Group *groups = NULL, *group;\r
struct Keyword *keyword, *defaultkeyword=NULL, *keywords=NULL;\r
\r
void help(void);\r
/* implemented in help.c */
\r
void get_traffic_statistics(const char *whichiptables, int ipv6);\r
/* implemented in parseiptables.c */\r
\r
void parse_ip_log(int argc, char **argv);\r
/* implemented in parselog.c */\r
\r
void parse_hosts(char *hosts);\r
/* implemented in parsehosts.c */\r
\r
void write_json_traffic(char *json);\r
/* implemented in json.c */\r
\r
void write_htmlandlogs(char *html, char *d, int total, int just_preview);\r
/* implemented in htmlandlogs.c */\r
\r
const char *tr_odd_even(void)\r
{\r
 row_odd_even = 1 - row_odd_even;\r
 if(row_odd_even)\r
 {\r
  return "<tr class=\"even\">\n";\r
 }\r
 else\r
 {\r
  return "<tr class=\"odd\">\n";\r
 }\r
}\r
\r
/* ==== This is C<<1 stuff - learn C<<1 first! https://dev.arachne.cz/svn/cll1h ==== */\r
/* (except that this code uses obsolete, archaic version of this header file...)     */\r
\r
struct Index\r
{\r
 char *addr;\r
 char *id;\r
 struct Index *parent;\r
 int bitmask;\r
 int children;\r
 int ipv6;\r
 list(Index);\r
} *idxs=NULL, *idx, *metaindex;\r
\r
\r
/* ====== iptables indexes are used to reduce complexity to log8(N) ===== */\r
\r
char *index_id(char *ip, int bitmask);\r
/* function implemented in ipv4subnets.c */\r
\r
char *subnet_id(char *ip, int bitmask);\r
/* function implemented in ipv4subnets.c */\r
\r
char *index6_id(char *ip, int bitmask);\r
/* function implemented in ipv6subnets.c */\r
\r
char *subnet6_id(char *ip, int bitmask);\r
/* function implemented in ipv6subnets.c */\r
\r
/* ================= Let's parse configuration file here ================ */\r
\r
void reject_config_and_exit(char *filename)\r
{\r
 printf("Configuration file %s rejected - abnormal exit.",filename);\r
 exit(-1);\r
}\r
\r
void get_config(char *config_filename)\r
{\r
 char *cnf="mark";\r
 \r
 printf("Configured keywords: ");\r
 parse(config_filename)\r
 {\r
  option("keyword",kwd);\r
  if(kwd)\r
  {\r
   printf("%s ",kwd);\r
\r
   create(keyword,Keyword);\r
   keyword->key=kwd;\r
   keyword->asymetry_ratio=1;          /* ratio for ADSL-like upload */\r
   keyword->asymetry_fixed=0;          /* fixed treshold for ADSL-like upload */\r
   keyword->data_limit=8;              /* hard shaping: apply magic_treshold if max*data_limit MB exceeded */\r
   keyword->data_prio=4;               /* soft shaping (qos): reduce HTB prio if max*data_prio MB exceeded */\r
   keyword->fixed_limit=0;             /* fixed data limit for setting lower HTB ceil */\r
   keyword->fixed_prio=0;              /* fixed data limit for setting lower HTB prio */\r
   keyword->reserve_min=8;	       /* bonus for nominal HTB rate bandwidth (in kbps) */\r
   keyword->reserve_max=0;	       /* malus for nominal HTB ceil (in kbps) */\r
   keyword->default_prio=highest_priority+1;\r
   keyword->html_color="000000";\r
   keyword->ip_count=0;\r
   keyword->leaf_discipline="";\r
\r
   push(keyword,keywords);\r
   if(!defaultkeyword)\r
   {\r
    defaultkeyword=keyword;\r
   }\r
   keywordcount++;\r
   \r
   kwd=NULL;\r
  }\r
  else\r
  {\r
    for_each(keyword,keywords)\r
    {\r
     int l=strlen(keyword->key);\r
\r
     if(!strncmp(keyword->key,_,l) && strlen(_)>l+2)\r
     {\r
      char *tmptr=_; /*  <---- l+1 ----> */\r
      _+=l+1;        /*  via-prometheus-asymetry-ratio, etc. */\r
      ioption("asymetry-ratio",keyword->asymetry_ratio);\r
      ioption("asymetry-treshold",keyword->asymetry_fixed);\r
      ioption("magic-relative-limit",keyword->data_limit);\r
      ioption("magic-relative-prio",keyword->data_prio);\r
      loption("magic-fixed-limit",keyword->fixed_limit);\r
      loption("magic-fixed-prio",keyword->fixed_prio);\r
      ioption("htb-default-prio",keyword->default_prio);\r
      ioption("htb-rate-bonus",keyword->reserve_min);\r
      ioption("htb-ceil-malus",keyword->reserve_max);\r
      option("leaf-discipline",keyword->leaf_discipline);\r
      option("html-color",keyword->html_color);\r
      _=tmptr;\r
      \r
      if(keyword->data_limit || keyword->fixed_limit || \r
         keyword->data_prio || keyword->fixed_prio)\r
      {\r
       use_credit=1;        \r
      }\r
     }\r
    }\r
  }\r
\r
  option("tc",tc);\r
  option("iptables",iptables);\r
  option("iptables-save",iptablessave);\r
