[svn/Prometheus-QoS/.git] / prometheus.c

  /* - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */\r
 /*     Prometheus QoS - you can "steal fire" from your ISP     */\r
/*      "fair-per-IP" quality of service (QoS) utility          */\r
/*      requires Linux 2.4.x or 2.6.x with HTB support          */\r
/*      Copyright(C) 2005-2008 Michael Polak (xChaos)           */\r
/*    iptables-restore support Copyright(C) 2007-2008 ludva     */\r
/*  Credit: CZFree.Net,Martin Devera,Netdave,Aquarius,Gandalf  */\r
/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  */\r
\r
/* Modified by: xChaos, 20110427\r
                 ludva, 20080415\r
 \r
   Prometheus QoS is free software; you can redistribute it and/or\r
   modify it under the terms of the GNU General Public License as \r
   published by the Free Software Foundation; either version 2.1 of \r
   the License, or (at your option) any later version.\r
\r
   Prometheus QoS is distributed in the hope that it will be useful,\r
   but WITHOUT ANY WARRANTY; without even the implied warranty of\r
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU\r
   General Public License for more details.\r
\r
   You should have received a copy of the GNU General Public License\r
   along with Prometheus Qos; if not, write to the Free Software\r
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA \r
   \r
   GNU General Public License is located in file COPYING */\r
\r
#define STRLEN 256\r
#define FIRSTGROUPID 1024\r
#define FIRSTIPCLASS 2048\r
#undef DEBUG\r
\r
#include "cll1-0.6.2.h"\r
\r
const char *version = "0.8.3"; \r
\r
/* Version numbers: 0.8.3 is development releases ("beta"), 0.8.4 will be "stable" */\r
/* Debian(RPM) package versions/patchlevels: 0.7.9-2, 0.8.0-1, 0.8.0-2, etc. */\r
/* C source code development versions ("beta"): 0.7.9-a, 0.8.1-b, etc. */\r
/* C source code release versions: 0.8.0, 0.8.2, 0.8.4, etc. */\r
\r
const char *stats_html_signature = "<small>Statistics generated by Prometheus QoS version %s<br>GPL+Copyright(C)2005-2011 Michael Polak, <a href=\"http://www.arachne.cz/\">Arachne Labs</a></small>\n";\r
\r
/* ======= All path names are defined here (for RPM patch) =======  */\r
\r
char              *tc = "/sbin/tc"; /* requires tc with HTB support */\r
char        *iptables = "/sbin/iptables"; /* requires iptables utility */\r
char    *iptablessave = "/sbin/iptables-save"; /* not yet required */\r
char *iptablesrestore = "/sbin/iptables-restore";  /* requires iptables-restore */\r
const char        *ls = "/bin/ls"; /* this is not user configurable :-) */\r
\r
char          *config = "/etc/prometheus/prometheus.conf"; /* main configuration file */\r
char           *hosts = "/etc/prometheus/hosts"; /* per-IP bandwidth definition file */\r
\r
char    *iptablesfile = "/var/spool/prometheus.iptables"; /* temporary file for iptables-restore*/\r
char          *credit = "/var/lib/misc/prometheus.credit"; /* credit log file */\r
char            *html = "/var/www/traffic.html"; /* hall of fame filename */\r
char         *preview = "/var/www/preview.html"; /* hall of fame preview */\r
char          *cmdlog = "/var/log/prometheuslog"; /* command log filename */\r
char         *log_dir = "/var/www/logs/"; /* log directory pathname, ended with slash */\r
char         *log_url = "logs/"; /* log directory relative URI prefix (partial URL) */\r
char    *html_log_dir = "/var/www/logs/html/";\r
\r
/* ======= Help screen is hopefuly self-documenting part of code :-) ======= */\r
\r
void help(void)\r
{\r
 puts("Command line switches:\n\\r
\n\\r
-?, --help    this help screen\n\\r
-v, --version show Version number of this utility and exit\n\\r
-c filename   force alternative /etc/prometheus.Conf filename\n\\r
-h filename   force alternative /etc/Hosts filename (overrides hosts keyword)\n\\r
-f            just Flush iptables and tc classes and exit (stop shaping)\n\\r
-9            emergency iptables flush (do not read data transfer statistics)\n\\r
-p            just generate Preview of data transfer statistics and exit\n\\r
-d            Dry run (preview tc and iptables commands on stdout)\n\\r
-r            Run (reset all statistics and start shaping)\n\\r
-n            run Now (start shaping without delay - overrides qos-free-delay keyword)\n\\r
-l Mmm YYYY   generate HTML summary of traffic Logs (Mmm=Jan-Dec or Year, YYYY=year)\n\\r
-m            generate HTML summary of traffic logs for yesterday's Month\n\\r
-y            generate HTML summary of traffic logs for yesterday's Year\n");\r
/* not yet implemented:\r
-s            start shaping! (keep data transfer statistics - but apply shaping)\n\\r
*/\r
}\r
/* === Configuraration file values defaults - stored in global variables ==== */\r
\r
int        filter_type = 1; /*1 mark, 2 classify*/\r
char             *mark = "MARK";\r
char    *mark_iptables = "MARK --set-mark ";\r
int            dry_run = 0; /* preview - use puts() instead of system() */\r
char *iptablespreamble = "*mangle\n:PREROUTING ACCEPT [0:0]\n:POSTROUTING ACCEPT [0:0]\n:INPUT ACCEPT [0:0]\n:OUTPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]";\r
FILE    *iptables_file = NULL;\r
int      enable_credit = 1; /* enable credit file */\r
int         use_credit = 0; /* use credit file (if enabled)*/\r
char            *title = "Hall of Fame - Greatest Suckers"; /* hall of fame title */\r
int       hall_of_fame = 1; /* enable hall of fame */\r
char              *lan = "eth0"; /* LAN interface */\r
char       *lan_medium = "100Mbit"; /* 10Mbit/100Mbit ethernet */\r
char              *wan = "eth1"; /* WAN/ISP interface */\r
char       *wan_medium = "100Mbit"; /* 10Mbit/100Mbit ethernet */\r
char         *qos_leaf = "sfq perturb 5"; /* leaf discipline */\r
char    *qos_free_zone = NULL; /* QoS free zone */\r
int          qos_proxy = 1; /* include proxy port to QoS */\r
int        found_lmsid = 0; /* show links to users in LMS information system */\r
int     include_upload = 1; /* upload+download=total traffic */\r
char         *proxy_ip = "192.168.1.1/32"; /* our IP with proxy port */\r
int         proxy_port = 3128; /* proxy port number */\r
long long int     line = 1024; /* WAN/ISP download in kbps */\r
long long int       up = 1024; /* WAN/ISP upload in kbps */\r
int           free_min = 32; /* minimum guaranted bandwidth for all undefined hosts */\r
int           free_max = 64; /* maximum allowed bandwidth for all undefined hosts */\r
int     qos_free_delay = 0; /* seconds to sleep before applying new QoS rules */\r
int     digital_divide = 2; /* controls digital divide weirdness ratio, 1...3 */ \r
int        max_nesting = 3; /* maximum nesting of HTB clases, built-in maximum seems to be 4 */\r
int            htb_r2q = 256; /* should work for leaf values 512 kbps to 8 Mbps */\r
int              burst = 8; /* HTB burst (in kbits) */\r
int         burst_main = 64;\r
int        burst_group = 32;\r
int     magic_treshold = 8; /* reduce ceil by X*magic_treshhold kbps (hard shaping) */\r
int       keywordcount = 0;\r
/* not yet implemented:\r
int      fixed_packets = 0; maximum number of pps per IP address (not class!) \r
int       packet_limit = 5; maximum number of pps to htn CEIL, not rate !!! \r
*/\r
FILE         *log_file = NULL;\r
char              *kwd = "via-prometheus"; /* /etc/hosts comment, eg. #qos-64-128 */\r
\r
const int highest_priority   = 0; /* highest HTB priority (HTB built-in value is 0) */\r
const int lowest_priority    = 7; /* lowest HTB priority (HTB built-in value is 7) */\r
const int idxtable_treshold1 = 24;      /* this is no longer configurable */\r
const int idxtable_treshold2 = 12;      /* this is no longer configurable */\r
const int idxtable_bitmask1  = 3;        /* this is no longer configurable */\r
const int idxtable_bitmask2  = 3;        /* this is no longer configurable */\r
\r
/* ==== This is C<<1 stuff - learn C<<1 first! http://cll1.arachne.cz ==== */\r
\r
struct IP\r
{\r
 char *addr;\r
 char *name;\r
 char *sharing;\r
 int min;\r
 int desired;\r
 int max;\r
 int mark;\r
 int prio;\r
 int fixedprio;\r
 int group;\r
 int lmsid;\r
 unsigned long long direct;\r
 unsigned long long proxy;\r
 unsigned long long upload;\r
 unsigned long long traffic;\r
 unsigned long long credit;\r
 unsigned long pktsup;\r
 unsigned long pktsdown;\r
 struct Keyword *keyword;\r
 list(IP);\r
} *ips=NULL, *ip, *sharedip;\r
\r
struct Group\r
{\r
 int min;\r
 int count;\r
 int desired;\r
 int id;\r
 list(Group);\r
} *groups=NULL, *group;\r
\r
struct Index\r
{\r
 char *addr;\r
 char *id;\r
 struct Index *parent;\r
 int bitmask;\r
 int children;\r
 list(Index);\r
} *idxs=NULL, *idx, *metaindex;\r
\r
struct Keyword\r
{\r
 char *key;\r
 \r
 int asymetry_ratio;        /* ratio for ADSL-like upload */\r
 int asymetry_fixed;        /* fixed treshold for ADSL-like upload */\r
 int data_limit;            /* hard shaping: apply magic_treshold if max*data_limit MB exceeded */\r
 int data_prio;             /* soft shaping (qos): reduce HTB prio if max*data_prio MB exceeded */\r
 long fixed_limit;          /* fixed data limit for setting lower HTB ceil */\r
 long fixed_prio;           /* fixed data lmit for setting lower HTB prio */\r
 int reserve_min;	    /* bonus for nominal HTB rate bandwidth (in kbps) */\r
 int reserve_max;	    /* malus for nominal HTB ceil (in kbps) */\r
// int divide_max;	    /* relative malus: new_ceil=rate+(old_ceil-rate)/divide_max */\r
// int htb_ceil_bonus_divide; /* relative bonus: new_ceil=old_ceil+old_ceil/htb_ceil_bonus_divide */\r
 int default_prio;	    /* default HTB priority for this keyword */\r
 char *html_color;\r
 int ip_count;\r
 char *leaf_discipline;\r
 \r
 list(Keyword);\r
} *keyword,*defaultkeyword=NULL,*keywords=NULL;\r
\r
/* Damned, this must be object oriented! This looks almost like constructor ;-) */\r
\r
void TheIP(void)\r
{\r
 create(ip,IP);\r
 ip->name        = "";\r
 ip->addr        = "";\r
 ip->sharing     = NULL;\r
 ip->prio        = highest_priority+1;\r
 ip->lmsid       = \\r
 ip->fixedprio   = \\r
 ip->mark        = \\r
 ip->min         = \\r
 ip->max         = \\r
 ip->desired     = \\r
 ip->credit      = \\r
 ip->upload      = \\r
 ip->proxy       = \\r
 ip->direct      = \\r
 ip->traffic     = \\r
 ip->pktsup      = \\r
 ip->pktsdown    = 0;\r
 ip->keyword     = keywords;\r
 push(ip,ips);\r
}\r
\r
/* ====== iptables indexes are used to reduce complexity to log8(N) ===== */\r
\r
char *very_ugly_ipv4_code(char *inip,int bitmask,int format_as_chainname)\r
{\r
 /* warning: this function was debugged only for bitmask values 20,24,28 !!!*/\r
 int dot=0,n;\r
 char *ip,*outip,*outptr,*fmt;\r
\r
 duplicate(inip,ip);\r
 /* debug printf("(%s,%d) -> ",ip,bitmask); */\r
\r
 if(ip && *ip && bitmask>=0 && bitmask<=32)\r
 {\r
  string(outip,strlen(ip)+10); /*fuck unicode? assertion: 10>strlen("_%d_%d") */\r
 }\r
 else \r
 {\r
  /* should never exit here */\r
  return "undefined";\r
 }\r
 outptr=outip;\r
 while(ip && *ip)\r
 {\r
  if(*ip=='.')\r
  {\r
   if(dot<(bitmask/8-1)) \r
   {\r
    if(format_as_chainname)\r
    {\r
     *outptr='_';\r
    }\r
    else\r
    {\r
     *outptr='.';\r
    }\r
    outptr++;\r
    dot++;\r
   }\r
   else\r
   {\r
    char *cutdot=strchr(ip+1,'.'); /*for bitmask<24*/\r
    if(cutdot)*cutdot='\0';\r
    if(format_as_chainname)\r
     fmt="_%d_%d";\r
    else\r
     fmt=".%d";\r
    if(bitmask%8)\r
     n=atoi(ip+1)-atoi(ip+1)%(1<<(8-bitmask%8));\r
    else\r
     n=0;\r
\r
    /*debug  printf("%d/%d => [_%d_%d]\n",atoi(ip+1),bitmask,n,bitmask); */\r
    sprintf(outptr,fmt,n,bitmask);\r
    if(!format_as_chainname) while(bitmask<24)\r
    {\r
     strcat(outip,".0");\r
     bitmask+=8;\r
    }\r
    /* debug printf("[%s]\n",outip); */\r
    return outip;\r
   }\r
  }\r
  else \r
  {\r
   *outptr=*ip;\r
   outptr++;\r
  }\r
  ip++;\r
 }\r
 /*should never exit here*/\r
 *outptr='\0';\r
 return outip;\r
}\r
\r
char *hash_id(char *ip,int bitmask)\r
{ return very_ugly_ipv4_code(ip,bitmask,1); }\r
\r
char *subnet_id(char *ip,int bitmask)\r
{ return very_ugly_ipv4_code(ip,bitmask,0); }\r
\r
/* ================= Let's parse configuration file here =================== */\r
\r
void reject_config_and_exit(char *filename)\r
{\r
 printf("Configuration file %s rejected - abnormal exit.",filename);\r
 exit(-1);\r
}\r
\r
void get_config(char *config_filename)\r
{\r
 char *cnf="mark";\r
 \r
 printf("Configured keywords: ");\r
 parse(config_filename)\r
 {\r
  option("keyword",kwd);\r
  if(kwd)\r
  {\r
   printf("%s ",kwd);\r
\r
   create(keyword,Keyword);\r
   keyword->key=kwd;\r
   keyword->asymetry_ratio=1;          /* ratio for ADSL-like upload */\r
   keyword->asymetry_fixed=0;          /* fixed treshold for ADSL-like upload */\r
   keyword->data_limit=8;              /* hard shaping: apply magic_treshold if max*data_limit MB exceeded */\r
   keyword->data_prio=4;               /* soft shaping (qos): reduce HTB prio if max*data_prio MB exceeded */\r
   keyword->fixed_limit=0;             /* fixed data limit for setting lower HTB ceil */\r
   keyword->fixed_prio=0;              /* fixed data limit for setting lower HTB prio */\r
   keyword->reserve_min=8;	       /* bonus for nominal HTB rate bandwidth (in kbps) */\r
   keyword->reserve_max=0;	       /* malus for nominal HTB ceil (in kbps) */\r
   keyword->default_prio=highest_priority+1;\r
   keyword->html_color="000000";\r
   keyword->ip_count=0;\r
   keyword->leaf_discipline="";\r
\r
   push(keyword,keywords);\r
   if(!defaultkeyword) defaultkeyword=keyword;\r
   keywordcount++;\r
   \r
   kwd=NULL;\r
  }\r
  else\r
  {\r
    for_each(keyword,keywords)\r
    {\r
     int l=strlen(keyword->key);\r
\r
     if(!strncmp(keyword->key,_,l) && strlen(_)>l+2)\r
     {\r
      char *tmptr=_; /*  <---- l+1 ----> */\r
      _+=l+1;        /*  via-prometheus-asymetry-ratio, etc. */\r
      ioption("asymetry-ratio",keyword->asymetry_ratio);\r
      ioption("asymetry-treshold",keyword->asymetry_fixed);\r
      ioption("magic-relative-limit",keyword->data_limit);\r
      ioption("magic-relative-prio",keyword->data_prio);\r
      loption("magic-fixed-limit",keyword->fixed_limit);\r
      loption("magic-fixed-prio",keyword->fixed_prio);\r
      ioption("htb-default-prio",keyword->default_prio);\r
      ioption("htb-rate-bonus",keyword->reserve_min);\r
      ioption("htb-ceil-malus",keyword->reserve_max);\r
      option("leaf-discipline",keyword->leaf_discipline);\r
      option("html-color",keyword->html_color);\r
      _=tmptr;\r
      \r
      if(keyword->data_limit || keyword->fixed_limit || \r
         keyword->data_prio || keyword->fixed_prio)\r
      {\r
       use_credit=1;        \r
      }\r
     }\r
    }\r
  }\r
\r
  option("tc",tc);\r
  option("iptables",iptables);\r
  option("iptables-save",iptablessave); /* new */\r
  option("iptables-restore",iptablesrestore); /* new */\r
  option("iptables-file",iptablesfile); /* new */\r
  option("hosts",hosts);\r
  option("lan-interface",lan);\r
  option("wan-interface",wan);\r
  option("lan-medium",lan_medium);\r