  option("iptables-restore",iptablesrestore);\r
  option("ip6tables",ip6tables);\r
  option("ip6tables-save",ip6tablessave);\r
  option("ip6tables-restore",ip6tablesrestore);\r
  option("iptables-in-filename",iptablesfile);\r
  option("ip6tables-in-filename",ip6tablesfile);\r
  option("hosts",hosts);\r
  option("lan-interface",lan);\r
  option("wan-interface",wan);\r
  option("ip6-prefix",ip6prefix);\r
  option("lan-medium",lan_medium);\r
  option("wan-medium",wan_medium);\r
  lloption("wan-download",line);\r
  lloption("wan-upload",up);\r
  ioption("hall-of-fame-enable",hall_of_fame);\r
  option("hall-of-fame-title",title);\r
  option("hall-of-fame-filename",html);\r
  option("json-filename",json_traffic);\r
  option("hall-of-fame-preview",preview);\r
  option("json-preview",json_preview);\r
  option("log-filename",cmdlog);\r
  option("credit-filename",credit);\r
  option("classmap-filename",classmap);\r
  ioption("credit-enable",enable_credit);\r
  option("log-traffic-directory",log_dir);\r
  option("log-traffic-html-directory",html_log_dir);\r
  option("log-traffic-url-path",log_url);\r
  option("jquery-url",jquery_url);\r
  option("lms-url",lms_url);\r
  ioption("use-jquery-popups",use_jquery_popups);\r
  option("qos-free-zone",qos_free_zone);\r
  ioption("qos-free-delay",qos_free_delay);\r
  ioption("qos-proxy-enable",qos_proxy);\r
  option("qos-proxy-ip",proxy_ip);\r
  option("htb-leaf-discipline",qos_leaf);\r
  ioption("qos-proxy-port",proxy_port);\r
  ioption("free-rate",free_min);\r
  ioption("free-ceil",free_max);\r
  ioption("htb-burst",burst);\r
  ioption("htb-burst-main",burst_main);\r
  ioption("htb-burst-group",burst_group);\r
  ioption("htb-nesting-limit",max_nesting);\r
  ioption("htb-r2q",htb_r2q);\r
  ioption("magic-include-upload",include_upload);\r
  ioption("magic-treshold",magic_treshold);  \r
  option("filter-type", cnf);  \r
/* not yet implemented:\r
  ioption("magic-fixed-packets",fixed_packets);\r
  ioption("magic-relative-packets",packet_limit);\r
*/\r
 }\r
 fail\r
 { \r
  perror(config_filename);\r
  puts("Warning - using built-in defaults instead ...");\r
 }\r
 done; /* ugly macro end */\r
 printf("\n");\r
 \r
 /* leaf discipline for keywords */\r
 for_each(keyword,keywords)\r
 {\r
    if(!strcmpi(keyword->leaf_discipline, ""))\r
    {\r
        keyword->leaf_discipline = qos_leaf;\r
    }\r
 }\r
\r
 if(strcmpi(cnf, "mark"))\r
 {\r
  filter_type = 2;\r
  mark = "CLASSIFY";\r
  mark_iptables = "CLASSIFY --set-class 1:";\r
 }\r
 else\r
 {\r
  filter_type = 1;\r
  mark = "MARK";\r
  mark_iptables = "MARK --set-mark ";\r
 }\r
\r
 /* are supplied values meaningful ?*/\r
 if(line<=0 || up<=0)\r
 {\r
  puts("Illegal value of LAN or WAN bandwidth: 0 kbps.");\r
  reject_config_and_exit(config_filename);\r
 }\r
}\r
\r
 \r
/* ========== This function executes, logs OR ALSO prints command ========== */\r
\r
void safe_run(char *cmd)\r
{\r
 if(dry_run)\r
 {\r
  printf("\n=>%s\n",cmd);\r
 }\r
 else\r
 {\r
  system(cmd);\r
 }\r
 if(log_file)\r
 {\r
  fprintf(log_file,"%s\n",cmd);\r
 }\r
}\r
\r
void iptables_save_line(char *line, int ipv6)\r
{\r
 if(ipv6)\r
 {\r
  fprintf(ip6tables_file,"%s\n",line);\r
 }\r
 else\r
 {\r
  fprintf(iptables_file,"%s\n",line);\r
 }\r
}\r
\r
void run_iptables_restore(void)\r
{\r
 char *restor;\r
 string(restor,STRLEN);\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Running %s <%s ...\n", iptablesrestore, iptablesfile);\r
 /*-----------------------------------------------------------------*/\r
\r
 iptables_save_line("COMMIT", FALSE);\r
 fclose(iptables_file);\r
 if(dry_run) \r
 {\r
  parse(iptablesfile)\r
  {\r
   printf("%s\n",_);\r
  }\r
  done; /* ugly macro end */\r
 }\r
\r
 sprintf(restor,"%s <%s",iptablesrestore, iptablesfile);\r
 safe_run(restor);\r
\r
 if(ip6prefix)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  printf("Running %s <%s ...\n", ip6tablesrestore, ip6tablesfile);\r
  /*-----------------------------------------------------------------*/\r
  iptables_save_line("COMMIT", TRUE);\r
  fclose(ip6tables_file);\r
  if(dry_run) \r
  {\r
   parse(ip6tablesfile)\r
   {\r
    printf("%s\n",_);\r
   }\r
   done; /* ugly macro end */\r
  }\r
  sprintf(restor,"%s <%s",ip6tablesrestore, ip6tablesfile);\r
  safe_run(restor);\r
 }\r
 free(restor);\r
}\r
\r