  option("wan-medium",wan_medium);\r
  lloption("wan-download",line);\r
  lloption("wan-upload",up);\r
  ioption("hall-of-fame-enable",hall_of_fame);\r
  option("hall-of-fame-title",title);\r
  option("hall-of-fame-filename",html);\r
  option("hall-of-fame-preview",preview);\r
  option("log-filename",cmdlog);\r
  option("credit-filename",credit);\r
  ioption("credit-enable",enable_credit);\r
  option("log-traffic-directory",log_dir);\r
  option("log-traffic-html-directory",html_log_dir);\r
  option("log-traffic-url-path",log_url);\r
  option("qos-free-zone",qos_free_zone);\r
  ioption("qos-free-delay",qos_free_delay);\r
  ioption("qos-proxy-enable",qos_proxy);\r
  option("qos-proxy-ip",proxy_ip);\r
  option("htb-leaf-discipline",qos_leaf);\r
  ioption("qos-proxy-port",proxy_port);\r
  ioption("free-rate",free_min);\r
  ioption("free-ceil",free_max);\r
  ioption("htb-burst",burst);\r
  ioption("htb-burst-main",burst_main);\r
  ioption("htb-burst-group",burst_group);\r
  ioption("htb-nesting-limit",max_nesting);\r
  ioption("htb-r2q",htb_r2q);\r
  ioption("magic-include-upload",include_upload);\r
  ioption("magic-treshold",magic_treshold);  \r
  option("filter-type", cnf);\r
  \r
/* not yet implemented:\r
  ioption("magic-fixed-packets",fixed_packets);\r
  ioption("magic-relative-packets",packet_limit);\r
*/\r
 }\r
 fail\r
 { \r
  perror(config_filename);\r
  puts("Warning - using built-in defaults instead ...");\r
 }\r
 done;\r
 printf("\n");\r
 \r
 /*leaf discipline for keywords*/\r
 for_each(keyword,keywords)\r
 {\r
    if (!strcmpi(keyword->leaf_discipline, ""))\r
    {\r
        keyword->leaf_discipline = qos_leaf;\r
    }\r
 }\r
\r
 if (strcmpi(cnf, "mark"))\r
 {\r
  filter_type = 2;\r
  mark = "CLASSIFY";\r
  mark_iptables = "CLASSIFY --set-class 1:";\r
 }\r
 else\r
 {\r
  filter_type = 1;\r
  mark = "MARK";\r
  mark_iptables = "MARK --set-mark ";\r
 }\r
\r
 /* are supplied values meaningful ?*/\r
 if(line<=0 || up<=0)\r
 {\r
  puts("Illegal value of LAN or WAN bandwidth: 0 kbps.");\r
  reject_config_and_exit(config_filename);\r
 }\r
}\r
\r
/* ===================== traffic analyser - uses iptables  ================ */ \r
\r
void get_traffic_statistics(void)\r
{\r
 char *str,*cmd;\r
 int downloadflag=0;\r
\r
 textfile(Pipe,str) *line,*lines=NULL;\r
 string(str,STRLEN);\r
 string(cmd,STRLEN);\r
\r
 sprintf(cmd,"%s -L -v -x -n -t mangle",iptables);\r
 shell(cmd);\r
 input(str,STRLEN)\r
 {\r
  create(line,Pipe);\r
  line->str=str;\r
  string(str,STRLEN);\r
  append(line,lines);\r
 }\r
\r
 for_each(line,lines)\r
 {\r
  int col, accept=0,proxyflag=0,valid=1,setchainname=0,commonflag=0; \r
  unsigned long long traffic=0;\r
  unsigned long pkts=0;\r
  char *ipaddr=NULL,*ptr;\r
  \r
  /* debug puts(line->str); */\r
  valid_columns(ptr,line->str,' ',col) \r
  if(valid) switch(col)\r
  { \r
   case 1: if(eq(ptr,"Chain"))\r
            setchainname=1;\r
           else if(eq(ptr,"pkts")) \r
            valid=0;\r
           else\r
            sscanf(ptr,"%lu",&pkts); \r
           break;\r
   case 2: if(setchainname)\r
           {\r
            if(!strncmp(ptr,"post_",5) || eq(ptr,"POSTROUTING"))\r
             downloadflag=1;            \r
            else \r
            if(!strncmp(ptr,"forw_",5) || eq(ptr,"FORWARD"))\r
             downloadflag=0;\r
            \r
            if(eq(ptr,"post_common") || eq(ptr,"forw_common"))\r
             commonflag=1;\r
           }\r
           else\r
            sscanf(ptr,"%Lu",&traffic); traffic+=(1<<19); traffic>>=20;\r
           break;\r
   case 3: if((strncmp(ptr,"post_",5) && strncmp(ptr,"forw_",5)) || commonflag)\r
            accept=eq(ptr,mark);\r
            /*if (filter_type==1) accept=eq(ptr,"MARK"); else accept=eq(ptr,"CLASSIFY");*/\r
           break;\r
   case 8: if(downloadflag)\r
           { \r
            if(strstr(proxy_ip,ptr))proxyflag=1; \r
           }\r
           else\r
            ipaddr=ptr; \r
            break;\r
   case 9: if(downloadflag)ipaddr=ptr;break;\r
  }\r
  \r
    if(accept && traffic>0 && ipaddr)\r
    {\r
     if(proxyflag)printf("(proxy) ");\r
     else if(!downloadflag) printf("(upload) ");\r
     printf("IP %s: %Lu M (%ld pkts)\n", ipaddr, traffic, pkts);\r
\r
     if_exists(ip,ips,eq(ip->addr,ipaddr)); \r
     else \r
     {\r
      TheIP();\r
      ip->addr=ipaddr;\r
      if(eq(ip->addr,"0.0.0.0/0"))\r
      {\r
       ip->name="(unregistered)";\r
       ip->min=free_min;\r
       ip->max=ip->desired=free_max;\r
      }\r
     }\r
     \r
     if(downloadflag)\r
     {\r
      if(proxyflag)\r
       ip->proxy=traffic;\r
      else\r
       ip->traffic+=traffic;\r
      ip->direct=ip->traffic-ip->upload-ip->proxy;\r
      ip->pktsdown=pkts;\r
     }\r
     else\r
     {\r
      ip->upload=traffic;\r
      ip->pktsup=pkts;\r
      if(include_upload)\r
      {\r
       ip->traffic+=traffic;\r
      }\r
      else \r
      {\r
       if(traffic>ip->traffic)\r
       {\r
        ip->traffic=traffic;     \r
       }\r
      }\r
     }\r
    }  \r
  }\r
\r
 free(cmd);\r
}\r
 \r
/* ========== This function executes, logs OR ALSO prints command ========== */\r
\r
void safe_run(char *cmd)\r
{\r
 if(dry_run) printf("\n=>%s\n",cmd); else system(cmd);\r
 if(log_file) fprintf(log_file,"%s\n",cmd);\r
}\r
\r
void save_line(char *line)\r
{\r
 fprintf(iptables_file,"%s\n",line);\r
}\r
\r
void run_restore(void)\r
{\r
 char *restor, *str;\r
 string(restor,STRLEN);\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Running %s <%s ...\n",iptablesrestore,iptablesfile);\r
 /*-----------------------------------------------------------------*/\r
 \r
 save_line("COMMIT");\r
 fclose(iptables_file);\r
 if(dry_run) \r
 {\r
    parse(iptablesfile)\r
    {\r
        str=_;\r
        printf("%s\n", str);\r
    }done;\r
 }\r
\r
 sprintf(restor,"%s <%s",iptablesrestore, iptablesfile);\r
 safe_run(restor);\r
 \r
 free(restor);\r
}\r
\r
/* == This function strips extra characters after IP address and stores it = */\r
\r
void parse_ip(char *str)\r
{\r
 char *ptr,*ipaddr=NULL,*ipname=NULL,*lmsid=NULL;\r
\r
 ptr=strchr(str,'{');\r
 if(ptr)\r
 {\r
  lmsid=++ptr;\r
  while(*ptr && *ptr!='}')\r
   ptr++;\r
  *ptr=0;\r
 }\r
 \r
 ptr=str;\r
 while(*ptr && *ptr!=' ' && *ptr!=9)\r
  ptr++;\r
 \r
 *ptr=0;\r
 ipaddr=str;\r
 ptr++;\r
 while(*ptr && (*ptr==' ' || *ptr==9))\r
  ptr++;\r
 ipname=ptr; \r
 while(*ptr && *ptr!=' ' && *ptr!=9)\r
  ptr++;\r
 *ptr=0;\r
\r
 if_exists(ip,ips,eq(ip->addr,ipaddr));\r
 else\r
 {\r
  TheIP();\r
 }\r
 ip->addr=ipaddr;\r
 ip->name=ipname;\r
 if(lmsid)\r
 {\r
  ip->lmsid=atoi(lmsid);\r
  found_lmsid=1;\r
 }\r
}\r
\r
char *parse_datafile_line(char *str)\r
{\r
 char *ptr=strchr(str,' ');\r
\r
 if(ptr)\r
 {\r
  *ptr=0;\r
  ptr++;\r
  return ptr;\r
 } \r
 else \r
 {\r
  return NULL;\r
 }\r
}\r
\r
struct IpLog\r
{\r
 char *name;\r
 long traffic;\r
 long guaranted;\r
 int i;\r
 long l;\r
 list(IpLog);\r
} *iplog,*iplogs;\r
\r
void parse_ip_log(int argc, char **argv) \r
{\r
 char *month, *year, *str, *name="(undefined)", *ptr, *ptr2, *filename;\r
 long traffic=0l, traffic_month, total=0, guaranted;\r
 int col, col2, y_ok, m_ok, accept_month, i=1, any_month=0, lmsid;\r
 char mstr[4], ystr[5];\r
 FILE *f; \r
 string(str,STRLEN);\r
 string(filename,STRLEN);\r
\r
 if(argv[1][1]=='l') /* -l */\r
 {\r
  if(argc<4)\r
  {\r
   puts("Missing parameter(s)!\nUsage: prometheus -l Mmm YYYY (Mmm=Jan-Dec or Year, YYYY=year)");\r
   exit(-1);\r
  }\r
  else\r
  {\r
   month=argv[2];\r
   if(eq(month,"Year")) any_month=1;\r