char *parse_datafile_line(char *str)\r
{\r
 char *ptr=strchr(str,' ');\r
\r
 if(ptr)\r
 {\r
  *ptr=0;\r
  ptr++;\r
  return ptr;\r
 } \r
 else \r
 {\r
  return NULL;\r
 }\r
}\r
\r
\r
/*-----------------------------------------------------------------*/\r
/* Are you looking for int main(int argc, char **argv) ? :-))      */\r
/*-----------------------------------------------------------------*/\r
\r
program\r
{\r
 int i=0;                    /* just plain old Fortran style integer :-) */\r
 FILE *f=NULL;               /* everything is just stream of bytes... */\r
 char *str, *ptr, *d;        /* LET A$=B$ :-) */\r
 char *substring;\r
\r
 int parent        = 1;\r
 int just_flush    = FALSE;       /* deactivates all previous actions */\r
 int nodelay       = FALSE;\r
 int just_preview  = FALSE;       /* preview - generate just stats */\r
 int start_shaping = FALSE;       /* apply FUP - requires classmap file */\r
 int stop_shaping  = FALSE;       /* lift FUP - requires classmap file */\r
 int reduce_ceil     = 0;           /* allow only rate+(ceil-rate)/2, /4, etc. */\r
 int just_logs     = FALSE;       /* just parse logs */\r
 int run           = FALSE;\r
 int total         = 0;\r
 \r
 char *chain_forward, *chain_postrouting;\r
 char *althosts=NULL;\r
  \r
 printf("\n\\r
Prometheus QoS - \"fair-per-IP\" Quality of Service setup utility.\n\\r
Version %s - Copyright (C)2005-2013 Michael Polak, Arachne Labs\n\\r
iptables-restore & burst tunning & classify modification by Ludva\n\\r
Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);\r
\r
 /*----- Boring... we have to check command line options first: ----*/   \r
 arguments\r
 {\r
  argument("-c") { nextargument(config); }\r
  argument("-h") { nextargument(althosts);}\r
  argument("-d") { run=TRUE; dry_run=TRUE; }\r
  argument("-f") { run=TRUE; just_flush=TRUE; }\r
  argument("-9") { run=TRUE; just_flush=9; }\r
  argument("-p") { run=TRUE; just_preview=TRUE; }\r
  argument("-q") { run=TRUE; just_preview=TRUE; stop_shaping=TRUE; }\r
  argument("-2") { run=TRUE; just_preview=TRUE; reduce_ceil=2; }\r
  argument("-4") { run=TRUE; just_preview=TRUE; reduce_ceil=4; }\r
  argument("-s") { run=TRUE; just_preview=TRUE; start_shaping=TRUE; }\r
  argument("-r") { run=TRUE; }\r
  argument("-n") { run=TRUE; nodelay=TRUE; }\r
  argument("-l") { just_logs=TRUE; }\r
  argument("-m") { just_logs=TRUE; }\r
  argument("-y") { just_logs=TRUE; }\r
  argument("-?") { help(); exit(0); }\r
  argument("--help") { help(); exit(0); }\r
  argument("-v") { exit(0); } \r
  argument("--version") { exit(0); } \r
 }\r
 \r
 if(dry_run)\r
 {\r
  puts("*** THIS IS JUST DRY RUN ! ***\n");\r
 }\r
\r
 date(d); /* this is typical cll1.h macro - prints current date */\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Parsing configuration file %s ...\n", config);\r
 /*-----------------------------------------------------------------*/\r
 get_config(config);\r
 \r
 if(just_logs)\r
 {\r
  parse_ip_log(argc,argv);\r
  exit(0);\r
 }\r
 else if(not run)\r
 {\r
  help();\r
  exit(0);\r
 }\r
\r
 if(althosts)\r
 {\r
  hosts=althosts;\r
 }\r
\r
 if(just_flush<9)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  puts("Parsing iptables verbose output ...");\r
  /*-----------------------------------------------------------------*/\r
  get_traffic_statistics(iptables, FALSE);\r
  if(ip6prefix)\r
  {\r
   /*-----------------------------------------------------------------*/\r
   puts("Parsing ip6tables verbose output ...");\r
   /*-----------------------------------------------------------------*/  \r
   get_traffic_statistics(ip6tables, TRUE);\r
  }\r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Parsing class defintion file %s ...\n", hosts);\r
 /*-----------------------------------------------------------------*/\r
 parse_hosts(hosts);\r
\r
 /*-----------------------------------------------------------------*/\r
 /* cll1.h - let's allocate brand new character buffer...           */\r
 /*-----------------------------------------------------------------*/\r
 string(str,STRLEN); \r
\r
 /*-----------------------------------------------------------------*/\r
 puts("Resolving shared connections ...");\r
 /*-----------------------------------------------------------------*/\r
 for_each(ip,ips) if(ip->sharing)\r
 {\r
  for_each(sharedip,ips) if(eq(sharedip->name, ip->sharing))\r