   year=argv[3];\r
  }\r
 }\r
 else\r
 { \r
  time_t t = time(NULL) - 3600*24 ; /* yesterday's timestamp*/\r
  struct tm *timep = localtime(&t);                                           \r
\r
  if(argv[1][1]=='m') /* -m yestarday - month */\r
  {\r
   strftime(mstr, 4, "%b", timep);\r
   month=mstr;\r
   strftime(ystr, 5, "%Y", timep);\r
   year=ystr; \r
  }\r
  else /* -y yesterday - year */\r
  {\r
   month="Year";\r
   any_month=1;\r
   strftime(ystr, 5, "%Y", timep);\r
   year=ystr;\r
  }\r
 }\r
 printf("Analysing traffic for %s %s ...\n",month,year);\r
\r
 /* sorry... next release of C<<1 header file will include for_path_files(name,path) {  } macro */\r
 sprintf(str,"%s %s/",ls,log_dir);\r
 shell(str);\r
 input(str,STRLEN) \r
 {\r
  if(strstr(str,".log"))\r
  {\r
    ptr=strrchr(str,'\n');\r
    if(ptr) *ptr='\0';\r
    sprintf(filename,"%s/%s",log_dir,str);\r
    printf("Parsing %s ...",filename);\r
    accept_month=0;\r
    traffic_month=0;\r
    guaranted=0;\r
    lmsid=0;\r
    parse(filename)\r
    {\r
     y_ok=m_ok=0;  \r
     valid_columns(ptr,_,'\t',col) switch(col)\r
     {\r
      case 2: name = ptr;break;\r
      case 3: traffic = atol(ptr);break;\r
      /* column number   - was 7, now 11...*/\r
      case 7:\r
      case 8:\r
      case 9:\r
      case 10:\r
      case 11: if (isalpha(*ptr)) /* character, not numeric string = date, just one*/\r
               {\r
                valid_columns(ptr2,ptr,' ',col2) switch(col2)\r
                {\r
                 case 2: if(any_month || eq(ptr2,month)) m_ok = 1; break;\r
                 case 5: if(eq(ptr2,year)) y_ok = 1; break;\r
                }\r
               }\r
               else\r
               {\r
                 if(col == 7) guaranted = atol(ptr);\r
                 if(col == 10) lmsid = atoi(ptr);\r
               }\r
     }\r
     \r
     if(y_ok && m_ok) \r
     {\r
      traffic_month += traffic;\r
      accept_month = 1;\r
     }\r
    }\r
    done;\r
\r
    if(accept_month)\r
    {\r
     create(iplog,IpLog);\r
     iplog->name = name;\r
     iplog->guaranted = guaranted;\r
     iplog->traffic = traffic_month;\r
     insert(iplog,iplogs,desc_order_by,traffic);\r
     printf(" %ld MB\n",iplog->traffic);\r
    }\r
    else\r
    {\r
     puts(" no records.");\r
    }\r
  }\r
 }\r
 sprintf(str,"%s/%s-%s.html",html_log_dir,year,month);\r
 printf("Writing %s ...",str);\r
 f=fopen(str,"w");\r
 if(f)\r
 {\r
  fprintf(f,"<table border><tr><th colspan=\"2\">%s %s</th><th colspan=\"2\">Data transfers</th><th align=\"right\">Min.speed</th></tr>\n ",month,year);\r
\r
  for_each(iplog,iplogs)\r
  {\r
   if(iplog->traffic)\r
   {\r
    fprintf(f,"<tr><td align=\"right\">%d</td><th align=\"left\">%s</td><td align=\"right\">%ld M</td><th align=\"right\">%ld G</th><td align=\"right\">%ld kbps</th></tr>\n",\r
              i++, iplog->name, iplog->traffic, iplog->traffic>>10, iplog->guaranted);\r
    total+=iplog->traffic>>10;\r
    iplog->i=i;\r
    iplog->l=total;\r
   }\r
  }\r
  fprintf(f,"<tr><th colspan=\"3\" align=\"left\">Total:</th><th align=\"right\">%ld GB</th><th align=\"right\">%Ld kbps</th></tr>\n", total, line);\r
  fputs("</table>\n", f);\r
\r
  if(i>10)\r
  {\r
   fputs("<a name=\"erp\"></a><p><table border><tr><th colspan=\"5\">Enterprise Research and Planning (ERP)</th></tr>\n",f);\r
   fputs("<tr><td>Analytic category</td>\n",f);\r
   fputs("<td colspan=\"2\" align=\"center\">Active Classes</td><td colspan=\"2\" align=\"center\">Data transfers</td></tr>\n",f);\r
\r
   if_exists(iplog,iplogs,iplog->l>=total/4)\r
   {\r
    fprintf(f,"<tr><td>Top 25%% of traffic</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%ld G</td><td align=\"right\">%d %%</td></tr>\n",iplog->i,(100*iplog->i+50)/i,iplog->l,(int)((100*iplog->l+50)/total));\r
   }\r
   \r
   if_exists(iplog,iplogs,iplog->i==10)\r
   {\r
    fprintf(f,"<tr><td>Top 10 downloaders</td>\n");\r
    fprintf(f,"<th align=\"right\">10</th><td align=\"right\">%d %%</td><td align=\"right\">%ld G</td><td align=\"right\">%d %%</td></tr>\n",(100*iplog->i+50)/i,iplog->l,(int)((100*iplog->l+50)/total));\r
   }\r
\r
   if_exists(iplog,iplogs,iplog->l>=total/2)\r
   {\r
    fprintf(f,"<tr><td>Top 50%% of traffic</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%ld G</td><th align=\"right\">%d %%</th></tr>\n",iplog->i,(100*iplog->i+50)/i,iplog->l,(int)((100*iplog->l+50)/total));\r
   }\r
\r
   if_exists(iplog,iplogs,iplog->l>=4*total/5)\r
   {\r
    fprintf(f,"<tr><td>Top 80%% of traffic</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%ld G</td><th align=\"right\">%d %%</th></tr>\n",iplog->i,(100*iplog->i+50)/i,iplog->l,(int)((100*iplog->l+50)/total));\r
   }\r
\r
   if_exists (iplog,iplogs,iplog->i>=i/5)\r
   {\r
    fprintf(f,"<tr><td>Top 20%% downloaders</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><th align=\"right\">%d %%</th><td align=\"right\">%ld G</td><td align=\"right\">%d %%</td></tr>\n",iplog->i,(100*iplog->i+50)/i,iplog->l,(int)((100*iplog->l+50)/total));\r
   }\r
\r
   if_exists(iplog,iplogs,iplog->i>=i/4)\r
   {\r
    fprintf(f,"<tr><td>Top 25%% downloaders</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%ld G</td><td align=\"right\">%d %%</td></tr>\n",iplog->i,(100*iplog->i+50)/i,iplog->l,(int)((100*iplog->l+50)/total));\r
   }\r
\r
   if_exists(iplog,iplogs,iplog->i>=i/2)\r
   {\r
    fprintf(f,"<tr><td>Top 50%% downloaders</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><th align=\"right\">%d %%</th><td align=\"right\">%ld G</td><td align=\"right\">%d %%</td></tr>\n",iplog->i,(100*iplog->i+50)/i,iplog->l,(int)((100*iplog->l+50)/total));\r
   }\r
\r
   if_exists(iplog,iplogs,iplog->i>=4*i/5)\r
   {\r
    fprintf(f,"<tr><td>Top 80%% downloaders</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%ld G</td><td align=\"right\">%d %%</td></tr>\n",iplog->i,(100*iplog->i+50)/i,iplog->l,(int)((100*iplog->l+50)/total));\r
   }\r
\r
   fprintf(f,"<tr><td>All users, all traffic</td>\n");\r
   fprintf(f,"<th align=\"right\">%d</th><th align=\"right\">100 %%</th><th align=\"right\">%ld G</th><th align=\"right\">100 %%</th></tr>\n",i-1,total);\r
   fputs("</table>\n", f);\r
  }\r
\r
  fprintf(f, stats_html_signature, version);\r
  fclose(f);\r
  puts(" done.");\r
 }\r
}\r
\r
/*-----------------------------------------------------------------*/\r
/* Are you looking for int main(int argc, char **argv) ? :-))      */\r
/*-----------------------------------------------------------------*/\r
\r
program\r
{\r
 int i=0;\r
 FILE *f=NULL;\r
 char *str, *ptr, *d;\r
 char *substring;\r
 int class_count=0,ip_count=0;\r
 int parent=1;\r
 int just_flush=FALSE;\r
 int nodelay=FALSE;\r
 int just_preview=FALSE;                /* preview - generate just stats */\r
 int just_logs=FALSE;                   /* just parse logs */\r
 int run=FALSE;\r
 \r
 char *chain_forward, *chain_postrouting;\r
 char *althosts=NULL;\r
  \r
 printf("\n\\r
Prometheus QoS - \"fair-per-IP\" Quality of Service setup utility.\n\\r
Version %s - Copyright (C)2005-2008 Michael Polak (xChaos)\n\\r
iptables-restore & burst tunning & classify modification by Ludva\n\\r
Credit: CZFree.Net, Martin Devera, Netdave, Aquarius, Gandalf\n\n",version);\r
\r
 /*----- Boring... we have to check command line options first: ----*/\r
   \r
 arguments\r
 {\r
  argument("-c") { nextargument(config); }\r
  argument("-h") { nextargument(althosts);}\r
  argument("-d") { run=TRUE; dry_run=TRUE; }\r
  argument("-f") { run=TRUE; just_flush=TRUE; }\r
  argument("-9") { run=TRUE; just_flush=9; }\r
  argument("-p") { run=TRUE; just_preview=TRUE; }\r
  argument("-r") { run=TRUE; }\r
  argument("-n") { run=TRUE; nodelay=TRUE; }\r
  argument("-l") { just_logs=TRUE; }\r
  argument("-m") { just_logs=TRUE; }\r
  argument("-y") { just_logs=TRUE; }\r
  argument("-?") { help(); exit(0); }\r
  argument("--help") { help(); exit(0); }\r
  argument("-v") { exit(0); } \r
  argument("--version") { exit(0); } \r
 }\r
 \r
 if(dry_run)\r
 {\r
  puts("*** THIS IS JUST DRY RUN ! ***\n");\r
 }\r
\r
 date(d); /* this is typical cll1.h macro - prints current date */\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Parsing configuration file %s ...\n", config);\r
 /*-----------------------------------------------------------------*/\r
 get_config(config);\r
 \r
 if(just_logs)\r
 {\r
  parse_ip_log(argc,argv);\r
  exit(0);\r
 }\r
 else if(not run)\r
 {\r
  help();\r
  exit(0);\r
 }\r
\r
 if(althosts)\r
 {\r
  hosts=althosts;\r
 }\r
\r
 if(just_flush<9)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  puts("Parsing iptables verbose output ...");\r
  /*-----------------------------------------------------------------*/\r
  get_traffic_statistics();\r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 printf("Parsing class defintion file %s ...\n", hosts);\r
 /*-----------------------------------------------------------------*/\r
 int groupidx = FIRSTGROUPID;\r
 parse(hosts)\r
 {\r
  str=_;\r
\r
  if(*str<'0' || *str>'9')\r
  {\r
   /* any line starting with non-number is comment ...*/\r
   continue;\r
  }\r
  \r
  //Does this IP share QoS class with some other ?\r
  substring=strstr(str,"sharing-");\r
  if(substring)\r
  { \r
   substring+=8; //"sharing-"\r
   parse_ip(str);\r
   ip_count++;\r
   ip->sharing=substring;\r
   ip->keyword=defaultkeyword; /* settings for default keyword */\r
   while(*substring && *substring!='\n')\r
   {\r
    substring++;\r
   }\r
   *substring=0; \r
  }\r
  else\r
  {\r
   //Do we have to create new QoS class for this IP ?\r
\r
   if_exists(keyword,keywords,(substring=strstr(str,keyword->key)))\r
   {\r
    parse_ip(str);\r
    ip_count++;\r
    ip->keyword=keyword;\r
    keyword->ip_count++;\r
    ip->prio=keyword->default_prio;\r
    substring+=strlen(keyword->key)+1;\r
    ptr=substring;\r
    while(*ptr && *ptr!='-')\r
    {\r
     ptr++;\r
    }\r
    if(*ptr=='-')\r
    {\r
     *ptr=0;\r
     ip->max=ip->desired=atoi(ptr+1);\r
    }\r
    ip->min=atoi(substring);\r
    if(ip->min<=0)\r
    {\r
     printf(" %s: Illegal value of minimum bandwidth 0 kbps, using %d kbps\n",str,free_min);\r
     ip->min=free_min;\r
    }\r
    if(ip->max<=ip->min)\r
    {\r
     ip->fixedprio=1;\r
     ip->max=ip->min+ip->keyword->reserve_min;\r
    }\r
    else \r
    {\r
     ip->max-=ip->keyword->reserve_max;\r
     if(ip->max<ip->min)\r
     {\r
      ip->max=ip->min;\r
     }\r
    }\r
    ip->mark=FIRSTIPCLASS+1+class_count++;\r
\r
    if_exists(group,groups,group->min==ip->min) \r
    { \r
     group->count++;      \r
     group->desired+=ip->min;\r
     ip->group = group->id;   \r
    }\r
    else\r
    {\r
     create(group,Group);\r
     group->min=ip->min;\r
     group->id = groupidx++;\r
     ip->group = group->id;\r
\r
     if(group->min<8) group->min=8;\r
     /* Warning - this is maybe because of primitive tc namespace, can be fixed */\r
     /* it is because class IDs are derived from min. bandwidth. - xCh */\r
     //if(group->min>MAX_GUARANTED_KBPS) group->min=MAX_GUARANTED_KBPS;\r
     \r
     group->count=1;\r
     group->desired=ip->min;   \r
     insert(group,groups,desc_order_by,min);\r
    }\r
   }//endif keyword-\r
  }//endif sharing-\r
 }\r
 fail\r
 {\r
  perror(hosts);\r
  exit(-1);\r
 }\r
 done;\r
\r
 /*-----------------------------------------------------------------*/\r
 /* cll1.h - let's allocate brand new character buffer...           */\r
 /*-----------------------------------------------------------------*/\r
 string(str,STRLEN); \r
\r
 /*-----------------------------------------------------------------*/\r
 puts("Resolving shared connections ...");\r
 /*-----------------------------------------------------------------*/\r
 for_selected(ip,ips,ip->sharing)\r
 {\r
  for_selected(sharedip,ips,eq(sharedip->name,ip->sharing))\r
  {\r
   sharedip->traffic+=ip->traffic;\r
   ip->traffic=0;\r
   ip->mark=sharedip->mark; \r
   break;\r
  }\r
  if(!sharedip)\r
  {\r
   printf("Unresolved shared connection: %s %s sharing-%s\n",ip->addr,ip->name,ip->sharing);\r
  }\r
 }\r
\r
 if(enable_credit && just_flush<9)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  printf("Parsing credit file %s ...\n", credit);\r
  /*-----------------------------------------------------------------*/\r
  parse(credit)\r
  {\r
   ptr=parse_datafile_line(_);\r
   if(ptr)\r
   {\r
    if_exists(ip,ips,eq(ip->addr,_))\r
    {\r
     sscanf(ptr,"%Lu",&(ip->credit));\r
    }\r
   }\r
  }\r
  done;\r
 }\r
\r
 if(!just_preview)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  puts("Initializing iptables and tc classes ...");\r
  /*-----------------------------------------------------------------*/\r
  \r
  iptables_file=fopen(iptablesfile,"w");\r
  if (iptables_file == NULL)\r
  {\r
    puts("Cannot open iptablesfile!");\r
    exit(-1);\r
  }\r
  \r
  log_file=fopen(cmdlog,"w");\r
  if (log_file == NULL) \r
  {\r
    puts("Cannot open logfile!");\r
    exit(-1);\r
  }\r
  \r
  save_line(iptablespreamble);\r
  run_restore();\r
  \r
  sprintf(str,"%s qdisc del dev %s root 2>/dev/null",tc,lan);\r
  safe_run(str);\r
\r
  sprintf(str,"%s qdisc del dev %s root 2>/dev/null",tc,wan);\r
  safe_run(str);\r
  \r
  iptables_file=fopen(iptablesfile,"w");\r
  save_line(iptablespreamble);\r
\r
  if(qos_free_zone && *qos_free_zone!='0')\r
  {\r
   char *chain;\r
   \r
   sprintf(str,"-A FORWARD -d %s -o %s -j ACCEPT", qos_free_zone, wan);\r
   save_line(str);\r
   \r
   if(qos_proxy)\r
   {\r
    save_line(":post_noproxy - [0:0]");\r
    sprintf(str,"-A POSTROUTING -p ! tcp -o %s -j post_noproxy", lan);\r
    save_line(str);   \r
    sprintf(str,"-A POSTROUTING -s ! %s -o %s -j post_noproxy", proxy_ip, lan);\r
    save_line(str);   \r
    sprintf(str,"-A POSTROUTING -s %s -p tcp --sport ! %d -o %s -j post_noproxy", proxy_ip, proxy_port, lan);\r
    save_line(str);   \r
\r
    chain="post_noproxy";    \r
   }\r
   else\r
   {\r
    chain="POSTROUTING";\r
   }\r
    \r
   sprintf(str,"-A %s -s %s -o %s -j ACCEPT", chain, qos_free_zone, lan);\r
   save_line(str);\r
  }\r
  \r
  if(ip_count>idxtable_treshold1 && !just_flush)\r
  {\r
   int idxcount=0, bitmask=32-idxtable_bitmask1; /* default net mask: 255.255.255.240 */\r
   char *subnet, *buf;\r
   /*-----------------------------------------------------------------*/\r
   printf("Detected %d addresses - indexing iptables rules to improve performance...\n",ip_count);\r
   /*-----------------------------------------------------------------*/\r
\r
   save_line(":post_common - [0:0]");\r
   save_line(":forw_common - [0:0]");\r
\r
   for_selected(ip,ips,ip->addr && *(ip->addr) && !eq(ip->addr,"0.0.0.0/0"))\r
   {\r
    buf=hash_id(ip->addr,bitmask);\r
    if_exists(idx,idxs,eq(idx->id,buf))\r
    {\r
     idx->children++;\r
    }\r
    else\r
    {\r
     create(idx,Index);\r
     idx->addr=ip->addr;\r
     idx->id=buf;\r
     idx->bitmask=bitmask;\r
     idx->parent=NULL;\r
     idx->children=0;\r
     idxcount++;\r
     push(idx,idxs);\r
    }\r
   }\r
\r
   /* brutal perfomance optimalization */\r