  {\r
   sharedip->traffic += ip->traffic;\r
   ip->traffic = 0;\r
   ip->mark = sharedip->mark; \r
   ip->lmsid = sharedip->lmsid;\r
   break;\r
  }\r
  if(not sharedip)\r
  {\r
   printf("Unresolved shared connection: %s %s sharing-%s\n",\r
          ip->addr, ip->name, ip->sharing);\r
  }\r
 }\r
\r
 if(enable_credit && just_flush<9)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  printf("Parsing credit file %s ...\n", credit);\r
  /*-----------------------------------------------------------------*/\r
  parse(credit)\r
  {\r
   ptr=parse_datafile_line(_);\r
   if(ptr)\r
   {\r
    if_exists(ip,ips,eq(ip->addr,_))\r
    {\r
     sscanf(ptr,"%Lu",&(ip->credit));\r
    }\r
   }\r
  }\r
  done; /* ugly macro end */\r
 }\r
\r
 if(!just_preview)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  puts("Initializing iptables and tc classes ...");\r
  /*-----------------------------------------------------------------*/\r
  \r
  iptables_file = fopen(iptablesfile, "w");\r
  if(iptables_file == NULL)\r
  {\r
    perror(iptablesfile);\r
    exit(-1);\r
  }\r
  iptables_save_line(iptablespreamble, FALSE);\r
\r
  if(ip6prefix)\r
  {\r
   ip6tables_file = fopen(ip6tablesfile, "w");\r
   if(ip6tables_file == NULL)\r
   {\r
     perror(ip6tablesfile);\r
     exit(-1);\r
   }\r
   iptables_save_line(iptablespreamble, TRUE);\r
   iptables_save_line(ip6preamble, TRUE);\r
  }\r
\r
  run_iptables_restore();\r
  \r
  log_file = fopen(cmdlog, "w");\r
  if(log_file == NULL) \r
  {\r
    perror(cmdlog);\r
    exit(-1);\r
  }  \r
  \r
  sprintf(str,"%s qdisc del dev %s root 2>/dev/null",tc,lan);\r
  safe_run(str);\r
\r
  sprintf(str,"%s qdisc del dev %s root 2>/dev/null",tc,wan);\r
  safe_run(str);\r
  \r
  iptables_file=fopen(iptablesfile,"w");\r
  iptables_save_line(iptablespreamble, FALSE);\r
  if(ip6prefix)\r
  {\r
   ip6tables_file=fopen(ip6tablesfile,"w");\r
   iptables_save_line(iptablespreamble, TRUE);\r
   iptables_save_line(ip6preamble, TRUE);\r
  }\r
\r
  if(qos_free_zone && *qos_free_zone!='0') /* this is currently supported only for IPv4 */\r
  {\r
   char *chain;\r
   \r
   sprintf(str,"-A FORWARD -d %s -o %s -j ACCEPT", qos_free_zone, wan);\r
   iptables_save_line(str, FALSE); /* this is currently supported only for IPv4 */\r
   \r
   if(qos_proxy)\r
   {\r
    iptables_save_line(":post_noproxy - [0:0]", FALSE);\r
    sprintf(str,"-A POSTROUTING ! -p tcp -o %s -j post_noproxy", lan);\r
    iptables_save_line(str , FALSE);\r
    sprintf(str,"-A POSTROUTING ! -s %s -o %s -j post_noproxy", proxy_ip, lan);\r
    iptables_save_line(str, FALSE);\r
    sprintf(str,"-A POSTROUTING -s %s -p tcp ! --sport %d -o %s -j post_noproxy", proxy_ip, proxy_port, lan);\r
    iptables_save_line(str, FALSE);\r
\r
    chain="post_noproxy";    \r
   }\r
   else\r
   {\r
    chain="POSTROUTING";\r
   }\r
    \r
   sprintf(str,"-A %s -s %s -o %s -j ACCEPT", chain, qos_free_zone, lan);\r
   iptables_save_line(str, FALSE);\r
  }\r
  \r
  if(ip_count > idxtable_treshold1 && !just_flush)\r
  {\r
   int idxcount=0, bitmask=32-idxtable_bitmask1;\r
   char *subnet, *buf;\r
   /*-----------------------------------------------------------------*/\r
   printf("Detected %d addresses - indexing iptables rules to improve performance...\n",ip_count);\r
   /*-----------------------------------------------------------------*/\r
\r
   iptables_save_line(":post_common - [0:0]", FALSE);\r
   iptables_save_line(":forw_common - [0:0]", FALSE);\r
   if(ip6prefix)\r
   {\r
    iptables_save_line(":post_common - [0:0]", TRUE);\r
    iptables_save_line(":forw_common - [0:0]", TRUE);\r
   }\r
\r
   for_each(ip,ips) if(ip->addr && *(ip->addr) && !eq(ip->addr,"0.0.0.0/0")) \r
   {\r
    if(ip->v6)\r
    {\r
     buf=index6_id(ip->addr,bitmask+32);\r
    }\r
    else\r
    {\r
     buf=index_id(ip->addr, bitmask);\r
    }\r
    \r
    if_exists(idx,idxs,eq(idx->id,buf))\r
    {\r
     idx->children++;\r
    }\r
    else\r
    {\r
     create(idx,Index);\r
     idx->addr = ip->addr;\r
     idx->id = buf;\r
     idx->bitmask = bitmask+32*ip->v6;\r
     idx->parent = NULL;\r
     idx->children = 0;\r
     idx->ipv6 = ip->v6;\r
     idxcount++;\r
     push(idx,idxs);\r
    }\r
   }\r
\r
   /* brutal perfomance optimalization */\r
   while(idxcount > idxtable_treshold2 && bitmask > 2*idxtable_bitmask2)\r
   {\r
    bitmask -= idxtable_bitmask2;\r
    idxcount = 0;\r
\r
    for_each(idx,idxs) if(idx->parent == NULL)\r
    {\r
     if(idx->ipv6)\r
     {\r
      buf = index6_id(idx->addr, bitmask+32);\r
     }\r
     else\r
     {\r
      buf = index_id(idx->addr, bitmask);\r
     }\r
     if_exists(metaindex,idxs,eq(metaindex->id,buf))\r
     {\r
      metaindex->children++;\r
     }\r
     else\r
     {\r
      create(metaindex,Index);\r
      metaindex->addr = idx->addr;\r
      metaindex->id = buf;\r
      metaindex->bitmask = bitmask+32*idx->ipv6;\r
      metaindex->parent = NULL;\r
      metaindex->children = 0;\r
      metaindex->ipv6 = idx->ipv6;\r
      idxcount++;\r
      push(metaindex,idxs);\r
     }\r
     idx->parent=metaindex;\r
    }\r
   }\r
\r
   /* this should slightly optimize throughput ... */\r
   sort(idx,idxs,desc_order_by,children);\r
   sort(idx,idxs,order_by,bitmask);\r
\r
   i=0;\r
   for_each(idx,idxs)\r
   {\r
    if(idx->ipv6)\r
    {\r
     subnet=subnet6_id(idx->addr, idx->bitmask);\r
    }\r
    else\r
    {\r
     subnet=subnet_id(idx->addr, idx->bitmask);\r
    }\r
    printf("%d: %s/%d\n", ++i, subnet, idx->bitmask);\r
       \r
    sprintf(str,":post_%s - [0:0]", idx->id);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    sprintf(str,":forw_%s - [0:0]", idx->id);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    if(idx->parent)\r
    {\r
     string(buf,strlen(idx->parent->id)+6);\r
     sprintf(buf,"post_%s", idx->parent->id);\r
    }\r
    else\r
    {\r
     buf="POSTROUTING";\r
    }\r
\r
    sprintf(str,"-A %s -d %s/%d -o %s -j post_%s", buf, subnet, idx->bitmask, lan, idx->id);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    sprintf(str,"-A %s -d %s/%d -o %s -j post_common", buf, subnet, idx->bitmask, lan);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    if(idx->parent)\r
    {\r
     string(buf,strlen(idx->parent->id)+6);\r
     sprintf(buf,"forw_%s",idx->parent->id);\r
    }\r
    else\r
    {\r
     buf="FORWARD";\r
    }\r
\r
    sprintf(str,"-A %s -s %s/%d -o %s -j forw_%s", buf, subnet, idx->bitmask, wan, idx->id);\r
    iptables_save_line(str, idx->ipv6);\r
\r
    sprintf(str,"-A %s -s %s/%d -o %s -j forw_common", buf, subnet, idx->bitmask, wan);\r
    iptables_save_line(str, idx->ipv6);\r
   }\r
   printf("Total indexed iptables chains created: %d\n", i);\r
\r
   sprintf(str,"-A FORWARD -o %s -j forw_common", wan);\r
   iptables_save_line(str, FALSE);\r
   \r
   sprintf(str,"-A POSTROUTING -o %s -j post_common", lan);\r
   iptables_save_line(str, FALSE);\r
\r
   if(ip6prefix)\r
   {\r
    sprintf(str,"-A FORWARD -o %s -j forw_common", wan);\r
    iptables_save_line(str, TRUE);\r
    \r
    sprintf(str,"-A POSTROUTING -o %s -j post_common", lan);\r
    iptables_save_line(str, TRUE);\r
   }\r
  }\r
 }\r
\r
 if(just_flush)\r
 {\r
  fclose(iptables_file);\r
  if(log_file)\r
  { \r
   fclose(log_file);\r
  }\r
  puts("Just flushed iptables and tc classes - now exiting ...");\r
  exit(0);\r
 }\r
\r
 if(!just_preview)\r
 {\r
  if(!dry_run && !nodelay && qos_free_delay)\r
  {\r
   printf("Flushed iptables and tc classes - now sleeping for %d seconds...\n",qos_free_delay);\r
   sleep(qos_free_delay);\r
  }\r
\r
  sprintf(str,"%s qdisc add dev %s root handle 1: htb r2q %d default 1",\r
              tc,lan,htb_r2q);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1: classid 1:2 htb rate %s ceil %s burst %dk prio %d",\r
               tc,lan,lan_medium,lan_medium,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1:2 classid 1:1 htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d",\r
                tc,lan,line,line,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str,"%s qdisc add dev %s root handle 1: htb r2q %d default 1",tc,wan,htb_r2q);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1: classid 1:2 htb rate %s ceil %s burst %dk prio %d",\r
               tc,wan,wan_medium,wan_medium,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1:2 classid 1:1 htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d",\r
               tc,wan,up,up,burst_main,highest_priority);\r
  safe_run(str);\r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 puts("Locating heavy downloaders and generating root classes ...");\r