   while(idxcount>idxtable_treshold2 && bitmask>2*idxtable_bitmask2)\r
   {\r
    bitmask-=idxtable_bitmask2;\r
    idxcount=0;\r
\r
    for_selected(idx,idxs,idx->parent==NULL)\r
    {\r
     buf=hash_id(idx->addr,bitmask);\r
     if_exists(metaindex,idxs,eq(metaindex->id,buf))\r
     {\r
      metaindex->children++;\r
     }\r
     else\r
     {\r
      create(metaindex,Index);\r
      metaindex->addr=idx->addr;\r
      metaindex->id=buf;\r
      metaindex->bitmask=bitmask;\r
      metaindex->parent=NULL;\r
      metaindex->children=0;\r
      idxcount++;\r
      push(metaindex,idxs);\r
     }\r
     idx->parent=metaindex;\r
    }\r
   }\r
\r
   /* this should slightly optimize throughout ... */\r
   sort(idx,idxs,desc_order_by,children);\r
   sort(idx,idxs,order_by,bitmask);\r
\r
   i=0;\r
   for_each(idx,idxs)\r
   {\r
    subnet=subnet_id(idx->addr,idx->bitmask);\r
    printf("%d: %s/%d\n",++i,subnet,idx->bitmask);\r
       \r
    sprintf(str,":post_%s - [0:0]", idx->id);\r
    save_line(str);\r
\r
    sprintf(str,":forw_%s - [0:0]", idx->id);\r
    save_line(str);\r
\r
    if(idx->parent)\r
    {\r
     string(buf,strlen(idx->parent->id)+6);\r
     sprintf(buf,"post_%s",idx->parent->id);\r
    }\r
    else\r
    {\r
     buf="POSTROUTING";\r
    }\r
\r
    sprintf(str,"-A %s -d %s/%d -o %s -j post_%s", buf, subnet, idx->bitmask, lan, idx->id);\r
    save_line(str);\r
\r
    sprintf(str,"-A %s -d %s/%d -o %s -j post_common", buf, subnet, idx->bitmask, lan);\r
    save_line(str);\r
\r
    if(idx->parent)\r
    {\r
     string(buf,strlen(idx->parent->id)+6);\r
     sprintf(buf,"forw_%s",idx->parent->id);\r
    }\r
    else\r
    {\r
     buf="FORWARD";\r
    }\r
\r
    sprintf(str,"-A %s -s %s/%d -o %s -j forw_%s", buf, subnet, idx->bitmask, wan, idx->id);\r
    save_line(str);\r
\r
    sprintf(str,"-A %s -s %s/%d -o %s -j forw_common", buf, subnet, idx->bitmask, wan);\r
    save_line(str);\r
   }\r
   printf("Total indexed iptables chains created: %d\n", i);\r
\r
   sprintf(str,"-A FORWARD -o %s -j forw_common", wan);\r
   save_line(str);\r
   \r
   sprintf(str,"-A POSTROUTING -o %s -j post_common", lan);\r
   save_line(str);\r
  }\r
 \r
 }\r
\r
 if(just_flush)\r
 {\r
  fclose(iptables_file);\r
  if (log_file) fclose(log_file);\r
  puts("Just flushed iptables and tc classes - now exiting ...");\r
  exit(0);\r
 }\r
\r
 if(!just_preview)\r
 {\r
  if(!dry_run && !nodelay && qos_free_delay)\r
  {\r
   printf("Flushed iptables and tc classes - now sleeping for %d seconds...\n",qos_free_delay);\r
   sleep(qos_free_delay);\r
  }\r
\r
  sprintf(str,"%s qdisc add dev %s root handle 1: htb r2q %d default 1",tc,lan,htb_r2q);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1: classid 1:2 htb rate %s ceil %s burst %dk prio %d",\r
               tc,lan,lan_medium,lan_medium,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1:2 classid 1:1 htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d",\r
                tc,lan,line,line,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str,"%s qdisc add dev %s root handle 1: htb r2q %d default 1",tc,wan,htb_r2q);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1: classid 1:2 htb rate %s ceil %s burst %dk prio %d",\r
               tc,wan,wan_medium,wan_medium,burst_main,highest_priority);\r
  safe_run(str);\r
\r
  sprintf(str, "%s class add dev %s parent 1:2 classid 1:1 htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d",\r
               tc,wan,up,up,burst_main,highest_priority);\r
  safe_run(str);\r
 }\r
\r
 /*-----------------------------------------------------------------*/\r
 puts("Locating heavy downloaders and generating root classes ...");\r
 /*-----------------------------------------------------------------*/\r
 sort(ip,ips,desc_order_by,traffic); \r
\r
 /*-----------------------------------------------------------------*/\r
 /* sub-scope - local variables */  \r
 {\r
  long long int rate=line;\r
  long long int max=line;\r
  int group_count=0;\r
  FILE *credit_file=NULL;\r
  \r
  if(!just_preview && !dry_run && enable_credit)\r
  {\r
   credit_file=fopen(credit,"w");\r
  }\r
    \r
  for_each(group,groups)\r
  {\r
   if(!just_preview)\r
   {\r
    //download\r
    sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d #down desired %d", \r
                 tc, lan, parent, group->id, rate, max, burst_group, highest_priority+1, group->desired);\r
    safe_run(str);\r
    \r
    //upload\r
    sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %Ldkbit ceil %Ldkbit burst %dk prio %d #up desired %d", \r
                 tc, wan, parent, group->id, rate*up/line, max*up/line, burst_group, highest_priority+1, group->desired);\r
    safe_run(str);\r
   }\r
   \r
   if(group_count++<max_nesting)\r
   {\r
    parent=group->id;\r
   }\r
   \r
   rate-=digital_divide*group->min;\r
   if(rate<group->min)\r
   {\r
    rate=group->min;\r
   }\r
    \r
   /*shaping of aggresive downloaders, with credit file support */\r
   if(use_credit)\r
   {\r
    int group_rate=group->min, priority_sequence=lowest_priority;\r
    \r
    for_selected(ip, ips, ip->min==group->min && ip->max>ip->min)\r
    {\r
     if( ip->keyword->data_limit && !ip->fixedprio &&\r
         ip->traffic>ip->credit+\r
         (ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20)) )\r
     {\r
      if(group_rate<ip->max)\r
      {\r
       ip->max=group_rate;\r
      }\r
      group_rate+=magic_treshold;\r
      ip->prio=lowest_priority;\r
      if(ip->prio<highest_priority+2)\r
      {\r
       ip->prio=highest_priority+2;\r
      }\r
     }\r
     else\r
     {\r
      if( ip->keyword->data_prio && !ip->fixedprio &&\r
          ip->traffic>ip->credit+\r
           (ip->min*ip->keyword->data_prio+(ip->keyword->fixed_prio<<20)) )\r
      {\r
       ip->prio=priority_sequence--;\r
       if(ip->prio<highest_priority+1)\r
       {\r
        ip->prio=highest_priority+1;\r
       }\r
      }\r
     \r
      if(credit_file)\r
      {\r
       unsigned long long lcredit=0;\r
       \r
       if((ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20))>ip->traffic)\r
       {\r
        lcredit=(ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20))-ip->traffic;\r
       }\r
       fprintf(credit_file,"%s %Lu\n",ip->addr,lcredit);\r
      }\r
     }\r
    }\r
        \r
   }\r
  }\r
  if(credit_file)\r
  {\r
   fclose(credit_file);\r
  }\r
 }\r
\r
 if(just_preview)\r
 {\r
  f=fopen(preview,"w");\r
  ptr=preview; \r
 }\r
 else if(!dry_run && !just_flush)\r
 {\r
  /*-----------------------------------------------------------------*/\r
  printf("Writing data transfer database ...\n");\r
  /*-----------------------------------------------------------------*/\r
  f=fopen("/var/run/prometheus.previous","w");\r
  if(f)\r
  {\r
   for_selected(ip,ips,ip->traffic || ip->direct || ip->proxy ||ip->upload)\r
    fprintf(f,"%s %Lu %Lu %Lu %Lu\n",ip->addr,ip->traffic,ip->direct,ip->proxy,ip->upload);\r
   fclose(f);\r
  }\r
\r
  f=fopen(html,"w");\r
  ptr=html;\r
 }\r
\r
 if(f)\r
 {\r
  int total=0;\r
  int count=1;\r
  i=0;\r
\r
  /*-----------------------------------------------------------------*/\r
  printf("Sorting data and generating statistics page %s ...\n",ptr);\r
  /*-----------------------------------------------------------------*/\r
\r
  fputs("<table border>\n<tr><th align=\"right\">#</th><th align=\"right\">group</th><th align=\"right\">IPs</th><th align=\"right\">requested</th>\n",f);\r
  fprintf(f,"<th colspan=\"%d\">data limits</th>\n",keywordcount);\r