 /*-----------------------------------------------------------------*/\r
 sort(ip,ips,desc_order_by,traffic); \r
\r
 /*-----------------------------------------------------------------*/\r
 /* sub-scope - local variables */  \r
 {\r
  long long int rate = line;\r
  long long int max = line;\r
  int group_count = 0;\r
  FILE *credit_file = NULL;\r
  \r
  if(!just_preview && !dry_run && enable_credit)\r
  {\r
   credit_file = fopen(credit,"w");\r
  }\r
    \r
  for_each(group,groups)\r
  {\r
   if(!just_preview)\r
   {\r
    //download\r
    sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d #down desired %d", \r
                 tc, lan, parent, group->id, rate, max, burst_group, highest_priority+1, group->desired);\r
    safe_run(str);\r
    \r
    //upload\r
    sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d #up desired %d", \r
                 tc, wan, parent, group->id, rate*up/line, max*up/line, burst_group, highest_priority+1, group->desired);\r
    safe_run(str);\r
   }\r
   \r
   if(group_count++ < max_nesting)\r
   {\r
    parent = group->id;\r
   }\r
   \r
   rate -= digital_divide*group->min;\r
   if(rate < group->min)\r
   {\r
    rate = group->min;\r
   }\r
    \r
   /*shaping of aggresive downloaders, with credit file support */\r
   if(use_credit)\r
   {\r
    int group_rate = group->min, priority_sequence = lowest_priority;\r
    \r
    for_each(ip, ips) if(ip->min == group->min && ip->max > ip->min)\r
    {\r
     ip->realquota=ip->credit+(ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20));\r
     if(     ip->keyword->data_limit \r
         and not ip->fixedprio \r
         and ip->traffic > ip->realquota )\r
     {\r
      if(group_rate < ip->max)\r
      {\r
       ip->max = group_rate;\r
      }\r
      group_rate+=magic_treshold;\r
      ip->prio=lowest_priority;\r
      if(ip->prio<highest_priority+2)\r
      {\r
       ip->prio=highest_priority+2;\r
      }\r
     }\r
     else\r
     {\r
      if(    ip->keyword->data_prio \r
          && !ip->fixedprio \r
          && (   ip->traffic>ip->credit\r
               + (ip->min*ip->keyword->data_prio+(ip->keyword->fixed_prio<<20))) )\r
      {\r
       ip->prio=priority_sequence--;\r
       if(ip->prio<highest_priority+1)\r
       {\r
        ip->prio=highest_priority+1;\r
       }\r
      }\r
     \r
      if(credit_file)\r
      {\r
       unsigned long long lcredit=0;\r
       \r
       if((ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20))>ip->traffic)\r
       {\r
        lcredit=(ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20))-ip->traffic;\r
       }\r
       fprintf(credit_file,"%s %Lu\n",ip->addr,lcredit);\r
      }\r
     }\r
    }        \r
   }\r
  }\r
  if(credit_file)\r
  {\r
   fclose(credit_file);\r
  }\r
 }\r
\r
 if(just_preview)\r
 {\r
  if(start_shaping || stop_shaping || reduce_ceil)\r
  {\r
   printf("Reading %s and applying Fair Use Policy rules ... \n", classmap);\r
   parse(classmap)\r
   {\r
    ptr=strchr(_,' ');\r
    if(ptr)\r
    {\r
     *ptr=0;\r
     ptr++;\r
     if_exists(ip,ips,eq(ip->addr,_))\r
     {\r
      ip->mark=atoi(ptr);\r
      if(ip->max < ip->desired || stop_shaping || reduce_ceil) /* apply or disable FUP limit immediately.... */\r
      {\r
       if(stop_shaping)\r
       {\r
        ip->max = ip->desired;\r
        printf("Removing limit for %-22s %-16s %04d ", ip->name, ip->addr, ip->mark);               \r
       }\r
       else\r
       {\r
        printf("Applying limit for %-22s %-16s %04d ", ip->name, ip->addr, ip->mark);\r
        if(reduce_ceil)\r
        {\r
         ip->max = ip->min + (ip->desired-ip->min)/reduce_ceil;\r
        }\r
       }\r
       printf("(down: %dk-%dk ", ip->min, ip->max); \r
       sprintf(str, "%s class change dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d", \r
                    tc, lan, ip->group, ip->mark,ip->min,ip->max, burst, ip->prio);\r
       safe_run(str);\r
       printf("up: %dk-%dk)\n", (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), \r
                                (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed));\r
       sprintf(str,"%s class change dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                    tc, wan, ip->group, ip->mark,\r
                    (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed),\r
                    (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), burst, ip->prio);\r
       safe_run(str);\r
      }\r
     }\r
    }\r
   }\r
   fail\r
   { \r
    perror(classmap);\r
    puts("Warning - classmap file not fund, just generating preview ...");\r
    start_shaping=FALSE;\r
    stop_shaping=FALSE;\r
   }\r
   done; /* ugly macro end */\r
  }\r
  html=preview;\r
  json_traffic=json_preview;\r
 }\r
\r
 if(!dry_run && !just_flush)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  printf("Writing json traffic overview  %s ... ", json_traffic);\r
  /*-----------------------------------------------------------------*/\r
  write_json_traffic(json_traffic);\r
\r
  /*-----------------------------------------------------------------*/\r
  printf("Writing statistics into HTML page %s ...\n", html);\r
  /*-----------------------------------------------------------------*/\r
  write_htmlandlogs(html, d, total, just_preview);\r
 }\r
\r
 if(just_preview)\r
 {\r
  char swchar='p';\r
  if(start_shaping)\r
  {\r
   swchar='s';\r
  }\r
  else if(reduce_ceil)\r
  {\r
   swchar='0'+reduce_ceil; /* -2, -4 */\r
  }\r
  else if(stop_shaping)\r
  {\r
   swchar='q';\r
  }\r
\r
  printf("Statistics preview generated (-%c switch) - now exiting ...\n", swchar);\r
  exit(0);\r
 }  \r
\r
 i=0;\r
#ifdef DEBUG\r
 printf("%-22s %-15s mark\n","name","ip");\r
#endif\r
\r
 printf("Writing %s", classmap); \r
 f = fopen(classmap, "w"); \r
 if(f < 0)\r
 {\r
  perror(classmap);\r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 printf(" + generating iptables and tc classes ... ");\r
 /*-----------------------------------------------------------------*/\r
\r
 for_each(ip, ips) if(ip->mark > 0) /* works only for IPv4 so far */\r
 {\r
  if(idxs)\r
  {\r
   char *buf;\r
   duplicate(ip->addr,buf);\r
   if(ip->v6)\r
   {\r
    buf=index6_id(ip->addr,64-idxtable_bitmask1);\r
   }\r
   else\r
   {\r
    buf=index_id(ip->addr,32-idxtable_bitmask1);\r
   }\r
   \r
   string(chain_forward,6+strlen(buf));\r
   strcpy(chain_forward,"forw_");\r
   strcat(chain_forward,buf);\r
\r
   string(chain_postrouting,6+strlen(buf));\r
   strcpy(chain_postrouting,"post_");\r
   strcat(chain_postrouting,buf);\r
   \r
   free(buf);\r
  }\r
  else\r
  {\r
   chain_forward="FORWARD";\r
   chain_postrouting="POSTROUTING";\r
  }\r
\r
#ifdef DEBUG\r
  printf("%-22s %-16s %04d ", ip->name, ip->addr, ip->mark); \r
#endif\r
\r
  /* -------------------------------------------------------- mark download */\r
  \r
  sprintf(str, "-A %s -d %s/%d -o %s -j %s%d",\r
               chain_postrouting, ip->addr, 32*(1+ip->v6), lan, mark_iptables, ip->mark);\r
  /* -m limit --limit 1/s */  \r
  iptables_save_line(str, ip->v6);\r
\r
  if(qos_proxy)\r
  {\r
   sprintf(str, "-A %s -s %s -p tcp --sport %d -d %s/%d -o %s -j %s%d",\r
                chain_postrouting, proxy_ip, proxy_port, ip->addr, 32*(1+ip->v6), lan, mark_iptables, ip->mark);\r
   iptables_save_line(str, ip->v6);\r
  }\r
\r
  sprintf(str, "-A %s -d %s/%d -o %s -j ACCEPT",\r
               chain_postrouting, ip->addr, 32*(1+ip->v6), lan);\r
  iptables_save_line(str, ip->v6);\r
\r
  /* -------------------------------------------------------- mark upload */\r
  sprintf(str, "-A %s -s %s/%d -o %s -j %s%d", \r
               chain_forward, ip->addr, 32*(1+ip->v6), wan, mark_iptables, ip->mark);\r
  iptables_save_line(str, ip->v6);\r
\r
  sprintf(str, "-A %s -s %s/%d -o %s -j ACCEPT",\r
               chain_forward, ip->addr, 32*(1+ip->v6), wan);\r
  iptables_save_line(str, ip->v6);\r
\r
  if(ip->min)\r
  {\r
   /* -------------------------------------------------------- download class */\r
#ifdef DEBUG\r
   printf("(down: %dk-%dk ", ip->min, ip->max); \r
#endif\r
\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d", \r
                tc, lan, ip->group, ip->mark,ip->min,ip->max, burst, ip->prio);\r
   safe_run(str);\r
\r
   if(strcmpi(ip->keyword->leaf_discipline, "none"))\r
   {\r
    sprintf(str, "%s qdisc add dev %s parent 1:%d handle %d %s", \r
                 tc, lan, ip->mark, ip->mark, ip->keyword->leaf_discipline); /*qos_leaf*/\r
    safe_run(str);\r
   }\r
\r
   if(filter_type == 1)\r
   {\r
    sprintf(str, "%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d",\r
                 tc, lan, ip->mark, ip->mark);\r