  fputs("</tr>\n",f);\r
\r
  for_each(group,groups) \r
  { \r
#ifdef DEBUG\r
   printf("%d k group: %d bandwidth requested: %d k\n",group->min,group->count,group->desired);\r
#endif\r
   fprintf(f,"<tr><td align=\"right\">%d</td><td align=\"right\">%d k</td>",count,group->min);\r
   fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d k</td>",group->count,group->desired);\r
\r
   for_each(keyword,keywords)\r
   {\r
    fprintf(f,"<td align=\"right\"><font color=\"#%s\">%d M</font></td>",keyword->html_color,group->min*keyword->data_limit);\r
   }   \r
   i+=group->desired; \r
   total+=group->count;\r
   count++; \r
  }\r
#ifdef DEBUG\r
   printf("Total groups: %d Total bandwidth requested: %d k\nAGGREGATION: 1/%d\n",count,i,i/line);\r
#endif\r
   fprintf(f,"<tr><th colspan=\"2\" align=\"left\">Line %Ld k</td>",line);\r
   fprintf(f,"<th align=\"right\">%d</td><th align=\"right\">%d k</td>",total,i);\r
\r
   for_each(keyword,keywords)\r
   {\r
    fprintf(f,"<th align=\"right\">%d IPs</th>",keyword->ip_count);\r
   }\r
   fprintf(f,"</tr><tr><th colspan=\"4\">Aggregation 1/%d</th>\n",(int)(0.5+i/line));\r
   fprintf(f,"<th colspan=\"%d\">%d traffic classes</th></tr>\n",keywordcount,total);\r
\r
   fputs("</table>\n",f);\r
 }\r
 else if(!dry_run && !just_flush) \r
  perror(html);\r
\r
 i=1;\r
 if(f)\r
 {\r
  unsigned long long total=0, total_direct=0, total_proxy=0, total_upload=0, tmp_sum=0;\r
  int active_classes=0;\r
  int colspan;\r
  FILE *iplog;\r
  struct Sum {unsigned long long l; int i; list(Sum);} *sum,*sums=NULL;\r
\r
  colspan=11;\r
  if(qos_proxy)\r
  {\r
   colspan++;\r
  }\r
  if(found_lmsid)\r
  {\r
   colspan++;\r
  }\r
  \r
  fprintf(f,"<p><table border>\n<tr><th colspan=\"%d\">%s",colspan,title);\r
  fprintf(f," (%s)</th></tr>\n", d);\r
  fputs("<tr><td align=\"right\">#</td><td>hostname</td>",f);\r
  if(found_lmsid)\r
  {\r
   fputs("<td align=\"right\">lms</td>\n",f);\r
  }\r
  fputs("<td align=\"right\">credit</td>\\r
<td align=\"right\">limit</td>\\r
<td align=\"right\">total</td>\\r
<td align=\"right\">direct</td>\n",f);\r
  if(qos_proxy)\r
  {\r
   fputs("<td align=\"right\">proxy</td>\n",f);\r
  }\r
  fputs("<td align=\"right\">upload</td>\\r
<td align=\"right\">minimum</td>\\r
<td align=\"right\">desired</td>\\r
<td align=\"right\">maximum</td>\\r
<td>prio</td></tr>\n",f);	\r
\r
  for_each(ip,ips)\r
  {\r
   char *f1="", *f2="";\r
   if(ip->max<ip->desired)\r
   {\r
    f1="<font color=\"red\">";\r
    f2="</font>";\r
   }\r
   else if(ip->prio>highest_priority+1)\r
   {\r
    f1="<font color=\"brown\">";\r
    f2="</font>";\r
   }\r
\r
#ifdef DEBUG\r
   printf("%03d. %-22s %10Lu (%d/%d)\n",i ,ip->name, ip->traffic, ip->min, ip->max); \r
#endif\r
   fprintf(f,"<tr><td align=\"right\"><a name=\"%s\"></a>%d</td><td><a href=\"%s%s.log\">%s</a></td>\n", ip->name, i, log_url, ip->name, ip->name);\r
   if(found_lmsid)\r
   {\r
    fputs("<td align=\"right\">",f);\r
    if(ip->lmsid)\r
    {\r
     /*base URL will be configurable soon ... */\r
     fprintf(f,"<a href=\"https://hermes.spoje.net/?m=customerinfo&amp;id=%d\">%04d</a>\n", ip->lmsid, ip->lmsid);\r
    }\r
    fputs("</td>\n",f);    \r
   }\r
   fprintf(f,"<td align=\"right\">%Lu M</td>\n", ip->credit);\r
   fprintf(f,"<td align=\"right\"><font color=\"#%s\">%Lu M</font></td>",\r
             ip->keyword->html_color, ip->credit+(ip->min*ip->keyword->data_limit+(ip->keyword->fixed_limit<<20)));\r
   fprintf(f,"<td align=\"right\">%s%Lu M%s</td><td align=\"right\">%Lu M</td>\n", f1, ip->traffic, f2, ip->direct);\r
   if(qos_proxy)\r
   {\r
    fprintf(f,"<td align=\"right\">%Lu M</td>\n", ip->proxy);\r
   }\r
   fprintf(f,"<td align=\"right\">%Lu M</td>\n", ip->upload);\r
   fprintf(f,"<td align=\"right\">%d k</td><td align=\"right\">%d k</td><td align=\"right\">%s%d k%s</td><td>%s%d%s</td></tr>\n",\r
             ip->min,ip->desired,f1,ip->max,f2,f1,ip->prio,f2);\r
   total+=ip->traffic;\r
   total_direct+=ip->direct;\r
   total_proxy+=ip->proxy;\r
   total_upload+=ip->upload;\r
   if(ip->traffic>0)\r
   {\r
    active_classes++;\r
    tmp_sum+=ip->traffic;\r
    create(sum,Sum);\r
    sum->l=tmp_sum;\r
    sum->i=active_classes;\r
    insert(sum,sums,order_by,i);\r
   }\r
   \r
   i++;\r
   \r
   if(!just_preview)\r
   {\r
    sprintf(str,"%s/%s.log",log_dir,ip->name);\r
    iplog=fopen(str,"a");\r
    if(iplog)\r
    {\r
     fprintf(iplog,"%ld\t%s\t%Lu\t%Lu\t%Lu\t%Lu\t%d\t%d\t%d\t%d\t%s",\r
                    time(NULL),ip->name,ip->traffic,ip->direct,ip->proxy,ip->upload,ip->min,ip->max,ip->desired,ip->lmsid,d); /* d = date*/\r
     fclose(iplog);\r
    }\r
   }\r
\r
  }\r
  fprintf(f,"<tr><th colspan=\"%d\" align=\"left\">SUMMARY:</td>",colspan-7);\r
  fprintf(f,"<th align=\"right\">%Lu M</th>\\r
  <th align=\"right\">%Lu M</th>\n", total, total_direct);\r
  if(qos_proxy)\r
  {\r
   fprintf(f,"<th align=\"right\">%Lu M</th>\n", total_proxy);\r
  }\r
  fprintf(f,"<th align=\"right\">%Lu M</th>", total_upload);\r
  fputs("<td colspan=\"4\"></td></th>\n</table>\n",f);\r
\r
  if(active_classes>10)\r
  {\r
   fputs("<a name=\"erp\"></a><p><table border><tr><th colspan=\"5\">Enterprise Research and Planning (ERP)</th></tr>\n",f);\r
   fputs("<tr><td>Analytic category</td>\n",f);\r
   fputs("<td colspan=\"2\" align=\"center\">Active Classes</td><td colspan=\"2\" align=\"center\">Data transfers</td></tr>\n",f);\r
\r
   if_exists(sum,sums,sum->l>=total/4)\r
   {\r
    fprintf(f,"<tr><td>Top 25%% of traffic</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%Lu M</td><td align=\"right\">%Ld %%</td></tr>\n",sum->i,(100*sum->i+50)/active_classes,sum->l,(100*sum->l+50)/total);\r
   }\r
   \r
   if_exists(sum,sums,sum->i==10)\r
   {\r
    fprintf(f,"<tr><td>Top 10 downloaders</td>\n");\r
    fprintf(f,"<th align=\"right\">10</th><td align=\"right\">%d %%</td><td align=\"right\">%Lu M</td><td align=\"right\">%Ld %%</td></tr>\n",(100*sum->i+50)/active_classes,sum->l,(100*sum->l+50)/total);\r
   }\r
\r
   if_exists(sum,sums,sum->l>=total/2)\r
   {\r
    fprintf(f,"<tr><td>Top 50%% of traffic</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%Lu M</td><th align=\"right\">%Ld %%</th></tr>\n",sum->i,(100*sum->i+50)/active_classes,sum->l,(100*sum->l+50)/total);\r
   }\r
\r
   if_exists(sum,sums,sum->l>=4*total/5)\r
   {\r
    fprintf(f,"<tr><td>Top 80%% of traffic</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%Lu M</td><th align=\"right\">%Ld %%</th></tr>\n",sum->i,(100*sum->i+50)/active_classes,sum->l,(100*sum->l+50)/total);\r
   }\r
\r
   if_exists (sum,sums,sum->i>=(active_classes+1)/5)\r
   {\r
    fprintf(f,"<tr><td>Top 20%% downloaders</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><th align=\"right\">%d %%</th><td align=\"right\">%Lu M</td><td align=\"right\">%Ld %%</td></tr>\n",sum->i,(100*sum->i+50)/active_classes,sum->l,(100*sum->l+50)/total);\r
   }\r
\r
   if_exists(sum,sums,sum->i>=(active_classes+1)/4)\r
   {\r
    fprintf(f,"<tr><td>Top 25%% downloaders</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%Lu M</td><td align=\"right\">%Ld %%</td></tr>\n",sum->i,(100*sum->i+50)/active_classes,sum->l,(100*sum->l+50)/total);\r
   }\r
\r
   if_exists(sum,sums,sum->i>=(active_classes+1)/2)\r
   {\r
    fprintf(f,"<tr><td>Top 50%% downloaders</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><th align=\"right\">%d %%</th><td align=\"right\">%Lu M</td><td align=\"right\">%Ld %%</td></tr>\n",sum->i,(100*sum->i+50)/active_classes,sum->l,(100*sum->l+50)/total);\r