    safe_run(str);\r
   }\r
\r
   /* -------------------------------------------------------- upload class */\r
#ifdef DEBUG\r
   printf("up: %dk-%dk)\n", (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), \r
                            (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed));\r
#endif\r
\r
   sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, wan, ip->group, ip->mark,\r
                (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed),\r
                (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), burst, ip->prio);\r
   safe_run(str);\r
   \r
   if(strcmpi(ip->keyword->leaf_discipline, "none"))\r
   {\r
    sprintf(str, "%s qdisc add dev %s parent 1:%d handle %d %s",\r
                 tc, wan, ip->mark, ip->mark, ip->keyword->leaf_discipline); /*qos_leaf*/\r
    safe_run(str);\r
   }   \r
\r
   if(filter_type == 1)\r
   {\r
    sprintf(str, "%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d",\r
                 tc, wan, ip->mark, ip->mark);\r
    safe_run(str);\r
   }\r
  \r
   if(f > 0)\r
   {\r
    fprintf(f, "%s %d\n", ip->addr, ip->mark);\r
   }\r
  }\r
  else\r
  {\r
#ifdef DEBUG\r
   printf("(sharing %s)\n", ip->sharing);\r
#endif\r
  }\r
  i++;\r
 }\r
 if(f > 0)\r
 {\r
  puts("done.");\r
  fclose(f);\r
 }\r
 \r
 if(idxs)\r
 {\r
  chain_forward = "forw_common";\r
  chain_postrouting = "post_common";\r
 }\r
 else\r
 {\r
  chain_forward = "FORWARD";\r
  chain_postrouting = "POSTROUTING";\r
 }\r
\r
 if(free_min)\r
 {\r
  final_chain = "ACCEPT";\r
 }\r
\r
 if(qos_proxy)\r
 {\r
  if(free_min) \r
  {\r
   sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s%d",\r
                chain_postrouting,proxy_ip,proxy_port,lan,mark_iptables, 3);\r
   iptables_save_line(str, FALSE); /* only for IPv4 */\r
  }\r
  sprintf(str, "-A %s -s %s -p tcp --sport %d -o %s -j %s",\r
               chain_postrouting,proxy_ip,proxy_port,lan,final_chain);\r
  iptables_save_line(str, FALSE); /* only for IPv4 */\r
 }\r
\r
 if(free_min)\r
 {\r
  sprintf(str, "-A %s -o %s -j %s%d",\r
               chain_postrouting, lan, mark_iptables, 3);\r
  iptables_save_line(str, FALSE); /* only for IPv4 */\r
 }\r
\r
 sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
 iptables_save_line(str, FALSE);\r
 if(ip6prefix)\r
 {\r
  sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
  iptables_save_line(str, TRUE);\r
 }\r
\r
 if(free_min)\r
 {\r
  sprintf(str,"-A %s -o %s -j %s%d", chain_forward, wan, mark_iptables, 3);\r
  iptables_save_line(str, FALSE); /* only for IPv4 */\r
 }\r
\r
 sprintf(str,"-A %s -o %s -j %s", chain_forward, wan, final_chain);\r
 iptables_save_line(str, FALSE);\r
 if(ip6prefix)\r
 {\r
  sprintf(str,"-A %s -o %s -j %s", chain_postrouting, lan, final_chain);\r
  iptables_save_line(str, TRUE);\r
 }\r
\r
 if(free_min) /* allocate free bandwith if it is not zero... */ \r
 {\r
   /*-----------------------------------------------------------------*/\r
   puts("Generating free bandwith classes ...");\r
   /*-----------------------------------------------------------------*/\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:3 htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, lan, parent, free_min, free_max,burst, lowest_priority);\r
   safe_run(str);\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:3 htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, wan, parent, free_min, free_max, burst, lowest_priority);\r
   safe_run(str);\r
   /* tc SFQ */\r
   if(strcmpi(qos_leaf, "none"))\r
   {\r
     sprintf(str,"%s qdisc add dev %s parent 1:3 handle 3 %s", tc, lan, qos_leaf);\r
     safe_run(str);\r
   \r
     sprintf(str,"%s qdisc add dev %s parent 1:3 handle 3 %s", tc, wan, qos_leaf);\r
     safe_run(str);\r
   }   \r
   /* tc handle 1 fw flowid */\r
   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle 3 fw flowid 1:3", tc, lan);\r
   safe_run(str);\r
\r
   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle 3 fw flowid 1:3", tc, wan);\r
   safe_run(str);\r
 }\r
 printf("Total IP count: %d\n", i);\r
 run_iptables_restore();\r
 if(log_file)\r
 {\r
  fclose(log_file);\r
 }\r
 return 0;\r
 /* that's all folks, thank you for reading it all the way up to this point ;-) */\r
 /* bad luck C<<1 is not yet finished, I promise no sprintf() next time... */\r
}\r