   }\r
\r
   if_exists(sum,sums,sum->i>=4*(active_classes+1)/5)\r
   {\r
    fprintf(f,"<tr><td>Top 80%% downloaders</td>\n");\r
    fprintf(f,"<td align=\"right\">%d</td><td align=\"right\">%d %%</td><td align=\"right\">%Lu M</td><td align=\"right\">%Ld %%</td></tr>\n",sum->i,(100*sum->i+50)/active_classes,sum->l,(100*sum->l+50)/total);\r
   }\r
\r
   fprintf(f,"<tr><td>All users, all traffic</td>\n");\r
   fprintf(f,"<th align=\"right\">%d</th><th align=\"right\">100 %%</th><th align=\"right\">%Lu M</th><th align=\"right\">100 %%</th></tr>\n",active_classes,total);\r
   fputs("</table>\n", f);\r
  }\r
  fprintf(f, stats_html_signature, version);\r
  fclose(f);\r
 }\r
\r
 if(just_preview)\r
 {\r
  puts("Statistics preview generated (-p switch) - now exiting ...");\r
  exit(0);\r
 }\r
  \r
 /*-----------------------------------------------------------------*/\r
 puts("Generating iptables and tc classes ...");\r
 /*-----------------------------------------------------------------*/\r
\r
 i=0;\r
 printf("%-22s %-15s mark\n","name","ip");\r
\r
 for_selected(ip,ips,ip->mark>0)\r
 { \r
  \r
  if(idxs)\r
  {\r
   char *buf;\r
   duplicate(ip->addr,buf);\r
   buf=hash_id(ip->addr,32-idxtable_bitmask1); \r
   \r
   string(chain_forward,6+strlen(buf));\r
   strcpy(chain_forward,"forw_");\r
   strcat(chain_forward,buf);\r
\r
   string(chain_postrouting,6+strlen(buf));\r
   strcpy(chain_postrouting,"post_");\r
   strcat(chain_postrouting,buf);\r
   \r
   free(buf);\r
  }\r
  else\r
  {\r
   chain_forward="FORWARD";\r
   chain_postrouting="POSTROUTING";\r
  }\r
\r
  printf("%-22s %-16s %04d ", ip->name, ip->addr, ip->mark); \r
\r
  /* -------------------------------------------------------- mark download */\r
  \r
  sprintf(str,"-A %s -d %s/32 -o %s -j %s%d",chain_postrouting,ip->addr,lan,mark_iptables,ip->mark);\r
  /*sprintf(str,"-A %s -d %s/32 -o %s -j MARK --set-mark %d",chain_postrouting,ip->addr,lan,ip->mark);*/\r
  /* -m limit --limit 1/s */  \r
  save_line(str);\r
\r
  if(qos_proxy)\r
  {\r
   sprintf(str,"-A %s -s %s -p tcp --sport %d -d %s/32 -o %s -j %s%d",chain_postrouting,proxy_ip,proxy_port,ip->addr,lan,mark_iptables,ip->mark);\r
   /*sprintf(str,"-A %s -s %s -p tcp --sport %d -d %s/32 -o %s -j MARK --set-mark %d",chain_postrouting,proxy_ip,proxy_port,ip->addr,lan,ip->mark);*/\r
   save_line(str);\r
  }\r
\r
  sprintf(str,"-A %s -d %s/32 -o %s -j ACCEPT",chain_postrouting,ip->addr,lan);\r
  save_line(str);\r
\r
  /* -------------------------------------------------------- mark upload */\r
  sprintf(str,"-A %s -s %s/32 -o %s -j %s%d",chain_forward,ip->addr,wan,mark_iptables,ip->mark);\r
  /*  sprintf(str,"-A %s -s %s/32 -o %s -j MARK --set-mark %d",chain_forward,ip->addr,wan,ip->mark);*/\r
  save_line(str);\r
\r
  sprintf(str,"-A %s -s %s/32 -o %s -j ACCEPT",chain_forward,ip->addr,wan);\r
  save_line(str);\r
\r
  if(ip->min)\r
  {\r
   /* -------------------------------------------------------- download class */\r
   printf("(down: %dk-%dk ", ip->min, ip->max); \r
\r
   sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d", tc, lan, ip->group, ip->mark,ip->min,ip->max, burst, ip->prio);\r
   safe_run(str);\r
\r
   if (strcmpi(ip->keyword->leaf_discipline, "none"))\r
   {\r
     sprintf(str,"%s qdisc add dev %s parent 1:%d handle %d %s", tc, lan, ip->mark, ip->mark, ip->keyword->leaf_discipline); /*qos_leaf*/\r
     safe_run(str);\r
   }   \r
   if (filter_type == 1)\r
   {\r
     sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d", tc, lan, ip->mark, ip->mark);\r
     safe_run(str);\r
   }\r
\r
   /* -------------------------------------------------------- upload class */\r
   printf("up: %dk-%dk)\n", (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), \r
                            (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed));\r
\r
   sprintf(str,"%s class add dev %s parent 1:%d classid 1:%d htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc, wan, ip->group, ip->mark,\r
                (int)((ip->min/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed),\r
                (int)((ip->max/ip->keyword->asymetry_ratio)-ip->keyword->asymetry_fixed), burst, ip->prio);\r
   safe_run(str);\r
   \r
   if (strcmpi(ip->keyword->leaf_discipline, "none"))\r
   {\r
     sprintf(str,"%s qdisc add dev %s parent 1:%d handle %d %s",tc, wan, ip->mark, ip->mark, ip->keyword->leaf_discipline); /*qos_leaf*/\r
     safe_run(str);\r
   }   \r
   if (filter_type == 1)\r
   {\r
     sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle %d fw flowid 1:%d",tc, wan, ip->mark, ip->mark);\r
     safe_run(str);\r
   }\r
  }\r
  else\r
   printf("(sharing %s)\n", ip->sharing);\r
  i++;\r
 }\r
\r
 if(idxs)\r
 {\r
   chain_forward = "forw_common";\r
   chain_postrouting = "post_common";\r
 }\r
 else\r
 {\r
   chain_forward = "FORWARD";\r
   chain_postrouting = "POSTROUTING";\r
 }\r
 /* -------------------------------- classify or reject free download */\r
 {\r
   char *final_chain = "DROP"; /* REJECT would be better, but it is impossible in mangle */\r
   if(free_min) final_chain = "ACCEPT";\r
   if(qos_proxy)\r
   {\r
     if(free_min)\r
     {\r
       sprintf(str,"-A %s -s %s -p tcp --sport %d -o %s -j %s%d",chain_postrouting,proxy_ip,proxy_port,lan,mark_iptables,3);\r
       save_line(str);\r
     }\r
     sprintf(str,"-A %s -s %s -p tcp --sport %d -o %s -j %s",chain_postrouting,proxy_ip,proxy_port,lan,final_chain);\r
     save_line(str);\r
   }\r
   if(free_min)\r
   {\r
     sprintf(str,"-A %s -o %s -j %s%d",chain_postrouting,lan,mark_iptables,3);\r
     save_line(str);\r
   }\r
   sprintf(str,"-A %s -o %s -j %s",chain_postrouting,lan,final_chain);\r
   save_line(str);\r
   /* ------------------------------- classify or reject free  upload */\r
   if(free_min)\r
   {\r
     sprintf(str,"-A %s -o %s -j %s%d",chain_forward,wan,mark_iptables,3);\r
     save_line(str);\r
   }\r
   sprintf(str,"-A %s -o %s -j %s",chain_forward,wan,final_chain);\r
   save_line(str);\r
 }\r
\r
 if(free_min) /* allocate free bandwith if it is not zero... */ \r
 {\r
   /*-----------------------------------------------------------------*/\r
   puts("Generating free bandwith classes ...");\r
   /*-----------------------------------------------------------------*/\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:3 htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc,lan,parent,free_min,free_max,burst,lowest_priority);\r
   safe_run(str);\r
   sprintf(str, "%s class add dev %s parent 1:%d classid 1:3 htb rate %dkbit ceil %dkbit burst %dk prio %d",\r
                tc,wan,parent,free_min,free_max,burst,lowest_priority);\r
   safe_run(str);\r
   /* tc SFQ */\r
   if (strcmpi(qos_leaf, "none"))\r
   {\r
     sprintf(str,"%s qdisc add dev %s parent 1:3 handle 3 %s",tc,lan,qos_leaf);\r
     safe_run(str);\r
   \r
     sprintf(str,"%s qdisc add dev %s parent 1:3 handle 3 %s",tc,wan,qos_leaf);\r
     safe_run(str);\r
   }   \r
   /* tc handle 1 fw flowid */\r
   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle 3 fw flowid 1:3",tc,lan);\r
   safe_run(str);\r
\r
   sprintf(str,"%s filter add dev %s parent 1:0 protocol ip handle 3 fw flowid 1:3",tc,wan);\r
   safe_run(str);\r
 }\r
 printf("Total IP count: %d\n", i);\r
 run_restore(); \r
 if (log_file) fclose(log_file);\r
 return 0;\r
 /* that's all folks, thank you for reading it all the way up to this point ;-) */\r
 /* bad luck C<<1 is not yet finished, I promise no sprintf() next time... */\r
}\r